Abstract
We apply formal methods to lay and streamline theoretical foundations to reason about Cyber-Physical Systems (CPSs) and physics-based attacks, i.e., attacks targeting physical devices. We focus on a formal treatment of both integrity and denial of service attacks to sensors and actuators of CPSs, and on the timing aspects of these attacks. Our contributions are fourfold. (1) We define a hybrid process calculus to model both CPSs and physics-based attacks. (2) We formalise a threat model that specifies MITM attacks that can manipulate sensor readings or control commands to drive a CPS into an undesired state; we group these attacks into classes and provide the means to assess attack tolerance/vulnerability with respect to a given class of attacks, based on a proper notion of most powerful physics-based attack. (3) We formalise how to estimate the impact of a successful attack on a CPS and investigate possible quantifications of the success chances of an attack. (4) We illustrate our definitions and results by formalising a non-trivial running example in UPPAAL SMC, the statistical extension of the UPPAAL model checker; we use UPPAAL SMC as an automatic tool for carrying out a static security analysis of our running example in isolation and when exposed to three different physics-based attacks with different impacts.
- Ravi Akella, Han Tang, and Bruce M. McMillin. 2010. Analysis of information flow security in cyber-physical systems. Int. J. Crit. Infrast. Prot. 3, 3–4 (2010), 157--173. DOI:https://doi.org/10.1016/j.ijcip.2010.09.001Google Scholar
Cross Ref
- Rasim Alguliyev, Yadigar Imamverdiyev, and Lyudmila Sukhostat. 2018. Cyber-physical systems and their security issues. Comput. Indust. 100 (2018), 212--223. DOI:https://doi.org/10.1016/j.compind.2018.04.017Google Scholar
Cross Ref
- Rajeev Alur, Costas Courcoubetis, Nicolas Halbwachs, Thomas A. Henzinger, Pei-Hsin Ho, Xavier Nicollin, Alfredo Olivero, Joseph Sifakis, and Sergio Yovine. 1995. The algorithmic analysis of hybrid systems. Theoret. Comput. Sci. 138, 1 (1995), 3--34. DOI:https://doi.org/10.1016/0304-3975(94)00202-TGoogle Scholar
Digital Library
- Ezio Bartocci, Jyotirmoy Deshmukh, Alexandre Donzé, Georgios Fainekos, Oded Maler, Dejan Ničković, and Sriram Sankaranarayanan. 2018. Specification-based monitoring of cyber-physical systems: A survey on theory, tools, and applications. In Lectures on Runtime Verification—Introductory and Advanced Topics. Springer, 135--175. DOI:https://doi.org/10.1007/978-3-319-75632-5_5Google Scholar
- Gerd Behrmann, Alexandre David, and Kim G. Larsen. 2004. A tutorial on Uppaal. In Formal Methods for the Design of Real-Time Systems (SFM-RT’04) (Lecture Notes in Computer Science), Vol. 3185. Springer, 200--236. DOI:https://doi.org/10.1007/978-3-540-30080-9_7Google Scholar
- Gerd Behrmann, Alexandre David, Kim G. Larsen, John Håkansson, Paul Pettersson, Wang Yi, and Martijn Hendriks. 2006. UPPAAL 4.0. In Quantitative Evaluation of Systems. IEEE Computer Society, 125--126. DOI:https://doi.org/10.1109/QEST.2006.59Google Scholar
- Jan A. Bergstra and Cornelius A. Middelburg. 2005. Process algebra for hybrid systems. Theoret. Comput. Sci. 335, 2--3 (2005), 215--280. DOI:https://doi.org/10.1016/j.tcs.2004.04.019Google Scholar
Digital Library
