Identifying Security-Critical Cyber-Physical Components in Industrial Control Systems

In recent years, Industrial Control Systems (ICS) have become an appealing target for cyber attacks, having massive destructive consequences. Security metrics are therefore essential to assess their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs that represent cyber-physical dependencies among network components. Our metric is able to efficiently identify sets of critical cyber-physical components, with minimal cost for an attacker, such that if compromised, the system would enter into a non-operational state. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MAX-SAT problem. Our tool, META4ICS, leverages state-of-the-art techniques from the field of logical satisfiability optimisation in order to achieve efficient computation times. Our experimental results indicate that the proposed security metric can efficiently scale to networks with thousands of nodes and be computed in seconds. In addition, we present a case study where we have used our system to analyse the security posture of a realistic water transport network. We discuss our findings on the plant as well as further security applications of our metric.Comment: Keywords: Security metrics, industrial control systems, cyber-physical systems, AND-OR graphs, MAX-SAT resolutio

Abstract Model Counting: A Novel Approach for Quantification of Information Leaks

acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10We present a novel method for Quantitative Information Flow analysis. We show how the problem of computing information leakage can be viewed as an extension of the Satisfiability Modulo Theories (SMT) problem. This view enables us to develop a framework for QIF analysis based on the framework DPLL(T) used in SMT solvers. We then show that the methodology of Symbolic Execution (SE) also fits our framework. Based on these ideas, we build two QIF analysis tools: the first one employs CBMC, a bounded model checker for ANSI C, and the second one is built on top of Symbolic PathFinder, a Symbolic Executor for Java. We use these tools to quantify leaks in industrial code such as C programs from the Linux kernel, a Java tax program from the European project HATS, and anonymity protocol

IntRepair: Informed Repairing of Integer Overflows

Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repairs of integer overflows in C source code. Our technique, based on static symbolic execution, fuses detection, repair generation and validation. This technique is implemented in a prototype named IntRepair. We applied IntRepair to 2,052C programs (approx. 1 million lines of code) contained in SAMATE's Juliet test suite and 50 synthesized programs that range up to 20KLOC. Our experimental results show that IntRepair is able to effectively detect integer overflows and successfully repair them, while only increasing the source code (LOC) and binary (Kb) size by around 1%, respectively. Further, we present the results of a user study with 30 participants which shows that IntRepair repairs are more than 10x efficient as compared to manually generated code repairsComment: Accepted for publication at the IEEE TSE journal. arXiv admin note: text overlap with arXiv:1710.0372

Design and initial validation of the Raster method for telecom service availability risk assessment

Crisis organisations depend on telecommunication services; unavailability of these services reduces the effectiveness of crisis response. Crisis organisations should therefore be aware of availability risks, and need a suitable risk assessment method. Such a method needs to be aware of the exceptional circumstances in which crisis organisations operate, and of the commercial structure of modern telecom services. We found that existing risk assessment methods are unsuitable for this problem domain. Hence, crisis organisations do not perform any risk assessment, trust their supplier, or rely on service level agreements, which are not meaningful during crisis situations. We have therefore developed a new risk assessment method, which we call RASTER. We have tested RASTER using a case study at the crisis organisation of a government agency, and improved the method based on the analysis of case results. Our initial validation suggests that the method can yield practical results

Mass-Market Receiver for Static Positioning: Tests and Statistical Analyses

Nowadays, there are several low cost GPS receivers able to provide both pseudorange and carrier phase measurements in the L1band, that allow to have good realtime performances in outdoor condition. The present paper describes a set of dedicated tests in order to evaluate the positioning accuracy in static conditions. The quality of the pseudorange and the carrier phase measurements let hope for interesting results. The use of such kind of receiver could be extended to a large number of professional applications, like engineering fields: survey, georeferencing, monitoring, cadastral mapping and cadastral road. In this work, the receivers performance is verified considering a single frequency solution trying to fix the phase ambiguity, when possible. Different solutions are defined: code, float and fix solutions. In order to solve the phase ambiguities different methods are considered. Each test performed is statistically analyzed, highlighting the effects of different factors on precision and accurac

Livelihood Risk from HIV in Semi-Arid Tropics of Rural Andhra Pradesh

This paper discusses the livelihood dynamics in the fragile landscape of the semi-arid tropics (SAT) of Andhra Pradesh. SAT is home to the poorest of the poor who live in conditions of persistent drought, subsistence agriculture and poor access to markets. This paper is a case study focusing particularly on labour migration, its role in influencing the health risk behaviour of migrants and in the spread of the HIV epidemic among SAT rural households. The most vulnerable population in these drought prone regions are the migrant labourers, and their vulnerability is influenced by three major factors—the vulnerability and unstable productivity in the degraded and marginal landscape, the caste system that has traditionally kept them backward and vulnerable, and experiences in the external environment to which they migrate. This study is based on a theoretical framework, whereby livelihood risks lead to health risks, particularly HIV infection—outlines the process that causes a further deterioration of the household and the occurrence of cyclical health risk. The paper calls for a multisectoral approach to tackle the issue of migrant vulnerability, and for interventions with a more migrant-need sensitive approach.

Livelihood Risk from HIV in Semi-Arid Tropics of Rural Andhra Pradesh

This paper discusses the livelihood dynamics in the fragile landscape of the semi arid tropics (SAT) of Andhra Pradesh. SAT is home to the poorest of the poor who live in conditions of persistent drought, subsistence agriculture and poor access to markets. This paper is a case study focusing particularly on labour migration, its role in influencing the health risk behaviour of migrants and in the spread of the HIV epidemic among SAT rural households. The most vulnerable population in these drought prone regions are the migrant labourers, and their vulnerability is influenced by three major factors?the vulnerability and unstable productivity in the degraded and marginal landscape, the caste system that has traditionally kept them backward and vulnerable, and experiences in the external environment to which they migrate. This study?based on a theoretical framework, whereby livelihood risks lead to health risks, particularly HIV infection?outlines the process that causes a further deterioration of the household and the occurrence of cyclical health risk. The paper calls for a multisectoral approach to tackle the issue of migrant vulnerability, and for interventions with a more migrant-need sensitive approach.labour migration, HIV risk behaviour, agriculture, health, semi-arid tropics