Proving Abstractions of Dynamical Systems through Numerical Simulations

A key question that arises in rigorous analysis of cyberphysical systems under attack involves establishing whether or not the attacked system deviates significantly from the ideal allowed behavior. This is the problem of deciding whether or not the ideal system is an abstraction of the attacked system. A quantitative variation of this question can capture how much the attacked system deviates from the ideal. Thus, algorithms for deciding abstraction relations can help measure the effect of attacks on cyberphysical systems and to develop attack detection strategies. In this paper, we present a decision procedure for proving that one nonlinear dynamical system is a quantitative abstraction of another. Directly computing the reach sets of these nonlinear systems are undecidable in general and reach set over-approximations do not give a direct way for proving abstraction. Our procedure uses (possibly inaccurate) numerical simulations and a model annotation to compute tight approximations of the observable behaviors of the system and then uses these approximations to decide on abstraction. We show that the procedure is sound and that it is guaranteed to terminate under reasonable robustness assumptions

Measuring Security: A Challenge for the Generation

This paper presents an approach to measuring computer security understood as a system property, in the category of similar properties, such as safety, reliability, dependability, resilience, etc. First, a historical discussion of measurements is presented, beginning with views of Hermann von Helmholtz in his 19th century work “Zählen und Messen”. Then, contemporary approaches related to the principles of measuring software properties are discussed, with emphasis on statistical, physical and software models. A distinction between metrics and measures is made to clarify the concepts. A brief overview of inadequacies of methods and techniques to evaluate computer security is presented, followed by a proposal and discussion of a practical model to conduct experimental security measurements

In Pursuit of Aviation Cybersecurity: Experiences and Lessons From a Competitive Approach

The passive and independent localization of aircraft has been the subject of much cyberphysical security research. We designed a multistage open competition focusing on the offline batch localization problem using opportunistic data sources. We discuss setup, results, and lessons learned

Cyberphysical network for crop monitoring and fertigation control

Mestrado de dupla diplomação com a UTFPR - Universidade Tecnológica Federal do ParanáFertigation is a cultivation technique that uses the precise application of nutrient solutions according to the requirements of the plant, environmental conditions and substrate. The use of this technique has become popular due to the advantages promoted, which include the reduction of fertilizers, phytopharmaceuticals and water consumption. However, this performance is achieved at the expense of rigorous monitoring and regulation of factors such as nutrient solutions, environmental conditions and the vegetative state of the crop. This work describes the architecture of a network based on agents and cyberphysical elements that will be implemented in a strawberry production unit by fertigation. The system must be responsible for the correct supply of water and agricultural inputs based on local information provided by sets of sensors. Each set of sensors, called a measurement node, is responsible for acquiring information around a given location. The communication of this information is carried out through a wireless network based on the LoRa protocol to a digital platform where the information from all nodes, together with meteorological data, is aggregated and processed. The result of processing this information will lead to the definition of the exact amount of nutrient solution as well as the optimization of the use of water leading to an increase in production efficiency.A fertirrigação é uma técnica de cultivo que recorre à aplicação precisa de soluções nutritivas de acordo com os requisitos da planta, condições ambientais e de substrato. A utilização desta técnica tem-se popularizado devido às vantagens promovidas onde se destacam a redução de fertilizantes, fitofármacos e consumo de água. No entanto, este desempenho é conseguido à custa de um rigoroso monitoramento e regulação de fatores tais como soluções nutritivas, condições ambientais e estado vegetativo da cultura. Este trabalho descreve a arquitetura de uma rede baseada em agentes e elementos ciberfísicos que serão implementados em uma unidade de produção de morango por fertirrigação. O sistema deve ser responsável pelo fornecimento correto de água e insumos agrícolas tendo por base informações locais fornecidas por conjuntos de sensores. Cada conjunto de sensores, chamado de nó de medida, é responsável pela aquisição da informação em torno de um determinado local. A comunicação destas informações é realizada através de uma rede sem fio baseada no protocolo LoRa até uma plataforma digital onde a informação provinda de todos os nós, juntamente com dados meteorológicos, é agregada e processada. O resultado do processamento desta informação levará à definição da quantidade exata de solução nutritiva bem como a otimização da utilização da água levando a um aumento da eficiência de produção