- Chiara Bodei, Stefano Chessa, and Letterio Galletta. 2019. Measuring security in IoT communications. Theoret. Comput. Sci. (2019), 100--124. DOI:https://doi.org/10.1016/j.tcs.2018.12.002Google Scholar
- Chiara Bodei, Pierpaolo Degano, Gian-Luigi Ferrari, and Letterio Galletta. 2019. Tracing where IoT data are collected and aggregated. Log. Meth. Comput. Sci. 13, 3:5 (2019), 1--38. DOI:https://doi.org/10.23638/LMCS-13(3:5)2017Google Scholar
- Brandon Bohrer and André Platzer. 2018. A hybrid, dynamic logic for hybrid-dynamic information flow. In Proceedings of the ACM/IEEE Symposium on Logic in Computer Science. ACM, 115--124. DOI:https://doi.org/10.1145/3209108.3209151Google Scholar
Digital Library
- Mike Burmester, Emmanouil Magkos, and Vassilis Chrissikopoulos. 2012. Modeling security in cyber-physical systems. Int. J. Crit. Infrast. Prot. 5, 3--4 (2012), 118--126. DOI:https://doi.org/10.1016/j.ijcip.2012.08.002Google Scholar
Cross Ref
- Herman Chernoff. 1952. A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations. Ann. Math. Stat. 23, 4 (1952), 493--507.Google Scholar
Cross Ref
- Luis F. Cómbita, Jairo Giraldo, Alvaro A. Cárdenas, and Nicanor Quijano. 2015. Response and reconfiguration of cyber-physical control systems: A survey. In Proceedings of the Colombian Conference on Automatic Control. IEEE, 1--6. DOI:https://doi.org/10.1109/CCAC.2015.7345181Google Scholar
Cross Ref
- Pieter J. L. Cuijpers and Michel Adriaan Reniers. 2005. Hybrid process algebra. J. Log. Algeb. Prog. 62, 2 (2005), 191--245. DOI:https://doi.org/10.1016/j.jlap.2004.02.001Google Scholar
Cross Ref
- Alexandre David, Kim G. Larsen, Axel Legay, Marius Mikučionis, and Danny B. Poulsen. 2015. Uppaal SMC tutorial. Int. J. Softw. Tools Technol. Transf. 17, 4 (2015), 397--415. DOI:https://doi.org/10.1007/s10009-014-0361-yGoogle Scholar
Digital Library
- Danny Dolev and Andrew C. Yao. 1983. On the security of public key protocols. IEEE Trans. Info. Theor. 2 (1983), 198--208. DOI:https://doi.org/10.1109/TIT.1983.1056650Google Scholar
Digital Library
- Riccardo Focardi and Fabio Martinelli. 1999. A uniform approach for the definition of security properties. In Formal Methods (Lecture Notes in Computer Science), Vol. 1708. Springer, 794--813. DOI:https://doi.org/10.1007/3-540-48119-2_44Google Scholar
- Goran Frehse. 2008. PHAVer: Algorithmic verification of hybrid systems past HyTech. Int. J. Softw. Tools Technol. Transf. 10, 3 (2008), 263--279. DOI:https://doi.org/10.1007/s10009-007-0062-xGoogle Scholar
Cross Ref
- Goran Frehse, Colas Le Guernic, Alexandre Donzé, Scott Cotton, Rajarshi Ray, Olivier Lebeltel, Rodolfo Ripado, Antoine Girard, Thao Dang, and Oded Maler. 2011. SpaceEx: Scalable verification of hybrid systems. In Proceedings of the International Conference on Computer Aided Verification (Lecture Notes in Computer Science), Vol. 6806. Springer, 379--395. DOI:https://doi.org/10.1007/978-3-642-22110-1_30Google Scholar
Cross Ref
- Vashti Galpin, Luca Bortolussi, and Jane Hillston. 2013. HYPE: Hybrid modelling by composition of flows. Form. Asp. Comput. 25, 4 (2013), 503--541. DOI:https://doi.org/10.1007/s00165-011-0189-0Google Scholar
Digital Library
- Béla Genge, István Kiss, and Piroska Haller. 2015. A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures. Int. J. Crit. Infrast. Prot. 10 (2015), 3--17. DOI:https://doi.org/10.1016/j.ijcip.2015.04.001Google Scholar
