research-article

Limitations on observability of effects in cyber-physical systems

Authors:

Suresh K. Damodaran,

Paul D. RoweAuthors Info & Claims

HotSoS '19: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security

Article No.: 2, Pages 1 - 10

https://doi.org/10.1145/3314058.3314065

Published: 01 April 2019 Publication History

Abstract

Increased interconnectivity of Cyber-Physical Systems, by design or otherwise, increases the cyber attack surface and attack vectors. Observing the effects of these attacks is helpful in detecting them. In this paper, we show that many attacks on such systems result in a control loop effect we term Process Model Inconsistency (PMI). Our formal approach elucidates the relationships among incompleteness, incorrectness, safety, and inconsistency of process models. We show that incomplete process models lead to inconsistency. Surprisingly, inconsistency may arise even in complete and correct models. We illustrate our approach through an Automated Teller Machine (ATM) example, and describe the practical implications of the theoretical results.

References

[1]

Bowen Alpern and Fred B Schneider. 1987. Recognizing safety and liveness. Distributed computing 2, 3 (1987), 117--126.

Digital Library

[2]

Yosef Ashibani and Qusay H Mahmoud. 2017. Cyber physical systems security: Analysis, challenges and solutions. Computers & Security 68 (2017), 81--97.

Digital Library

[3]

Ozalp Babaoglu and Keith Marzullo. 1993. Consistent global states of distributed systems: Fundamental concepts and mechanisms. Distributed Systems 53 (1993).

Digital Library

[4]

Alvaro A Cárdenas, Saurabh Amin, Zong-Syun Lin, Yu-Lun Huang, Chi-Yen Huang, and Shankar Sastry. 2011. Attacks against process control systems: risk assessment, detection, and response. In Proceedings of the 6th ACM symposium on information, computer and communications security. ACM, 355--366.

Digital Library

[5]

Alvaro A Cardenas, Saurabh Amin, and Shankar Sastry. 2008. Secure control: Towards survivable cyber-physical systems. In Distributed Computing Systems Workshops, 2008. ICDCS'08. 28th International Conference on. IEEE, 495--500.

Digital Library

[6]

Erdal Cayirci and Reyhaneh Ghergherehchi. 2011. Modeling cyber attacks and their effects on decision process. In Proceedings of the Winter Simulation Conference. Winter Simulation Conference, 2632--2641.

Digital Library

[7]

David D Clark and David R Wilson. 1987. A comparison of commercial and military computer security policies. In 1987 IEEE Symposium on Security and Privacy. IEEE, 184--184.

[8]

Robert Cooper and Keith Marzullo. 1991. Consistent detection of global predicates. In ACM/ONR Workshop on Parallel and Distributed Debugging. ACM, 163--173.

Digital Library

[9]

Suresh K. Damodaran and Jerry M. Couretas. 2015. Cyber Modeling & Simulation for Cyber-range Events. In Proceedings of the Conference on Summer Computer Simulation (SummerSim '15). San Diego, CA, USA, 1--8.

[10]

Adam Hahn, Roshan K Thomas, Ivan Lozano, and Alvaro Cardenas. 2015. A multi-layered and kill-chain based security analysis framework for cyber-physical systems. International Journal of Critical Infrastructure Protection 11 (2015), 39--50.

Digital Library

[11]

Song Han, Miao Xie, Hsiao-Hwa Chen, and Yun Ling. 2014. Intrusion detection in cyber-physical systems: Techniques and challenges. IEEE Systems Journal 8, 4 (2014), 1052--1062.

[12]

Thomas A Henzinger. 2000. The theory of hybrid automata. In Verification of Digital and Hybrid Systems. Springer, 265--292.

[13]

Yu-Lun Huang, Alvaro A Cárdenas, Saurabh Amin, Zong-Syun Lin, Hsin-Yi Tsai, and Shankar Sastry. 2009. Understanding the physical and economic consequences of attacks on control systems. International Journal of Critical Infrastructure Protection 2, 3 (2009), 73--83.

[14]

Ikhwan Mohammad Iqbal, Dieky Adzkiya, and Imam Mukhlash. 2017. Formal verification of automated teller machine systems using SPIN. In AIP Conference Proceedings, Vol. 1867. AIP Publishing, 020045.