SYNERGY OF BUILDING CYBERSECURITY SYSTEMS

The development of the modern world community is closely related to advances in computing resources and cyberspace. The formation and expansion of the range of services is based on the achievements of mankind in the field of high technologies. However, the rapid growth of computing resources, the emergence of a full-scale quantum computer tightens the requirements for security systems not only for information and communication systems, but also for cyber-physical systems and technologies. The methodological foundations of building security systems for critical infrastructure facilities based on modeling the processes of behavior of antagonistic agents in security systems are discussed in the first chapter. The concept of information security in social networks, based on mathematical models of data protection, taking into account the influence of specific parameters of the social network, the effects on the network are proposed in second chapter. The nonlinear relationships of the parameters of the defense system, attacks, social networks, as well as the influence of individual characteristics of users and the nature of the relationships between them, takes into account. In the third section, practical aspects of the methodology for constructing post-quantum algorithms for asymmetric McEliece and Niederreiter cryptosystems on algebraic codes (elliptic and modified elliptic codes), their mathematical models and practical algorithms are considered. Hybrid crypto-code constructions of McEliece and Niederreiter on defective codes are proposed. They can significantly reduce the energy costs for implementation, while ensuring the required level of cryptographic strength of the system as a whole. The concept of security of corporate information and educational systems based on the construction of an adaptive information security system is proposed. ISBN 978-617-7319-31-2 (on-line)ISBN 978-617-7319-32-9 (print) ------------------------------------------------------------------------------------------------------------------ How to Cite: Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O., Korol, O., Milevskyi, S. et. al.; Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O. (Eds.) (2021). Synergy of building cybersecurity systems. Kharkiv: РС ТЕСHNOLOGY СЕNTЕR, 188. doi: http://doi.org/10.15587/978-617-7319-31-2 ------------------------------------------------------------------------------------------------------------------ Indexing:                    Розвиток сучасної світової спільноти тісно пов’язаний з досягненнями в області обчислювальних ресурсів і кіберпростору. Формування та розширення асортименту послуг базується на досягненнях людства у галузі високих технологій. Однак стрімке зростання обчислювальних ресурсів, поява повномасштабного квантового комп’ютера посилює вимоги до систем безпеки не тільки інформаційно-комунікаційних, але і до кіберфізичних систем і технологій. У першому розділі обговорюються методологічні основи побудови систем безпеки для об'єктів критичної інфраструктури на основі моделювання процесів поведінки антагоністичних агентів у систем безпеки. У другому розділі пропонується концепція інформаційної безпеки в соціальних мережах, яка заснована на математичних моделях захисту даних, з урахуванням впливу конкретних параметрів соціальної мережі та наслідків для неї. Враховуються нелінійні взаємозв'язки параметрів системи захисту, атак, соціальних мереж, а також вплив індивідуальних характеристик користувачів і характеру взаємовідносин між ними. У третьому розділі розглядаються практичні аспекти методології побудови постквантових алгоритмів для асиметричних криптосистем Мак-Еліса та Нідеррейтера на алгебраїчних кодах (еліптичних та модифікованих еліптичних кодах), їх математичні моделі та практичні алгоритми. Запропоновано гібридні конструкції криптокоду Мак-Еліса та Нідеррейтера на дефектних кодах. Вони дозволяють істотно знизити енергетичні витрати на реалізацію, забезпечуючи при цьому необхідний рівень криптографічної стійкості системи в цілому. Запропоновано концепцію безпеки корпоративних інформаційних та освітніх систем, які засновані на побудові адаптивної системи захисту інформації. ISBN 978-617-7319-31-2 (on-line)ISBN 978-617-7319-32-9 (print) ------------------------------------------------------------------------------------------------------------------ Як цитувати: Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O., Korol, O., Milevskyi, S. et. al.; Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O. (Eds.) (2021). Synergy of building cybersecurity systems. Kharkiv: РС ТЕСHNOLOGY СЕNTЕR, 188. doi: http://doi.org/10.15587/978-617-7319-31-2 ------------------------------------------------------------------------------------------------------------------ Індексація:                 &nbsp

Centralized Versus Decentralized Detection of Attacks in Stochastic Interconnected Systems

We consider a security problem for interconnected systems governed by linear, discrete, time-invariant, stochastic dynamics, where the objective is to detect exogenous attacks by processing the measurements at different locations. We consider two classes of detectors, namely centralized and decentralized detectors, which differ primarily in their knowledge of the system model. In particular, a decentralized detector has a model of the dynamics of the isolated subsystems, but is unaware of the interconnection signals that are exchanged among subsystems. Instead, a centralized detector has a model of the entire dynamical system. We characterize the performance of the two detectors and show that, depending on the system and attack parameters, each of the detectors can outperform the other. In particular, it may be possible for the decentralized detector to outperform its centralized counterpart, despite having less information about the system dynamics, and this surprising property is due to the nature of the considered attack detection problem. To complement our results on the detection of attacks, we propose and solve an optimization problem to design attacks that maximally degrade the system performance while maintaining a pre-specified degree of detectability. Finally, we validate our findings via numerical studies on an electric power system.Comment: Submitted to IEEE Transactions on Automatic Control (TAC

Techniques for automated parameter estimation in computational models of probabilistic systems

The main contribution of this dissertation is the design of two new algorithms for automatically synthesizing values of numerical parameters of computational models of complex stochastic systems such that the resultant model meets user-specified behavioral specifications. These algorithms are designed to operate on probabilistic systems – systems that, in general, behave differently under identical conditions. The algorithms work using an approach that combines formal verification and mathematical optimization to explore a model\u27s parameter space. The problem of determining whether a model instantiated with a given set of parameter values satisfies the desired specification is first defined using formal verification terminology, and then reformulated in terms of statistical hypothesis testing. Parameter space exploration involves determining the outcome of the hypothesis testing query for each parameter point and is guided using simulated annealing. The first algorithm uses the sequential probability ratio test (SPRT) to solve the hypothesis testing problems, whereas the second algorithm uses an approach based on Bayesian statistical model checking (BSMC). The SPRT-based parameter synthesis algorithm was used to validate that a given model of glucose-insulin metabolism has the capability of representing diabetic behavior by synthesizing values of three parameters that ensure that the glucose-insulin subsystem spends at least 20 minutes in a diabetic scenario. The BSMC-based algorithm was used to discover the values of parameters in a physiological model of the acute inflammatory response that guarantee a set of desired clinical outcomes. These two applications demonstrate how our algorithms use formal verification, statistical hypothesis testing and mathematical optimization to automatically synthesize parameters of complex probabilistic models in order to meet user-specified behavioral propertie