12 research outputs found
A Formal Approach to Cyber-Physical Attacks
We apply formal methods to lay and streamline theoretical foundations to
reason about Cyber-Physical Systems (CPSs) and cyber-physical attacks. We focus
on %a formal treatment of both integrity and DoS attacks to sensors and
actuators of CPSs, and on the timing aspects of these attacks. Our
contributions are threefold: (1) we define a hybrid process calculus to model
both CPSs and cyber-physical attacks; (2) we define a threat model of
cyber-physical attacks and provide the means to assess attack
tolerance/vulnerability with respect to a given attack; (3) we formalise how to
estimate the impact of a successful attack on a CPS and investigate possible
quantifications of the success chances of an attack. We illustrate definitions
and results by means of a non-trivial engineering application
Discovering, quantifying, and displaying attacks
In the design of software and cyber-physical systems, security is often
perceived as a qualitative need, but can only be attained quantitatively.
Especially when distributed components are involved, it is hard to predict and
confront all possible attacks. A main challenge in the development of complex
systems is therefore to discover attacks, quantify them to comprehend their
likelihood, and communicate them to non-experts for facilitating the decision
process. To address this three-sided challenge we propose a protection analysis
over the Quality Calculus that (i) computes all the sets of data required by an
attacker to reach a given location in a system, (ii) determines the cheapest
set of such attacks for a given notion of cost, and (iii) derives an attack
tree that displays the attacks graphically. The protection analysis is first
developed in a qualitative setting, and then extended to quantitative settings
following an approach applicable to a great many contexts. The quantitative
formulation is implemented as an optimisation problem encoded into
Satisfiability Modulo Theories, allowing us to deal with complex cost
structures. The usefulness of the framework is demonstrated on a national-scale
authentication system, studied through a Java implementation of the framework.Comment: LMCS SPECIAL ISSUE FORTE 201
A Behavioural Theory for Interactions in Collective-Adaptive Systems
We propose a process calculus, named AbC, to study the behavioural theory of interactions in collective-adaptive systems by relying on attribute-based communication. An AbC system consists of a set of parallel components each of which is equipped with a set of attributes. Communication takes place in an implicit multicast fashion, and interaction among components is dynamically established by taking into account "connections" as determined by predicates over their attributes. The structural operational semantics of AbC is based on Labeled Transition Systems that are also used to define bisimilarity between components. Labeled bisimilarity is in full agreement with a barbed congruence, defined by simple basic observables and context closure. The introduced equivalence is used to study the expressiveness of AbC in terms of encoding broadcast channel-based interactions and to establish formal relationships between system descriptions at different levels of abstraction
Modelling MAC-Layer Communications in Wireless Systems
We present a timed process calculus for modelling wireless networks in which
individual stations broadcast and receive messages; moreover the broadcasts are
subject to collisions. Based on a reduction semantics for the calculus we
define a contextual equivalence to compare the external behaviour of such
wireless networks. Further, we construct an extensional LTS (labelled
transition system) which models the activities of stations that can be directly
observed by the external environment. Standard bisimulations in this LTS
provide a sound proof method for proving systems contextually equivalence. We
illustrate the usefulness of the proof methodology by a series of examples.
Finally we show that this proof method is also complete, for a large class of
systems
On Expressiveness and Behavioural Theory of Attribute-based Communication
Attribute-based communication is an interesting alternative to broadcast and binary communication when providing abstract models for the so called Collective Adaptive Systems which consist of a large number of interacting components that dynamically adjust and combine their behavior to achieve specifc goals. A basic process calculus, named AbC, is introduced whose primary
primitive for interaction is attribute-based communication. An AbC system consists of a set of parallel components each of which is equipped with a set of attributes. Communication takes place in an implicit multicast fashion, and interactions among components are dynamically established by taking into account\connections" as determined by predicates over the attributes
exposed by components. First, the syntax and the semantics of AbC are presented, then expressiveness and effectiveness of the calculus are demonstrated both in terms of the ability to model scenarios featuring collaboration, reconfiguration, and adaptation
and of the possibility of encoding a process calculus for broadcasting channel-based communication and other communication
paradigms. Behavioral equivalences for AbC are introduced for establishing formal relationships between different descriptions
of the same system
Tracing where IoT data are collected and aggregated
The Internet of Things (IoT) offers the infrastructure of the information society. It hosts smart objects that automatically collect and exchange data of various kinds, directly gathered from sensors or generated by aggregations. Suitable coordination primitives and analysis mechanisms are in order to design and reason about IoT systems, and to intercept the implied technological shifts. We address these issues from a foundational point of view. To study them, we define IoT-LySa, a process calculus endowed with a static analysis that tracks the provenance and the manipulation of IoT data, and how they flow in the system. The results of the analysis can be used by a designer to check the behaviour of smart objects, in particular to verify non-functional properties, among which security
Formal analysis of a calculus for WSNs from quality perspective
In viewing the common unreliability problem in wireless communications, the CWQ calculus (a Calculus for Wireless sensor networks from Quality perspective) was recently proposed for modeling and reasoning about WSNs (Wireless Sensor Networks) and their applications from a quality perspective. The CWQ calculus ensures that sensor nodes, even though in an unreliable communication network, can still behave in a reasonable manner using default values. Nevertheless, the topological structure in CWQ calculus is considered at the network level and it is tightly coupled with the processes and other configurations; this may limit its flexibility. In this paper, we extend our previous CWQ calculus to be a parametric framework to make it more flexible to be able to model and reason about networks of different topological structures. In the parametric framework, we extract the topological structure of a network and make it to be a configuration so that all topological structure changes can be captured by this framework