Design-Time Quantification of Integrity in Cyber-Physical-Systems

In a software system it is possible to quantify the amount of information that is leaked or corrupted by analysing the flows of information present in the source code. In a cyber-physical system, information flows are not only present at the digital level, but also at a physical level, and to and fro the two levels. In this work, we provide a methodology to formally analyse a Cyber-Physical System composite model (combining physics and control) using an information flow-theoretic approach. We use this approach to quantify the level of vulnerability of a system with respect to attackers with different capabilities. We illustrate our approach by means of a water distribution case study

CEEME: compensating events based execution monitoring enforcement for Cyber-Physical Systems

Fundamentally, inherently observable events in Cyber-Physical Systems with tight coupling between cyber and physical components can result in a confidentiality violation. By observing how the physical elements react to cyber commands, adversaries can identify critical links in the system and force the cyber control algorithm to make erroneous decisions. Thus, there is a propensity for a breach in confidentiality leading to further attacks on availability or integrity. Due to the highly integrated nature of Cyber-Physical Systems, it is also extremely difficult to map the system semantics into a security framework under existing security models. The far-reaching objective of this research is to develop a science of selfobfuscating systems based on the composition of simple building blocks. A model of Nondeducibility composes the building blocks under Information Flow Security Properties. To this end, this work presents fundamental theories on external observability for basic regular networks and the novel concept of event compensation that can enforce Information Flow Security Properties at runtime --Abstract, page iii

Unified knowledge model for stability analysis in cyber physical systems

The amalgamation and coordination between computational processes and physical components represent the very basis of cyber-physical systems. A diverse range of CPS challenges had been addressed through numerous workshops and conferences over the past decade. Finding a common semantic among these diverse components which promotes system synthesis, verification and monitoring is a significant challenge in the cyber-physical research domain. Computational correctness, network timing and frequency response are system aspects that conspire to impede design, verification and monitoring. The objective of cyber-physical research is to unify these diverse aspects by developing common semantics that span each aspect of a CPS. The work of this thesis revolves around the design of a typical smart grid-type system with three PV sources built with PSCADʼ. A major amount of effort in this thesis had been focused on studying the system behavior in terms of stability when subjected to load fluctuations from the PV side. The stability had been primarily reflected in the frequency of the generator of the system. The concept of droop control had been analyzed and the parameterization of the droop constant in the shape of an invariant forms an essential part of the thesis as it predicts system behavior and also guides the system within its stable restraints. As an extension of a relationship between stability and frequency, the present study goes one step ahead in describing the sojourn of the system from stability to instability by doing an analysis with the help of tools called Lyapunov-like functions. Lyapunov-like functions are, for switched systems, a class of functions that are used to measure the stability for non linear systems. The use of Lyapunov-like functions to judge the stability of this system had been tested and discussed in detail in this thesis and simulation results provided --Abstract, page iii

Quantification of information flow in cyber physical systems

In Cyber Physical Systems (CPSs), traditional security mechanisms such as cryptography and access control are not enough to ensure the security of the system since complex interactions between the cyber portion and physical portion happen frequently. In particular, the physical infrastructure is inherently observable; aggregated physical observations can lead to unintended cyber information leakage. Information flow analysis, which aims to control the way information flows among different entities, is better suited for CPSs than the access control security mechanism. However, quantifying information leakage in CPSs can be challenging due to the flow of implicit information between the cyber portion, the physical portion, and the outside world. Within algorithmic theory, the online problem considers inputs that arrive one by one and deals with extracting the algorithmic solution through an advice tape without knowing some parts of the input. This dissertation focuses on statistical methods to quantify information leakage in CPSs due to algorithmic leakages, especially CPSs that allocate constrained resources. The proposed framework is based on the advice tape concept of algorithmically quantifying information leakage and statistical analysis. With aggregated physical observations, the amount of information leakage of the constrained resource due to the cyber algorithm can be quantified through the proposed algorithms. An electric smart grid has been used as an example to develop confidence intervals of information leakage within a real CPS. The characteristic of the physical system, which is represented as an invariant, is also considered and influences the information quantification results. The impact of this work is that it allows the user to express an observer\u27s uncertainty about a secret as a function of the revealed part. Thus, it can be used as an algorithmic design in a CPS to allocate resources while maximizing the uncertainty of the information flow to an observer --Abstract, page iii

Securing the Foundations of Practical Information Flow Control

Language-based information flow control (IFC) promises to secure computer programs against malicious or incompetent programmers by addressing key shortcomings of modern programming languages. In spite of showing great promise, the field remains under-utilised in practise. This thesis makes contributions to the theoretical foundations of IFC aimed at making the techniques practically applicable. The paper addresses two primary topics, IFC as a library and IFC without false alarms. The contributions range from foundational observations about soundness and completeness, to practical considerations of efficiency and expressiveness

Enforcing Information Flow Security Properties in Cyber-Physical Systems: A Generalized Framework Based on Compensation

This paper presents a general theory of event compensation as an information flow security enforcement mechanism for Cyber-Physical Systems (CPSs). The fundamental research problem being investigated is that externally observable events in modern CPSs have the propensity to divulge sensitive settings to adversaries, resulting in a confidentiality violation. This is a less studied yet emerging concern in modern system security. A viable method to mitigate such violations is to use information flow security based enforcement mechanisms since access control based security models cannot impose restrictions on information propagation. Further, the disjoint nature of security analysis is not appropriate for systems with highly integrated physical and cyber infrastructures. The proposed compensation based security framework is foundational work that unifies cyber and physical aspects of security through the shared semantics of information flow. A DC circuit example is presented to demonstrate this concept

Timed hyperproperties

We study the satisfiability and model-checking problems for timed hyperproperties specified with HyperMITL, a timed extension of HyperLTL. While the satisfiability problem can be solved similarly as for HyperLTL, we show that the model-checking problem for HyperMITL, unless the specification is alternation-free, is undecidable even when very restricted timing constraints are allowed. On the positive side, we show that model checking HyperMITL with quantifier alternations is possible under certain semantic restrictions. As an intermediate tool, we give an ‘asynchronous’ interpretation of Wilke's monadic logic of relative distance (L ) and show that it characterises timed languages recognised by timed automata with silent transitions. d

Identifying Implicit Component Interactions in Distributed Cyber-Physical Systems

Modern distributed systems and networks, like those found in cyber-physical system domains such as critical infrastructures, contain many complex interactions among their constituent software and/or hardware components. Despite extensive testing of individual components, security vulnerabilities resulting from unintended and unforeseen component interactions (so-called implicit interactions) often remain undetected. This paper presents a method for identifying the existence of implicit interactions in designs of distributed cyber-physical systems using the algebraic modeling framework known as Communicating Concurrent Kleene Algebra (C²KA). Experimental results verifying the applicability of C²KA for identifying dependencies in system designs that would otherwise be very hard to find are also presented. More broadly, this research aims to advance the specification, design, and implementation of distributed cyber-physical systems with improved cybersecurity assurance by providing a new way of thinking about the problem of implicit interactions through the application of formal methods