Data-Driven Vulnerability Exploration for Design Phase System Analysis

Bakirtzis, Georgios; Simon, Brandon; Collins, Aidan; Fleming, Craig; Elks, Carl

doi:10.1109/jsyst.2019.2940145

Cited by 22 publications

(10 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are cases where the behavioral interpretation of the system is not sufficient to examine certain properties about a system. One such case is security, where one approach to finding vulnerabilities is to traverse a graph of the expected or implemented system architecture [19]. However, those approaches are static and often are behaviorally unaware, meaning that there is no way to know what behavior is being affected by a particular successful exploit.…”

Section: Vertical Decompositionmentioning

confidence: 99%

Compositional Cyber-Physical Systems Modeling

Bakirtzis

Vasilakopoulou

Fleming

2021

Electron. Proc. Theor. Comput. Sci.

Self Cite

View full text Add to dashboard Cite

Engineering safe and secure cyber-physical systems requires system engineers to develop and maintain a number of model views, both dynamic and static, which can be seen as algebras. We posit that verifying the composition of requirement, behavioral, and architectural models using category theory gives rise to a strictly compositional interpretation of cyber-physical systems theory, which can assist in the modeling and analysis of safety-critical cyber-physical systems. APPLIED COMPOSITIONAL THINKINGLee [2], among others, recognized early in the development of the field of cyber-physical systems that there is a need for developing competing methods to hybrid systems and process algebras. While this is true, an important observation is that both these formalisms form algebras. In fact, the design of cyber-physical systems involves the study of different algebras (Figure 1).There is significant research in developing these individual algebras and implementing composition within a particular algebra. However, there is still an open problem about how to relate those paradigms that in practice represent individual models and to examine the behavior of the system as a whole must be composed too. Compositional cyber-physical systems theory [3], [4] uses category theory to transform data from one algebra to another and to ultimately relate them formally, such that we can compose across domains. This provides one solution to the open problem of composition between formal methods and their corresponding model views in cyberphysical system design [5], [6].Recently all these three areas of control [10], contracts [4], and co-design [11, chapter 4] have been described, generalized, and unified with fun-

show abstract

Section: Vertical Decompositionmentioning

confidence: 99%

Compositional Cyber-Physical Systems Modeling

Bakirtzis

Vasilakopoulou

Fleming

2021

Electron. Proc. Theor. Comput. Sci.

Self Cite

View full text Add to dashboard Cite

show abstract

“…For example, a graph database could be populated with entities representing nodes in the graph and entity relationships representing the edges of the graph. One application of this transformation would be to automatically propagate security violation over the hierarchy of the model after doing model-based security assessment [8]. Another could be using standard data filtering and processing tools on the model to find particular subsystem entities, which is a significant capability in larger system models found in industry.…”

Section: Algorithmic Implementationmentioning

confidence: 99%

“…They are often significantly more comprehensive than the one shown here, and decision trees often augment the findings about the results of a possible exploit or a justification for a defensive mechanism. We have done comprehensive analyses of this form in other systems such as a UAV [7,8] and also a larger attack vector analysis for the pipeline example presented here [52].…”

Section: Vulnerability Assessmentmentioning

confidence: 99%

An ontological metamodel for cyber-physical system safety, security, and resilience coengineering

et al. 2021

Self Cite

View full text Add to dashboard Cite

Cyber-physical systems are complex systems that require the integration of diverse software, firmware, and hardware to be practical and useful. This increased complexity is impacting the management of models necessary for designing cyber-physical systems that are able to take into account a number of “-ilities”, such that they are safe and secure and ultimately resilient to disruption of service. We propose an ontological metamodel for system design that augments an already existing industry metamodel to capture the relationships between various model elements (requirements, interfaces, physical, and functional) and safety, security, and resilient considerations. Employing this metamodel leads to more cohesive and structured modeling efforts with an overall increase in scalability, usability, and unification of already existing models. In turn, this leads to a mission-oriented perspective in designing security defenses and resilience mechanisms to combat undesirable behaviors. We illustrate this metamodel in an open-source GraphQL implementation, which can interface with a number of modeling languages. We support our proposed metamodel with a detailed demonstration using an oil and gas pipeline model.

show abstract

“…By adding extra keywords to the model, the S-graph is now able to associate with attack vector databases like CAPEC and CWE. 17 This additional information in the S-graph assists in semiautomating the process of finding possible exploits as well as constructing the attack surface by locating attacks on the entry point of a given subsystem. Tools and visualization methods using natural language processing can be used to aid this process.…”

Section: Threat Modelingmentioning

confidence: 99%