[15]

Marina Krotofil and Alvaro A Cárdenas. 2013. Resilience of process control systems to cyber-physical attacks. In Nordic Conference on Secure IT Systems. Springer, 166--182.

Digital Library

[16]

Edward A Lee. 2008. Cyber physical systems: Design challenges. In Object Oriented Real-Time Distributed Computing (ISORC), 2008 11th IEEE International Symposium on. IEEE, 363--369.

Digital Library

[17]

Nancy Leveson. 2011. Engineering a safer world: Systems thinking applied to safety. MIT Press.

[18]

Nancy Leveson and John Thomas. 2013. An STPA primer. Cambridge, MA (2013).

[19]

Shi-Wan Lin, B Miller, J Durand, R Joshi, P Didier, A Chigani, R Torenbeek, D Duggal, R Martin, G Bleakley, et al. 2015. Industrial internet reference architecture. Industrial Internet Consortium (IIC), Tech. Rep (2015).

[20]

Henry Marshall, MAJ. Jerry R. Mize, CPT. Michael Hooper, Robert Wells, and Jeff Truong. 2015. Cyber Operations Battlefield Web Services (COBWebS) - Concept for a Tactical Cyber Warfare Effect Training Prototype. In SIW. Simulation Interoperability and Standards Organization (SISO), Orlando, FL, USA.

[21]

Robert Mitchell and Ray Chen. 2016. Modeling and analysis of attacks and counter defense mechanisms for cyber physical systems. IEEE Transactions on Reliability 65, 1 (2016), 350--358.

[22]

Arash Nourian and Stuart Madnick. 2015. A systems theoretic approach to the security threats in cyber physical systems applied to stuxnet. IEEE Transactions on Dependable and Secure Computing (2015).

[23]

David Ormrod, Benjamin Turnbull, and Kent O'Sullivan. 2015. System of systems cyber effects simulation ontology. In Winter Simulation Conference (WSC), 2015. IEEE, 2475--2486.

Digital Library

[24]

Miroslav Pajic, Insup Lee, and George J Pappas. 2017. Attack-resilient state estimation for noisy dynamical systems. IEEE Transactions on Control of Network Systems 4, 1 (2017), 82--92.

[25]

Steffen Priesterjahn, Maik Anderka, Timo Klerx, and Uwe Mönks. 2015. Generalized ATM fraud detection. In Industrial Conference on Data Mining. Springer, 166--181.

[26]

Akshay Rajhans, Ajinkya Bhave, Ivan Ruchkin, Bruce H Krogh, David Garlan, André Platzer, and Bradley Schmerl. 2014. Supporting heterogeneity in cyber-physical systems architectures. IEEE Trans. Automat. Control 59, 12 (2014), 3178--3193.

[27]

Jean-François Raskin. 2005. An introduction to hybrid automata. Handbook of networked and embedded control systems (2005), 491--517.

[28]

Bernd Redecker. {n. d.}. What Recent Jackpotting Attacks Can Teach Us. https://blog.dieboldnixdorf.com/what-recent-jackpotting-attacks-can-teach-us/. Accessed: 2018-12-15.

[29]

Dean C Wardell, Robert F Mills, Gilbert L Peterson, and Mark E Oxley. 2016. A method for revealing and addressing security vulnerabilities in cyber-physical systems by modeling malicious agent interactions with formal verification. Procedia computer science 95 (2016), 24--31.

[30]

William Young and Nancy G Leveson. 2014. An integrated approach to safety and security based on systems theory. Commun. ACM 57, 2 (2014), 31--35.

Digital Library

[31]

Bernard P. Zeigler, Tag Gon Kim, and Herbert Praehofer. 2000. Theory of Modeling and Simulation (2nd ed.). Academic Press, Inc., Orlando, FL, USA.

