skip to main content
research-article

A Formal Approach to Physics-based Attacks in Cyber-physical Systems

Published:05 February 2020Publication History
Skip Abstract Section

Abstract

We apply formal methods to lay and streamline theoretical foundations to reason about Cyber-Physical Systems (CPSs) and physics-based attacks, i.e., attacks targeting physical devices. We focus on a formal treatment of both integrity and denial of service attacks to sensors and actuators of CPSs, and on the timing aspects of these attacks. Our contributions are fourfold. (1) We define a hybrid process calculus to model both CPSs and physics-based attacks. (2) We formalise a threat model that specifies MITM attacks that can manipulate sensor readings or control commands to drive a CPS into an undesired state; we group these attacks into classes and provide the means to assess attack tolerance/vulnerability with respect to a given class of attacks, based on a proper notion of most powerful physics-based attack. (3) We formalise how to estimate the impact of a successful attack on a CPS and investigate possible quantifications of the success chances of an attack. (4) We illustrate our definitions and results by formalising a non-trivial running example in UPPAAL SMC, the statistical extension of the UPPAAL model checker; we use UPPAAL SMC as an automatic tool for carrying out a static security analysis of our running example in isolation and when exposed to three different physics-based attacks with different impacts.

References

  1. Ravi Akella, Han Tang, and Bruce M. McMillin. 2010. Analysis of information flow security in cyber-physical systems. Int. J. Crit. Infrast. Prot. 3, 3–4 (2010), 157--173. DOI:https://doi.org/10.1016/j.ijcip.2010.09.001Google ScholarGoogle ScholarCross RefCross Ref
  2. Rasim Alguliyev, Yadigar Imamverdiyev, and Lyudmila Sukhostat. 2018. Cyber-physical systems and their security issues. Comput. Indust. 100 (2018), 212--223. DOI:https://doi.org/10.1016/j.compind.2018.04.017Google ScholarGoogle ScholarCross RefCross Ref
  3. Rajeev Alur, Costas Courcoubetis, Nicolas Halbwachs, Thomas A. Henzinger, Pei-Hsin Ho, Xavier Nicollin, Alfredo Olivero, Joseph Sifakis, and Sergio Yovine. 1995. The algorithmic analysis of hybrid systems. Theoret. Comput. Sci. 138, 1 (1995), 3--34. DOI:https://doi.org/10.1016/0304-3975(94)00202-TGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  4. Ezio Bartocci, Jyotirmoy Deshmukh, Alexandre Donzé, Georgios Fainekos, Oded Maler, Dejan Ničković, and Sriram Sankaranarayanan. 2018. Specification-based monitoring of cyber-physical systems: A survey on theory, tools, and applications. In Lectures on Runtime Verification—Introductory and Advanced Topics. Springer, 135--175. DOI:https://doi.org/10.1007/978-3-319-75632-5_5Google ScholarGoogle Scholar
  5. Gerd Behrmann, Alexandre David, and Kim G. Larsen. 2004. A tutorial on Uppaal. In Formal Methods for the Design of Real-Time Systems (SFM-RT’04) (Lecture Notes in Computer Science), Vol. 3185. Springer, 200--236. DOI:https://doi.org/10.1007/978-3-540-30080-9_7Google ScholarGoogle Scholar
  6. Gerd Behrmann, Alexandre David, Kim G. Larsen, John Håkansson, Paul Pettersson, Wang Yi, and Martijn Hendriks. 2006. UPPAAL 4.0. In Quantitative Evaluation of Systems. IEEE Computer Society, 125--126. DOI:https://doi.org/10.1109/QEST.2006.59Google ScholarGoogle Scholar