Digital Library
- Jairo Giraldo, Esha Sarkar, Alvaro A. Cárdenas, Michail Maniatakos, and Murat Kantarcioglu. 2017. Security and privacy in cyber-physical systems: A survey of surveys. IEEE Des. Test 34, 4 (2017), 7--17. DOI:https://doi.org/10.1109/MDAT.2017.2709310Google Scholar
- Jairo Giraldo, David I. Urbina, Alvaro A. Cárdenas, Junia Valente, Mustafa Faisal, Justin Ruths, Niels O. Tippenhauer, Henrik Sandberg, and Richard Candell. 2018. A survey of physics-based attack detection in cyber-physical systems. ACM Comput. Surv. 51, 4 (2018), 76:1--76:36. DOI:https://doi.org/10.1145/3203245Google Scholar
Digital Library
- Dieter Gollmann, Pavel Gurikov, Alexander Isakov, Marina Krotofil, Jason Larsen, and Alexander Winnicki. 2015. Cyber-physical systems security: Experimental analysis of a vinyl acetate monomer plant. In Proceedings of the 1st ACM Workshop on Cyber-Physical System Security. ACM, 1--12. DOI:https://doi.org/10.1145/2732198.2732208Google Scholar
Digital Library
- Dieter Gollmann and Marina Krotofil. 2016. Cyber-physical systems security. In The New Codebreakers—Essays Dedicated to David Kahn on the Occasion of His 85th Birthday (Lecture Notes in Computer Science), Vol. 9100. Springer, 195--204. DOI:https://doi.org/10.1007/978-3-662-49301-4_14Google Scholar
- Arnd Hartmanns and Holger Hermanns. 2014. The modest toolset: An integrated environment for quantitative modelling and verification. In Proceedings of the International Conference on Tools and Algorithms for the Construction and Analysis of Systems (Lecture Notes in Computer Science), Vol. 8413. Springer, 593--598. DOI:https://doi.org/10.1007/978-3-642-54862-8Google Scholar
Cross Ref
- Matthew Hennessy and Tim Regan. 1995. A process algebra for timed systems. Inform. Comput. 117, 2 (1995), 221--239. DOI:https://doi.org/10.1006/inco.1995.1041Google Scholar
Digital Library
- Thomas A. Henzinger, Pei-Hsin Ho, and Howard Wong-Toi. 1997. HYTECH: A model checker for hybrid systems. Int. J. Softw. Tools Technol. Transf. 1, 1--2 (1997), 110--122. DOI:https://doi.org/10.1007/s100090050008Google Scholar
Digital Library
- Kaixing Huang, Chunjie Zhou, Yu-Chu Tian, Shuanghua Yang, and Yuanqing Qin. 2018. Assessing the physical impact of cyberattacks on industrial cyber-physical systems. IEEE Trans. Indust. Electron. 65, 10 (2018), 8153--8162. DOI:https://doi.org/10.1109/TIE.2018.2798605Google Scholar
Cross Ref
- Yu-Lun Huang, Alvaro A. Cárdenas, Saurabh Amin, Zong-Syun Lin, Hsin-Yi Tsai, and Shankar Sastry. 2009. Understanding the physical and economic consequences of attacks on control systems. Int. J. Crit. Infrast. Prot. 2, 3 (2009), 73--83. DOI:https://doi.org/10.1016/j.ijcip.2009.06.001Google Scholar
Cross Ref
- ICS-CERT. 2015. Cyber-Attack against Ukrainian Critical Infrastructure. (2015). Retrieved from https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01.Google Scholar
- Max Kanovich, Tajana Ban Kirigin, Vivek Nigam, Andre Scedrov, and Carolyn Talcott. 2015. Discrete vs. dense times in the analysis of cyber-physical security protocols. In Proceedings of the International Conference on Principles of Security and Trust (Lecture Notes in Computer Science), Vol. 9036. Springer, 259--279. DOI:https://doi.org/10.1007/978-3-662-46666-7_14Google Scholar
Digital Library
