Determining tolerable attack surfaces that preserves safety of cyber-physical systems

Carmen Cheh, Ahmed Fawaz, Mohammad A. Noureddine, Binbin Chen, William G. Temple, William H Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As safety-critical systems become increasingly interconnected, a system's operations depend on the reliability and security of the computing components and the interconnections among them. Therefore, a growing body of research seeks to tie safety analysis to security analysis. Specifically, it is important to analyze system safety under different attacker models. In this paper, we develop generic parameterizable state automaton templates to model the effects of an attack. Then, given an attacker model, we generate a state automaton that represents the system operation under the threat of the attacker model. We use a railway signaling system as our case study and consider threats to the communication protocol and the commands issued to physical devices. Our results show that while less skilled attackers are not able to violate system safety, more dedicated and skilled attackers can affect system safety. We also consider several countermeasures and show how well they can deter attacks.

Original languageEnglish (US)
Title of host publicationProceedings - 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing, PRDC 2018
PublisherIEEE Computer Society
Pages125-134
Number of pages10
ISBN (Electronic)9781538657003
DOIs
StatePublished - Feb 11 2019
Externally publishedYes
Event23rd IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2018 - Taipei, Taiwan, Province of China
Duration: Dec 4 2018Dec 7 2018

Publication series

NameProceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC
Volume2018-December
ISSN (Print)1541-0110

Conference

Conference23rd IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2018
CountryTaiwan, Province of China
CityTaipei
Period12/4/1812/7/18

Fingerprint

Security systems
Network protocols
Cyber Physical System

Keywords

  • Attacker model
  • Cyber-physical system
  • Formal verification
  • Safety analysis
  • Timed automata

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Science Applications
  • Hardware and Architecture
  • Software

Cite this

Cheh, C., Fawaz, A., Noureddine, M. A., Chen, B., Temple, W. G., & Sanders, W. H. (2019). Determining tolerable attack surfaces that preserves safety of cyber-physical systems. In Proceedings - 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing, PRDC 2018 (pp. 125-134). [8639695] (Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC; Vol. 2018-December). IEEE Computer Society. https://doi.org/10.1109/PRDC.2018.00023

Determining tolerable attack surfaces that preserves safety of cyber-physical systems. / Cheh, Carmen; Fawaz, Ahmed; Noureddine, Mohammad A.; Chen, Binbin; Temple, William G.; Sanders, William H.

Proceedings - 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing, PRDC 2018. IEEE Computer Society, 2019. p. 125-134 8639695 (Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC; Vol. 2018-December).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Cheh, C, Fawaz, A, Noureddine, MA, Chen, B, Temple, WG & Sanders, WH 2019, Determining tolerable attack surfaces that preserves safety of cyber-physical systems. in Proceedings - 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing, PRDC 2018., 8639695, Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC, vol. 2018-December, IEEE Computer Society, pp. 125-134, 23rd IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2018, Taipei, Taiwan, Province of China, 12/4/18. https://doi.org/10.1109/PRDC.2018.00023
Cheh C, Fawaz A, Noureddine MA, Chen B, Temple WG, Sanders WH. Determining tolerable attack surfaces that preserves safety of cyber-physical systems. In Proceedings - 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing, PRDC 2018. IEEE Computer Society. 2019. p. 125-134. 8639695. (Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC). https://doi.org/10.1109/PRDC.2018.00023
Cheh, Carmen ; Fawaz, Ahmed ; Noureddine, Mohammad A. ; Chen, Binbin ; Temple, William G. ; Sanders, William H. / Determining tolerable attack surfaces that preserves safety of cyber-physical systems. Proceedings - 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing, PRDC 2018. IEEE Computer Society, 2019. pp. 125-134 (Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC).
@inproceedings{7c5b43a5e249497cbc7fe2601bc8f90a,
title = "Determining tolerable attack surfaces that preserves safety of cyber-physical systems",
abstract = "As safety-critical systems become increasingly interconnected, a system's operations depend on the reliability and security of the computing components and the interconnections among them. Therefore, a growing body of research seeks to tie safety analysis to security analysis. Specifically, it is important to analyze system safety under different attacker models. In this paper, we develop generic parameterizable state automaton templates to model the effects of an attack. Then, given an attacker model, we generate a state automaton that represents the system operation under the threat of the attacker model. We use a railway signaling system as our case study and consider threats to the communication protocol and the commands issued to physical devices. Our results show that while less skilled attackers are not able to violate system safety, more dedicated and skilled attackers can affect system safety. We also consider several countermeasures and show how well they can deter attacks.",
keywords = "Attacker model, Cyber-physical system, Formal verification, Safety analysis, Timed automata",
author = "Carmen Cheh and Ahmed Fawaz and Noureddine, {Mohammad A.} and Binbin Chen and Temple, {William G.} and Sanders, {William H}",
year = "2019",
month = "2",
day = "11",
doi = "10.1109/PRDC.2018.00023",
language = "English (US)",
series = "Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC",
publisher = "IEEE Computer Society",
pages = "125--134",
booktitle = "Proceedings - 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing, PRDC 2018",

}

TY - GEN

T1 - Determining tolerable attack surfaces that preserves safety of cyber-physical systems

AU - Cheh, Carmen

AU - Fawaz, Ahmed

AU - Noureddine, Mohammad A.

AU - Chen, Binbin

AU - Temple, William G.

AU - Sanders, William H

PY - 2019/2/11

Y1 - 2019/2/11

N2 - As safety-critical systems become increasingly interconnected, a system's operations depend on the reliability and security of the computing components and the interconnections among them. Therefore, a growing body of research seeks to tie safety analysis to security analysis. Specifically, it is important to analyze system safety under different attacker models. In this paper, we develop generic parameterizable state automaton templates to model the effects of an attack. Then, given an attacker model, we generate a state automaton that represents the system operation under the threat of the attacker model. We use a railway signaling system as our case study and consider threats to the communication protocol and the commands issued to physical devices. Our results show that while less skilled attackers are not able to violate system safety, more dedicated and skilled attackers can affect system safety. We also consider several countermeasures and show how well they can deter attacks.

AB - As safety-critical systems become increasingly interconnected, a system's operations depend on the reliability and security of the computing components and the interconnections among them. Therefore, a growing body of research seeks to tie safety analysis to security analysis. Specifically, it is important to analyze system safety under different attacker models. In this paper, we develop generic parameterizable state automaton templates to model the effects of an attack. Then, given an attacker model, we generate a state automaton that represents the system operation under the threat of the attacker model. We use a railway signaling system as our case study and consider threats to the communication protocol and the commands issued to physical devices. Our results show that while less skilled attackers are not able to violate system safety, more dedicated and skilled attackers can affect system safety. We also consider several countermeasures and show how well they can deter attacks.

KW - Attacker model

KW - Cyber-physical system

KW - Formal verification

KW - Safety analysis

KW - Timed automata

UR - http://www.scopus.com/inward/record.url?scp=85062890280&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85062890280&partnerID=8YFLogxK

U2 - 10.1109/PRDC.2018.00023

DO - 10.1109/PRDC.2018.00023

M3 - Conference contribution

AN - SCOPUS:85062890280

T3 - Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC

SP - 125

EP - 134

BT - Proceedings - 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing, PRDC 2018

PB - IEEE Computer Society

ER -