  7. Jan A. Bergstra and Cornelius A. Middelburg. 2005. Process algebra for hybrid systems. Theoret. Comput. Sci. 335, 2--3 (2005), 215--280. DOI:https://doi.org/10.1016/j.tcs.2004.04.019Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Chiara Bodei, Stefano Chessa, and Letterio Galletta. 2019. Measuring security in IoT communications. Theoret. Comput. Sci. (2019), 100--124. DOI:https://doi.org/10.1016/j.tcs.2018.12.002Google ScholarGoogle Scholar
  9. Chiara Bodei, Pierpaolo Degano, Gian-Luigi Ferrari, and Letterio Galletta. 2019. Tracing where IoT data are collected and aggregated. Log. Meth. Comput. Sci. 13, 3:5 (2019), 1--38. DOI:https://doi.org/10.23638/LMCS-13(3:5)2017Google ScholarGoogle Scholar
  10. Brandon Bohrer and André Platzer. 2018. A hybrid, dynamic logic for hybrid-dynamic information flow. In Proceedings of the ACM/IEEE Symposium on Logic in Computer Science. ACM, 115--124. DOI:https://doi.org/10.1145/3209108.3209151Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Mike Burmester, Emmanouil Magkos, and Vassilis Chrissikopoulos. 2012. Modeling security in cyber-physical systems. Int. J. Crit. Infrast. Prot. 5, 3--4 (2012), 118--126. DOI:https://doi.org/10.1016/j.ijcip.2012.08.002Google ScholarGoogle ScholarCross RefCross Ref
  12. Herman Chernoff. 1952. A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations. Ann. Math. Stat. 23, 4 (1952), 493--507.Google ScholarGoogle ScholarCross RefCross Ref
  13. Luis F. Cómbita, Jairo Giraldo, Alvaro A. Cárdenas, and Nicanor Quijano. 2015. Response and reconfiguration of cyber-physical control systems: A survey. In Proceedings of the Colombian Conference on Automatic Control. IEEE, 1--6. DOI:https://doi.org/10.1109/CCAC.2015.7345181Google ScholarGoogle ScholarCross RefCross Ref
  14. Pieter J. L. Cuijpers and Michel Adriaan Reniers. 2005. Hybrid process algebra. J. Log. Algeb. Prog. 62, 2 (2005), 191--245. DOI:https://doi.org/10.1016/j.jlap.2004.02.001Google ScholarGoogle ScholarCross RefCross Ref
  15. Alexandre David, Kim G. Larsen, Axel Legay, Marius Mikučionis, and Danny B. Poulsen. 2015. Uppaal SMC tutorial. Int. J. Softw. Tools Technol. Transf. 17, 4 (2015), 397--415. DOI:https://doi.org/10.1007/s10009-014-0361-yGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  16. Danny Dolev and Andrew C. Yao. 1983. On the security of public key protocols. IEEE Trans. Info. Theor. 2 (1983), 198--208. DOI:https://doi.org/10.1109/TIT.1983.1056650Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Riccardo Focardi and Fabio Martinelli. 1999. A uniform approach for the definition of security properties. In Formal Methods (Lecture Notes in Computer Science), Vol. 1708. Springer, 794--813. DOI:https://doi.org/10.1007/3-540-48119-2_44Google ScholarGoogle Scholar
  18. Goran Frehse. 2008. PHAVer: Algorithmic verification of hybrid systems past HyTech. Int. J. Softw. Tools Technol. Transf. 10, 3 (2008), 263--279. DOI:https://doi.org/10.1007/s10009-007-0062-xGoogle ScholarGoogle ScholarCross RefCross Ref
  19. Goran Frehse, Colas Le Guernic, Alexandre Donzé, Scott Cotton, Rajarshi Ray, Olivier Lebeltel, Rodolfo Ripado, Antoine Girard, Thao Dang, and Oded Maler. 2011. SpaceEx: Scalable verification of hybrid systems. In Proceedings of the International Conference on Computer Aided Verification (Lecture Notes in Computer Science), Vol. 6806. Springer, 379--395. DOI:https://doi.org/10.1007/978-3-642-22110-1_30Google ScholarGoogle ScholarCross RefCross Ref