- Marina Krotofil and Alvaro A. Cárdenas. 2013. Resilience of process control systems to cyber-physical attacks. In Proceedings of the Nordic Conference on Secure IT Systems (NordSec 2013) (Lecture Notes in Computer Science), Vol. 8208. Springer, 166--182. DOI:https://doi.org/10.1007/978-3-642-41488-6_12Google Scholar
- Marina Krotofil, Alvaro A. Cárdenas, Jason Larsen, and Dieter Gollmann. 2014. Vulnerabilities of cyber-physical systems to stale data—Determining the optimal time to launch attacks. Int. J. Crit. Infrast. Prot. 7, 4 (2014), 213--232. DOI:https://doi.org/10.1016/j.ijcip.2014.10.003Google Scholar
Digital Library
- David Kushner. 2013. The real story of Stuxnet. IEEE Spectr. 50, 3 (2013), 48--53. DOI:https://doi.org/10.1109/MSPEC.2013.6471059Google Scholar
Cross Ref
- Marta Z. Kwiatkowska, Gethin Norman, and David Parker. 2011. PRISM 4.0: Verification of probabilistic real-time systems. In Proceedings of the International Conference on Computer Aided Verification (Lecture Notes in Computer Science), Vol. 6806. Springer, 585--591. DOI:https://doi.org/10.1007/978-3-642-22110-1_47Google Scholar
Cross Ref
- Ruggero Lanotte and Massimo Merro. 2017. A calculus of cyber-physical systems. In Proceedings of the International Conference on Language and Automata Theory and Applications (Lecture Notes in Computer Science), Vol. 10168. Springer, 115--127. DOI:https://doi.org/10.1007/978-3-319-53733-7_8Google Scholar
Cross Ref
- Ruggero Lanotte, Massimo Merro, and Andrei Munteanu. 2018. A modest security analysis of cyber-physical systems: A case study. In Proceedings of the International Conference on Formal Techniques for Distributed Objects, Components, and Systems (Lecture Notes in Computer Science), Vol. 10854. Springer, 58--78. DOI:https://doi.org/10.1007/978-3-319-92612-4_4Google Scholar
Cross Ref
- Ruggero Lanotte, Massimo Merro, Andrei Munteanu, and Luca Viganò. 2019. A formal approach to physics-based attacks in cyber-physical systems (extended version). Retrieved from CoRR abs/1902.04572 (2019).Google Scholar
- Ruggero Lanotte, Massimo Merro, Riccardo Muradore, and Luca Viganò. 2017. A formal approach to cyber-physical attacks. In Proceedings of the Computer Security Foundations Symposium. IEEE Computer Society, 436--450. DOI:https://doi.org/10.1109/CSF.2017.12Google Scholar
Cross Ref
- Ruggero Lanotte, Massimo Merro, and Simone Tini. 2018. Towards a formal notion of impact metric for cyber-physical attacks. In Proceedings of the International Conference on Integrated Formal Methods (Lecture Notes in Computer Science), Vol. 11023. Springer, 296--315. DOI:https://doi.org/10.1007/978-3-319-98938-9_17Google Scholar
Cross Ref
- Ruggero Lanotte, Massimo Merro, and Simone Tini. 2020. A probabilistic calculus of cyber-physical systems. Information and Computation (2020). To appear.Google Scholar
- Mohammad Hossein Manshaei, Quanyan Zhu, Tansu Alpcan, Tamer Bacşar, and Jean-Pierre Hubaux. 2013. Game theory meets network security and privacy. ACM Comput. Surv. 45, 3 (2013), 25. DOI:https://doi.org/10.1145/2480741.2480742Google Scholar
Digital Library
- Jezdimir Milošević, David Umsonst, Henrik Sandberg, and Karl Henrik Johansson. 2018. Quantifying the impact of cyber-attack strategies for control systems equipped with an anomaly detector. In Proceedings of the European Control Conference (ECC’18). IEEE, 331--337. DOI:https://doi.org/10.23919/ECC.2018.8550188Google Scholar
