23 research outputs found
Generating Test Sequences and Slices for Simulink/Stateflow Models
In a typical software development project more than 50 percent of software development effort is spent in testing phase. Test case design as well as execution consumes a lot of time. So automated generation of test cases is highly required. In our thesis we generated test sequences from Simulink/Stateflow, which is used to develop Embedded control systems. Testing of these systems is very important in order to provide error free systems as well as quality assurance. For these purpose Test cases are used to test the systems. We developed the test sequences which are use to generate test cases. First, we represent the System using Simulink/Stateflow models. For this purpose normally we use Simulink tool, which is available in the MATLAB. We developed the dependency graph from the SL/SF model. For Simulink part of the model we use Out put dependency and for the Stateflow part of the model we use Control dependency graph. From those graphs we generate the test sequences. Simulink/Stateflow models often consist of more than ten thousand blocks and a large number of hierarchi-cal levels. In this, we present an approach for slicing Simulink/Stateflow models using dependence graphs from the automotive and avionics do-main. With slicing, the complexity of a model can be reduced to a given point of interest by removing unrelated model elements
Learning-guided network fuzzing for testing cyber-physical system defences
The threat of attack faced by cyber-physical systems (CPSs), especially when
they play a critical role in automating public infrastructure, has motivated
research into a wide variety of attack defence mechanisms. Assessing their
effectiveness is challenging, however, as realistic sets of attacks to test
them against are not always available. In this paper, we propose smart fuzzing,
an automated, machine learning guided technique for systematically finding
'test suites' of CPS network attacks, without requiring any knowledge of the
system's control programs or physical processes. Our approach uses predictive
machine learning models and metaheuristic search algorithms to guide the
fuzzing of actuators so as to drive the CPS into different unsafe physical
states. We demonstrate the efficacy of smart fuzzing by implementing it for two
real-world CPS testbeds---a water purification plant and a water distribution
system---finding attacks that drive them into 27 different unsafe states
involving water flow, pressure, and tank levels, including six that were not
covered by an established attack benchmark. Finally, we use our approach to
test the effectiveness of an invariant-based defence system for the water
treatment plant, finding two attacks that were not detected by its physical
invariant checks, highlighting a potential weakness that could be exploited in
certain conditions.Comment: Accepted by ASE 201
HMAKE: Legacy-Compliant Multi-factor Authenticated Key Exchange from Historical Data
In this paper, we introduce two lightweight historical data based multi-factor authenticated key exchange (HMAKE) protocols in the random oracle model. Our HMAKE protocols use a symmetric secret key, as their first authentication factor, together with their second authentication factor, historical data exchanged between the two parties in the past, and the third authentication factor, a set of secret tags associated with the historical data, to establish a secure communication channel between the client and the server.
A remarkable security feature of HMAKE is bounded historical tag leakage resilience, which means that (informally speaking) if a small portion of the secret tags is leaked to an adversary, it will not affect the security of one HMAKE protocol with an overwhelming probability. Our first HMAKE protocol can provide static bounded leakage resilience, meaning that the secret tags are leaked at the beginning of the security game. To enhance its security, our second HMAKE protocol makes use of our first protocol as a compiler to transform any passively secure two-message key exchange protocol to an actively secure HMAKE protocol with perfect forward secrecy, and therefore it can be secure even if the historical tags are compromised adaptively by an attacker.
In addition to the strong security properties we achieved, our protocols can potentially have great impacts in practice: they are efficient in computation, and they are compatible with legacy devices in cyber-physical systems
Control Behavior Integrity for Distributed Cyber-Physical Systems
Cyber-physical control systems, such as industrial control systems (ICS), are
increasingly targeted by cyberattacks. Such attacks can potentially cause
tremendous damage, affect critical infrastructure or even jeopardize human life
when the system does not behave as intended. Cyberattacks, however, are not new
and decades of security research have developed plenty of solutions to thwart
them. Unfortunately, many of these solutions cannot be easily applied to
safety-critical cyber-physical systems. Further, the attack surface of ICS is
quite different from what can be commonly assumed in classical IT systems.
We present Scadman, a system with the goal to preserve the Control Behavior
Integrity (CBI) of distributed cyber-physical systems. By observing the
system-wide behavior, the correctness of individual controllers in the system
can be verified. This allows Scadman to detect a wide range of attacks against
controllers, like programmable logic controller (PLCs), including malware
attacks, code-reuse and data-only attacks. We implemented and evaluated Scadman
based on a real-world water treatment testbed for research and training on ICS
security. Our results show that we can detect a wide range of
attacks--including attacks that have previously been undetectable by typical
state estimation techniques--while causing no false-positive warning for
nominal threshold values.Comment: 15 pages, 8 figure
A Digital Forensic Taxonomy For Programmable Logic Controller Data Artefacts
The growing complexity of industrial control systems (ICS) and increasing cyber attacks targeting critical infrastructures demand bespoke forensics techniques for Programmable Logic Controllers (PLCs). As they control their critical physical processes, PLCs form the backbone of many ICS. However, due to their unique characteristics and constraints, which include heterogeneous architectures, proprietary technologies and stringent real-time operational requirements, traditional digital forensic techniques may not be directly applicable.PLCs are intricate embedded devices with numerous distinct internal data artefacts, ranging from proprietary firmware to logic codes, safety logs, and process I/O values. Therefore, those tasked with PLC investigation must understand these intricacies and their underlying implications to effectively answer the forensic questions in the aftermath of an incident.To address this need, our paper presents the first tailored taxonomy for digital forensics on PLCs, systematically categorizing the various characteristics, forensic processes and considerations based on the stages involved in a forensic investigation. Furthermore, we employ our developed taxonomy to establish mappings between identified PLC data artefacts and their corresponding attributes, offering a contextualised interrelationships between these artefacts and the PLC forensic investigation steps