  20. Vashti Galpin, Luca Bortolussi, and Jane Hillston. 2013. HYPE: Hybrid modelling by composition of flows. Form. Asp. Comput. 25, 4 (2013), 503--541. DOI:https://doi.org/10.1007/s00165-011-0189-0Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Béla Genge, István Kiss, and Piroska Haller. 2015. A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures. Int. J. Crit. Infrast. Prot. 10 (2015), 3--17. DOI:https://doi.org/10.1016/j.ijcip.2015.04.001Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Jairo Giraldo, Esha Sarkar, Alvaro A. Cárdenas, Michail Maniatakos, and Murat Kantarcioglu. 2017. Security and privacy in cyber-physical systems: A survey of surveys. IEEE Des. Test 34, 4 (2017), 7--17. DOI:https://doi.org/10.1109/MDAT.2017.2709310Google ScholarGoogle Scholar
  23. Jairo Giraldo, David I. Urbina, Alvaro A. Cárdenas, Junia Valente, Mustafa Faisal, Justin Ruths, Niels O. Tippenhauer, Henrik Sandberg, and Richard Candell. 2018. A survey of physics-based attack detection in cyber-physical systems. ACM Comput. Surv. 51, 4 (2018), 76:1--76:36. DOI:https://doi.org/10.1145/3203245Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Dieter Gollmann, Pavel Gurikov, Alexander Isakov, Marina Krotofil, Jason Larsen, and Alexander Winnicki. 2015. Cyber-physical systems security: Experimental analysis of a vinyl acetate monomer plant. In Proceedings of the 1st ACM Workshop on Cyber-Physical System Security. ACM, 1--12. DOI:https://doi.org/10.1145/2732198.2732208Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Dieter Gollmann and Marina Krotofil. 2016. Cyber-physical systems security. In The New Codebreakers—Essays Dedicated to David Kahn on the Occasion of His 85th Birthday (Lecture Notes in Computer Science), Vol. 9100. Springer, 195--204. DOI:https://doi.org/10.1007/978-3-662-49301-4_14Google ScholarGoogle Scholar
  26. Arnd Hartmanns and Holger Hermanns. 2014. The modest toolset: An integrated environment for quantitative modelling and verification. In Proceedings of the International Conference on Tools and Algorithms for the Construction and Analysis of Systems (Lecture Notes in Computer Science), Vol. 8413. Springer, 593--598. DOI:https://doi.org/10.1007/978-3-642-54862-8Google ScholarGoogle ScholarCross RefCross Ref
  27. Matthew Hennessy and Tim Regan. 1995. A process algebra for timed systems. Inform. Comput. 117, 2 (1995), 221--239. DOI:https://doi.org/10.1006/inco.1995.1041Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Thomas A. Henzinger, Pei-Hsin Ho, and Howard Wong-Toi. 1997. HYTECH: A model checker for hybrid systems. Int. J. Softw. Tools Technol. Transf. 1, 1--2 (1997), 110--122. DOI:https://doi.org/10.1007/s100090050008Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Kaixing Huang, Chunjie Zhou, Yu-Chu Tian, Shuanghua Yang, and Yuanqing Qin. 2018. Assessing the physical impact of cyberattacks on industrial cyber-physical systems. IEEE Trans. Indust. Electron. 65, 10 (2018), 8153--8162. DOI:https://doi.org/10.1109/TIE.2018.2798605Google ScholarGoogle ScholarCross RefCross Ref
  30. Yu-Lun Huang, Alvaro A. Cárdenas, Saurabh Amin, Zong-Syun Lin, Hsin-Yi Tsai, and Shankar Sastry. 2009. Understanding the physical and economic consequences of attacks on control systems. Int. J. Crit. Infrast. Prot. 2, 3 (2009), 73--83. DOI:https://doi.org/10.1016/j.ijcip.2009.06.001Google ScholarGoogle ScholarCross RefCross Ref
  31. ICS-CERT. 2015. Cyber-Attack against Ukrainian Critical Infrastructure. (2015). Retrieved from https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01.Google ScholarGoogle Scholar
