Formal Approaches to Control System Security From Static Analysis to Runtime Enforcement

With the advent of Industry 4.0, industrial facilities and critical infrastructures are transforming into an ecosystem of heterogeneous physical and cyber components, such as programmable logic controllers, increasingly interconnected and therefore exposed to cyber-physical attacks, i.e., security breaches in cyberspace that may adversely affect the physical processes underlying industrial control systems. The main contributions of this thesis follow two research strands that address the security concerns of industrial control systems via formal methodologies. As our first contribution, we propose a formal approach based on model checking and statistical model checking, within the MODEST TOOLSET, to analyse the impact of attacks targeting nontrivial control systems equipped with an intrusion detection system (IDS) capable of detecting and mitigating attacks. Our goal is to evaluate the impact of cyber-physical attacks, i.e., attacks targeting sensors and/or actuators of the system with potential consequences on the safety of the inner physical process. Our security analysis estimates both the physical impact of the attacks and the performance of the IDS. As our second contribution, we propose a formal approach based on runtime enforcement to ensure specification compliance in networks of controllers, possibly compromised by colluding malware that may tamper with actuator commands, sensor readings, and inter-controller communications. Our approach relies on an ad-hoc sub-class of Ligatti et al.’s edit automata to enforce controllers represented in Hennessy and Regan’s Timed Process Language. We define a synthesis algorithm that, given an alphabet P of observable actions and a timed correctness property e, returns a monitor that enforces the property e during the execution of any (potentially corrupted) controller with alphabet P, and complying with the property e. Our monitors correct and suppress incorrect actions coming from corrupted controllers and emit actions in full autonomy when the controller under scrutiny is not able to do so in a correct manner. Besides classical requirements, such as transparency and soundness, the proposed enforcement enjoys deadlock- and diverge-freedom of monitored controllers, together with compositionality when dealing with networks of controllers. Finally, we test the proposed enforcement mechanism on a non-trivial case study, taken from the context of industrial water treatment systems, in which the controllers are injected with different malware with different malicious goals

Simulation and Formal Verification for Improving Safety of PLC Programs

The use of analysis techniques for improving quality of software for industrial controllers is widely used. Mainly Simulation and Formal Verification can be used as complementary techniques improving dependability of mechatronic systems behavior. In this paper there are used Simulation and Formal Verification for guaranteeing safe software for Programmable Logic Controllers, mainly related with using Function blocks of IEC 61131-3 standard. For studying, simulating and verifying behavior of those blocks are used timed automata, as modeling formalism, and UPPAAL, as tool for simulation and Formal Verification purposes

Model-Based Verification for SIMULINK Design

Testing a Model-Based design is the only way to determine the correctness of the designed model but not enough to conclude that the design is error free. Verification exposes all the design errors and describes the functionality of the system. Assertion based verification helps to determine whether the model obey the actual design requirements. This thesis work is mainly based on verification of a Water Tank control system modeling using SIMULINK model

Formalization and Verification of PLC Timers in Coq

International audienceProgrammable logic controllers (PLCs) are widely used in embedded systems. A timer plays a pivotal role in PLC real-time applications. The paper presents a formalization of TON-timers of PLC programs in the theorem proving system Coq. The behavior of a timer is characterized by a set of axioms at an abstract level. PLC programs with timers are modeled in Coq. As a case study, the quiz machine problem with timer is investigated. Relevant timing properties of practical interests are proposed and proven in Coq. This work unveils the hardness of timer modeling in embedded systems. It is an attempt of formally proving the correctness of PLC programs with timer control