Cross Ref
- Andrés F. Murillo Piedrahita, Vikram Gaur, Jairo Giraldo, Alvaro A. Cárdenas, and Sandra Julieta Rueda. 2018. Virtual incident response functions in control systems. Comput. Netw. 135 (2018), 147--159. DOI:https://doi.org/10.1016/j.comnet.2018.01.040Google Scholar
Cross Ref
- Vivek Nigam, Carolyn Talcott, and Abraão Aires Urquiza. 2016. Towards the automated verification of cyber-physical security protocols: Bounding the number of timed intruders. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’16) (Lecture Notes in Computer Science), Vol. 9879. Springer, 450--470. DOI:https://doi.org/10.1007/978-3-319-45741-3_23Google Scholar
Cross Ref
- Peter Csaba Ölveczky and José Meseguer. 2007. Semantics and pragmatics of real-time maude. Higher-Ord. Symb. Comput. 20, 1--2 (2007), 161--196. DOI:https://doi.org/10.1007/s10990-007-9001-5Google Scholar
- André Platzer. 2018. Logical Foundations of Cyber-Physical Systems. Springer. DOI:https://doi.org/10.1007/978-3-319-63588-0Google Scholar
- Jan-David Quesel, Stefan Mitsch, Sarah M. Loos, Nikos Aréchiga, and André Platzer. 2016. How to model and prove hybrid systems with KeYmaera: A tutorial on safety. Int. J. Softw. Tools Technol. Transf. 18, 1 (2016), 67--91. DOI:https://doi.org/10.1007/s10009-015-0367-0Google Scholar
Digital Library
- Marco Rocchetto and Nils Ole Tippenhauer. 2016. CPDY: Extending the Dolev-Yao attacker with physical-layer interactions. In Proceedings of the Conference on Formal Methods and Software Engineering (Lecture Notes in Computer Science), Vol. 10009. Springer, 175--192. DOI:https://doi.org/10.1007/978-3-319-47846-3_12Google Scholar
Cross Ref
- Marco Rocchetto and Nils Ole Tippenhauer. 2016. On attacker models and profiles for cyber-physical systems. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’16) (Lecture Notes in Computer Science), Vol. 9879. Springer, 427--449. DOI:https://doi.org/10.1007/978-3-319-45741-3_22Google Scholar
Cross Ref
- William C. Rounds and Hosung Song. 2003. The φ-calculus: A language for distributed control of reconfigurable embedded systems. In Proceedings of the International Workshop on Hybrid Systems: Computation and Control (Lecture Notes in Computer Science), Vol. 2623. Springer, 435--449. DOI:https://doi.org/10.1007/3-540-36580-X_32Google Scholar
- Jill Slay and Michael Miller. 2007. Lessons learned from the Maroochy water breach. In Proceedings of the International Conference on Critical Infrastructure Protection (IFIP’07). Springer, 73--82. DOI:https://doi.org/10.1007/978-0-387-75462-8_6Google Scholar
Cross Ref
- Swedish Civil Contigencies Agency. 2014. Guide to increased security in industrial information and control systems. (2014). https://www.ccn-cert.cni.es/publico/InfraestructurasCriticaspublico/Suecia-scada_guide.pdf.Google Scholar
- André Teixeira, Iman Shames, Henrik Sandberg, and Karl Henrik Johansson. 2015. A secure control framework for resource-limited adversaries. Automatica 51 (2015), 135--148. DOI:https://doi.org/10.1016/j.automatica.2014.10.067Google Scholar
Digital Library
- U.S. 2009. Chemical Safety and Hazard Investigation Board, T2 Laboratories Inc. Reactive Chemical Explosion: Final Investigation Report. (2009). Report No. 2008-3-I-FL.Google Scholar