  32. Max Kanovich, Tajana Ban Kirigin, Vivek Nigam, Andre Scedrov, and Carolyn Talcott. 2015. Discrete vs. dense times in the analysis of cyber-physical security protocols. In Proceedings of the International Conference on Principles of Security and Trust (Lecture Notes in Computer Science), Vol. 9036. Springer, 259--279. DOI:https://doi.org/10.1007/978-3-662-46666-7_14Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Marina Krotofil and Alvaro A. Cárdenas. 2013. Resilience of process control systems to cyber-physical attacks. In Proceedings of the Nordic Conference on Secure IT Systems (NordSec 2013) (Lecture Notes in Computer Science), Vol. 8208. Springer, 166--182. DOI:https://doi.org/10.1007/978-3-642-41488-6_12Google ScholarGoogle Scholar
  34. Marina Krotofil, Alvaro A. Cárdenas, Jason Larsen, and Dieter Gollmann. 2014. Vulnerabilities of cyber-physical systems to stale data—Determining the optimal time to launch attacks. Int. J. Crit. Infrast. Prot. 7, 4 (2014), 213--232. DOI:https://doi.org/10.1016/j.ijcip.2014.10.003Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. David Kushner. 2013. The real story of Stuxnet. IEEE Spectr. 50, 3 (2013), 48--53. DOI:https://doi.org/10.1109/MSPEC.2013.6471059Google ScholarGoogle ScholarCross RefCross Ref
  36. Marta Z. Kwiatkowska, Gethin Norman, and David Parker. 2011. PRISM 4.0: Verification of probabilistic real-time systems. In Proceedings of the International Conference on Computer Aided Verification (Lecture Notes in Computer Science), Vol. 6806. Springer, 585--591. DOI:https://doi.org/10.1007/978-3-642-22110-1_47Google ScholarGoogle ScholarCross RefCross Ref
  37. Ruggero Lanotte and Massimo Merro. 2017. A calculus of cyber-physical systems. In Proceedings of the International Conference on Language and Automata Theory and Applications (Lecture Notes in Computer Science), Vol. 10168. Springer, 115--127. DOI:https://doi.org/10.1007/978-3-319-53733-7_8Google ScholarGoogle ScholarCross RefCross Ref
  38. Ruggero Lanotte, Massimo Merro, and Andrei Munteanu. 2018. A modest security analysis of cyber-physical systems: A case study. In Proceedings of the International Conference on Formal Techniques for Distributed Objects, Components, and Systems (Lecture Notes in Computer Science), Vol. 10854. Springer, 58--78. DOI:https://doi.org/10.1007/978-3-319-92612-4_4Google ScholarGoogle ScholarCross RefCross Ref
  39. Ruggero Lanotte, Massimo Merro, Andrei Munteanu, and Luca Viganò. 2019. A formal approach to physics-based attacks in cyber-physical systems (extended version). Retrieved from CoRR abs/1902.04572 (2019).Google ScholarGoogle Scholar
  40. Ruggero Lanotte, Massimo Merro, Riccardo Muradore, and Luca Viganò. 2017. A formal approach to cyber-physical attacks. In Proceedings of the Computer Security Foundations Symposium. IEEE Computer Society, 436--450. DOI:https://doi.org/10.1109/CSF.2017.12Google ScholarGoogle ScholarCross RefCross Ref
  41. Ruggero Lanotte, Massimo Merro, and Simone Tini. 2018. Towards a formal notion of impact metric for cyber-physical attacks. In Proceedings of the International Conference on Integrated Formal Methods (Lecture Notes in Computer Science), Vol. 11023. Springer, 296--315. DOI:https://doi.org/10.1007/978-3-319-98938-9_17Google ScholarGoogle ScholarCross RefCross Ref
  42. Ruggero Lanotte, Massimo Merro, and Simone Tini. 2020. A probabilistic calculus of cyber-physical systems. Information and Computation (2020). To appear.Google ScholarGoogle Scholar
  43. Mohammad Hossein Manshaei, Quanyan Zhu, Tansu Alpcan, Tamer Bacşar, and Jean-Pierre Hubaux. 2013. Game theory meets network security and privacy. ACM Comput. Surv. 45, 3 (2013), 25. DOI:https://doi.org/10.1145/2480741.2480742Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Jezdimir Milošević, David Umsonst, Henrik Sandberg, and Karl Henrik Johansson. 2018. Quantifying the impact of cyber-attack strategies for control systems equipped with an anomaly detector. In Proceedings of the European Control Conference (ECC’18). IEEE, 331--337. DOI:https://doi.org/10.23919/ECC.2018.8550188Google ScholarGoogle ScholarCross RefCross Ref
  45. Andrés F. Murillo Piedrahita, Vikram Gaur, Jairo Giraldo, Alvaro A. Cárdenas, and Sandra Julieta Rueda. 2018. Virtual incident response functions in control systems. Comput. Netw. 135 (2018), 147--159. DOI:https://doi.org/10.1016/j.comnet.2018.01.040Google ScholarGoogle ScholarCross RefCross Ref
  46. Vivek Nigam, Carolyn Talcott, and Abraão Aires Urquiza. 2016. Towards the automated verification of cyber-physical security protocols: Bounding the number of timed intruders. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’16) (Lecture Notes in Computer Science), Vol. 9879. Springer, 450--470. DOI:https://doi.org/10.1007/978-3-319-45741-3_23Google ScholarGoogle ScholarCross RefCross Ref
  47. Peter Csaba Ölveczky and José Meseguer. 2007. Semantics and pragmatics of real-time maude. Higher-Ord. Symb. Comput. 20, 1--2 (2007), 161--196. DOI:https://doi.org/10.1007/s10990-007-9001-5Google ScholarGoogle Scholar
  48. André Platzer. 2018. Logical Foundations of Cyber-Physical Systems. Springer. DOI:https://doi.org/10.1007/978-3-319-63588-0Google ScholarGoogle Scholar
  49. Jan-David Quesel, Stefan Mitsch, Sarah M. Loos, Nikos Aréchiga, and André Platzer. 2016. How to model and prove hybrid systems with KeYmaera: A tutorial on safety. Int. J. Softw. Tools Technol. Transf. 18, 1 (2016), 67--91. DOI:https://doi.org/10.1007/s10009-015-0367-0Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Marco Rocchetto and Nils Ole Tippenhauer. 2016. CPDY: Extending the Dolev-Yao attacker with physical-layer interactions. In Proceedings of the Conference on Formal Methods and Software Engineering (Lecture Notes in Computer Science), Vol. 10009. Springer, 175--192. DOI:https://doi.org/10.1007/978-3-319-47846-3_12Google ScholarGoogle ScholarCross RefCross Ref
  51. Marco Rocchetto and Nils Ole Tippenhauer. 2016. On attacker models and profiles for cyber-physical systems. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’16) (Lecture Notes in Computer Science), Vol. 9879. Springer, 427--449. DOI:https://doi.org/10.1007/978-3-319-45741-3_22Google ScholarGoogle ScholarCross RefCross Ref
  52. William C. Rounds and Hosung Song. 2003. The φ-calculus: A language for distributed control of reconfigurable embedded systems. In Proceedings of the International Workshop on Hybrid Systems: Computation and Control (Lecture Notes in Computer Science), Vol. 2623. Springer, 435--449. DOI:https://doi.org/10.1007/3-540-36580-X_32Google ScholarGoogle Scholar
  53. Jill Slay and Michael Miller. 2007. Lessons learned from the Maroochy water breach. In Proceedings of the International Conference on Critical Infrastructure Protection (IFIP’07). Springer, 73--82. DOI:https://doi.org/10.1007/978-0-387-75462-8_6Google ScholarGoogle ScholarCross RefCross Ref
