Computer Science > Cryptography and Security
[Submitted on 26 Feb 2021 (this version), latest version 13 Apr 2022 (v3)]
Title:Yoneda Hacking: The Algebra of Attacker Actions
View PDFAbstract:Our work focuses on modeling security of systems from their component-level designs. Towards this goal we develop a categorical formalism to model attacker actions. Equipping the categorical formalism with algebras produces two interesting results for security modeling. First, using the Yoneda lemma, we are able to model attacker reconnaissance missions. In this context, the Yoneda lemma formally shows us that if two system representations, one being complete and the other being the attacker's incomplete view, agree at every possible test, then they behave the same. The implication is that attackers can still successfully exploit the system even with incomplete information. Second, we model the possible changes that can occur to the system via an exploit. An exploit either manipulates the interactions between system components, for example, providing the wrong values to a sensor, or changes the components themselves, for example, manipulating the firmware of a global positioning system (GPS). One additional benefit of using category theory is that mathematical operations can be represented as formal diagrams, which is useful for applying this analysis in a model-based design setting. We illustrate this modeling framework using a cyber-physical system model of an unmanned aerial vehicle (UAV). We demonstrate and model two types of attacks (1) a rewiring attack, which violates data integrity, and (2) a rewriting attack, which violates availability.
Submission history
From: Georgios Bakirtzis [view email][v1] Fri, 26 Feb 2021 20:34:08 UTC (52 KB)
[v2] Mon, 11 Apr 2022 20:41:07 UTC (81 KB)
[v3] Wed, 13 Apr 2022 16:20:38 UTC (81 KB)
Current browse context:
cs.CR
References & Citations
Bibliographic and Citation Tools
Bibliographic Explorer (What is the Explorer?)
Litmaps (What is Litmaps?)
scite Smart Citations (What are Smart Citations?)
Code, Data and Media Associated with this Article
CatalyzeX Code Finder for Papers (What is CatalyzeX?)
DagsHub (What is DagsHub?)
Gotit.pub (What is GotitPub?)
Papers with Code (What is Papers with Code?)
ScienceCast (What is ScienceCast?)
Demos
Recommenders and Search Tools
Influence Flower (What are Influence Flowers?)
Connected Papers (What is Connected Papers?)
CORE Recommender (What is CORE?)
arXivLabs: experimental projects with community collaborators
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.
Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.