- Dirk A. van Beek, Ka L. Man, Michel Adriaan Reniers, Jacobus E. Rooda, and Ramon R. H. Schiffelers. 2006. Syntax and consistent equation semantics of hybrid Chi. J. Log. Alg. Prog. 68, 1--2 (2006), 129--210. DOI:https://doi.org/10.1016/j.jlap.2005.10.005Google Scholar
- Panagiotis Vasilikos, Flemming Nielson, and H. Riis Nielson. 2018. Secure information release in timed automata. In Proceedings of the International Conference on Principles of Security and Trust (Lecture Notes in Computer Science), Vol. 10804. Springer, 28--52. DOI:https://doi.org/10.1007/978-3-319-89722-6_2Google Scholar
- Roberto Vigo. 2012. The cyber-physical attacker. In Proceedings of the International Conference on Computer Safety, Reliability, and Security (Lecture Notes in Computer Science), Vol. 7613. Springer, 347--356. DOI:https://doi.org/10.1007/978-3-642-33675-1_31Google Scholar
Digital Library
- Roberto Vigo, Flemming Nielson, and Hanne Riis Nielson. 2013. Broadcast, denial-of-service, and secure communication. In Proceedings of the International Conference on Integrated Formal Methods (Lecture Notes in Computer Science), Vol. 7940. Springer, 412--427. DOI:https://doi.org/10.1007/978-3-642-38613-8_28Google Scholar
Cross Ref
- Jingming Wang and Huiquin Yu. 2014. Analysis of the composition of non-deducibility in cyber-physical systems. Appl. Math. Inform. Sci. 8 (2014), 3137--3143. Issue 6. DOI:https://doi.org/10.12785/amis/080655Google Scholar
Cross Ref
- Yuriy Zacchia Lun, Alessandro D’Innocenzo, Ivano Malavolta, and Maria Domenica Di Benedetto. 2016. Cyber-physical systems security: A systematic mapping study. CoRR abs/1605.09641 (2016). DOI:https://doi.org/10.1016/j.jss.2018.12.006Google Scholar
- Yuriy Zacchia Lun, Alessandro D’Innocenzo, Francesco Smarra, Ivano Malavolta, and Maria Domenica Di Benedetto. 2019. State of the art of cyber-physical systems security: An automatic control perspective. J. Syst. Softw. 149 (2019), 174--216. DOI:https://doi.org/10.1016/j.jss.2018.12.006Google Scholar
Cross Ref
- Quanyan Zhu and Tamer Basar. 2015. Game-theoretic methods for robustness, security, and resilience of cyberphysical control systems: Games-in-games principle for optimal cross-layer resilient control systems. IEEE Contr. Syst. Mag. 35, 1 (2015), 46--65. DOI:https://doi.org/10.1109/MCS.2014.2364710Google Scholar
Cross Ref
Index Terms
A Formal Approach to Physics-based Attacks in Cyber-physical Systems
Recommendations
Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
AbstractCyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...
A multi-layered and kill-chain based security analysis framework for cyber-physical systems
This paper introduces a novel framework for understanding cyber attacks and the related risks to cyber-physical systems. The framework consists of two elements, a three-layered logical model and reference architecture for cyber-physical systems, and a ...
Security analysis for cyber-physical systems against stealthy cyber attacks
CERIAS '13: Proceedings of the 14th Annual Information Security SymposiumSecurity of Cyber-Physical Systems (CPS) against cyber attacks is an important yet challenging problem. Since most cyber attacks happen in erratic ways, it is difficult to describe them systematically. In this paper, instead of identifying a specific ...






Comments