  54. Swedish Civil Contigencies Agency. 2014. Guide to increased security in industrial information and control systems. (2014). https://www.ccn-cert.cni.es/publico/InfraestructurasCriticaspublico/Suecia-scada_guide.pdf.Google ScholarGoogle Scholar
  55. André Teixeira, Iman Shames, Henrik Sandberg, and Karl Henrik Johansson. 2015. A secure control framework for resource-limited adversaries. Automatica 51 (2015), 135--148. DOI:https://doi.org/10.1016/j.automatica.2014.10.067Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. U.S. 2009. Chemical Safety and Hazard Investigation Board, T2 Laboratories Inc. Reactive Chemical Explosion: Final Investigation Report. (2009). Report No. 2008-3-I-FL.Google ScholarGoogle Scholar
  57. Dirk A. van Beek, Ka L. Man, Michel Adriaan Reniers, Jacobus E. Rooda, and Ramon R. H. Schiffelers. 2006. Syntax and consistent equation semantics of hybrid Chi. J. Log. Alg. Prog. 68, 1--2 (2006), 129--210. DOI:https://doi.org/10.1016/j.jlap.2005.10.005Google ScholarGoogle Scholar
  58. Panagiotis Vasilikos, Flemming Nielson, and H. Riis Nielson. 2018. Secure information release in timed automata. In Proceedings of the International Conference on Principles of Security and Trust (Lecture Notes in Computer Science), Vol. 10804. Springer, 28--52. DOI:https://doi.org/10.1007/978-3-319-89722-6_2Google ScholarGoogle Scholar
  59. Roberto Vigo. 2012. The cyber-physical attacker. In Proceedings of the International Conference on Computer Safety, Reliability, and Security (Lecture Notes in Computer Science), Vol. 7613. Springer, 347--356. DOI:https://doi.org/10.1007/978-3-642-33675-1_31Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. Roberto Vigo, Flemming Nielson, and Hanne Riis Nielson. 2013. Broadcast, denial-of-service, and secure communication. In Proceedings of the International Conference on Integrated Formal Methods (Lecture Notes in Computer Science), Vol. 7940. Springer, 412--427. DOI:https://doi.org/10.1007/978-3-642-38613-8_28Google ScholarGoogle ScholarCross RefCross Ref
  61. Jingming Wang and Huiquin Yu. 2014. Analysis of the composition of non-deducibility in cyber-physical systems. Appl. Math. Inform. Sci. 8 (2014), 3137--3143. Issue 6. DOI:https://doi.org/10.12785/amis/080655Google ScholarGoogle ScholarCross RefCross Ref
  62. Yuriy Zacchia Lun, Alessandro D’Innocenzo, Ivano Malavolta, and Maria Domenica Di Benedetto. 2016. Cyber-physical systems security: A systematic mapping study. CoRR abs/1605.09641 (2016). DOI:https://doi.org/10.1016/j.jss.2018.12.006Google ScholarGoogle Scholar
  63. Yuriy Zacchia Lun, Alessandro D’Innocenzo, Francesco Smarra, Ivano Malavolta, and Maria Domenica Di Benedetto. 2019. State of the art of cyber-physical systems security: An automatic control perspective. J. Syst. Softw. 149 (2019), 174--216. DOI:https://doi.org/10.1016/j.jss.2018.12.006Google ScholarGoogle ScholarCross RefCross Ref
  64. Quanyan Zhu and Tamer Basar. 2015. Game-theoretic methods for robustness, security, and resilience of cyberphysical control systems: Games-in-games principle for optimal cross-layer resilient control systems. IEEE Contr. Syst. Mag. 35, 1 (2015), 46--65. DOI:https://doi.org/10.1109/MCS.2014.2364710Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. A Formal Approach to Physics-based Attacks in Cyber-physical Systems

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader

          HTML Format

          View this article in HTML Format .

          View HTML Format
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!