Cited By

Hong AMalinovsky PDamodaran S(2023)Towards Attack Detection in Multimodal Cyber-Physical Systems with Sticky HDP-HMM based Time Series AnalysisDigital Threats: Research and Practice10.1145/36044345:1(1-21)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3604434
Roque ADamodaran S(2022)Explainable AI for Security of Human-Interactive RobotsInternational Journal of Human–Computer Interaction10.1080/10447318.2022.206624638:18-20(1789-1807)Online publication date: 1-Jun-2022
https://doi.org/10.1080/10447318.2022.2066246
Roque ALin MDamodaran S(2022)Cybersafety Analysis of a Natural Language User Interface for a Consumer Robotic SystemComputer Security. ESORICS 2021 International Workshops10.1007/978-3-030-95484-0_7(107-121)Online publication date: 8-Feb-2022
https://doi.org/10.1007/978-3-030-95484-0_7
Show More Cited By

Index Terms

Limitations on observability of effects in cyber-physical systems
1. Security and privacy
  1. Formal methods and theory of security
    1. Formal security models
  2. Security in hardware
    1. Embedded systems security

Recommendations

Modeling cyber effects in cyber-physical systems with DEVS
TMS/DEVS '17: Proceedings of the Symposium on Theory of Modeling & Simulation

Increased interconnectivity of Cyber-Physical Systems, by design or otherwise, increases the cyber attack surface and attack vectors. It is not always desirable to do cyber risk assessment of such interconnected systems by cyber attacks on the entire ...
Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights
- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
Abstract
Cyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...
A Taxonomy of Cyber Attacks on SCADA Systems
ITHINGSCPSCOM '11: Proceedings of the 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing

Supervisory Control and Data Acquisition(SCADA) systems are deeply ingrained in the fabric of critical infrastructure sectors. These computerized real-time process control systems, over geographically dispersed continuous distribution operations, are ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

HotSoS '19: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security

April 2019

149 pages

ISBN:9781450371476

DOI:10.1145/3314058

General Chair:
Xenofon Koutsoukos
Vanderbilt University
,
Program Chairs:
Alvaro A. Cardenas
University of California Santa Cruz
,
Ehab Al-Shaer
University of North Carolina Charlotte

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

National Security Agency: National Security Agency

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 April 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

HotSoS

Sponsor:

National Security Agency

HotSoS: Hot Topics in the Science of Security Symposium

April 1 - 3, 2019

Tennessee, Nashville, USA

Acceptance Rates

Overall Acceptance Rate 34 of 60 submissions, 57%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
115
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hong AMalinovsky PDamodaran S(2023)Towards Attack Detection in Multimodal Cyber-Physical Systems with Sticky HDP-HMM based Time Series AnalysisDigital Threats: Research and Practice10.1145/36044345:1(1-21)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3604434
Roque ADamodaran S(2022)Explainable AI for Security of Human-Interactive RobotsInternational Journal of Human–Computer Interaction10.1080/10447318.2022.206624638:18-20(1789-1807)Online publication date: 1-Jun-2022
https://doi.org/10.1080/10447318.2022.2066246
Roque ALin MDamodaran S(2022)Cybersafety Analysis of a Natural Language User Interface for a Consumer Robotic SystemComputer Security. ESORICS 2021 International Workshops10.1007/978-3-030-95484-0_7(107-121)Online publication date: 8-Feb-2022
https://doi.org/10.1007/978-3-030-95484-0_7
Samara GHussein AMatarneh IAlrefai MAl-Safarini M(2021)Internet of Robotic Things: Current Technologies and Applications2021 22nd International Arab Conference on Information Technology (ACIT)10.1109/ACIT53391.2021.9677407(1-6)Online publication date: 21-Dec-2021
https://doi.org/10.1109/ACIT53391.2021.9677407
Tan SGuerrero JXie PHan RVasquez J(2020)Brief Survey on Attack Detection Methods for Cyber-Physical SystemsIEEE Systems Journal10.1109/JSYST.2020.299125814:4(5329-5339)Online publication date: Dec-2020
https://doi.org/10.1109/JSYST.2020.2991258
Li NLiu KChen ZJiao W(2020)Environmental-Perception Modeling and Reference Architecture for Cyber Physical SystemsIEEE Access10.1109/ACCESS.2020.30343908(200322-200337)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3034390

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten