Article

An Actor-Based Approach for Security Analysis of Cyber-Physical Systems

Authors:

Fereidoun Moradi,

Sara Abbaspour Asadollah,

Ali Sedaghatbaf,

Aida Čaušević,

Marjan Sirjani,

Carolyn TalcottAuthors Info & Claims

Formal Methods for Industrial Critical Systems: 25th International Conference, FMICS 2020, Vienna, Austria, September 2–3, 2020, Proceedings

Pages 130 - 147

https://doi.org/10.1007/978-3-030-58298-2_5

Published: 02 September 2020 Publication History

Abstract

In this work, we present an actor-based approach for security analysis of Cyber-Physical Systems at the design phase. We use Timed Rebeca, an actor-based modeling language, to model the behavior of components and potential attacks, and verify the security properties using Rebeca model checking tool. We employ STRIDE model as a reference for classifying the attacks. To demonstrate the applicability of our approach, we use a Secure Water Treatment (SWaT) system as a case study. We analyze the architecture of the SWaT system using three different attack schemes in which various parts of the system network and physical devices are compromised. In the end, we identify single and combined attack scenarios that violate security properties.

References

[1]

Lanotte, R., Merro, M., Muradore, R., Viganò, L.: A formal approach to cyber-physical attacks. In: IEEE 30th Computer Security Foundations Symposium (CSF), pp. 436–450. IEEE (2017)

[2]

Adepu S, Mathur A, Gunda J, and Djokic S Wang G, Zomaya A, Perez GM, and Li K An agent-based framework for simulating and analysing attacks on cyber physical systems Algorithms and Architectures for Parallel Processing 2015 Cham Springer 785-798

[3]

The industrial control systems cyber emergency response team. https://www.us-cert.gov/ics. Accessed 23 Apr 2020

[4]

Stallings W, Brown L, Bauer MD, and Bhattacharjee AK Computer Security: Principles and Practice 2012 London Pearson Education

[5]

Gollmann, D., Gurikov, P., Isakov, A., Krotofil, M., Larsen, J., Winnicki, A.: Cyber-physical systems security: experimental analysis of a vinyl acetate monomer plant. In: Proceedings of Cyber-Physical System Security, pp. 1–12. ACM (2015)

[6]

Kang, E., Adepu, S., Jackson, D., Mathur, A.P.: Model-based security analysis of a water treatment system. In: Proceedings of Software Engineering for Smart Cyber-Physical Systems, pp. 22–28. ACM (2016)

[7]

Taormina R, Galelli S, Tippenhauer NO, Salomons E, and Ostfeld A Characterizing cyber-physical attacks on water distribution systems J. Water Resour. Plann. Manage. 2017 143 5 04017009

[8]

Lanotte R, Merro M, Munteanu A, and Viganò L A formal approach to physics-based attacks in cyber-physical systems ACM Trans. Priv. Secur. (TOPS) 2020 23 1 1-41

Digital Library

[9]

Reynisson AH et al. Modelling and simulation of asynchronous real-time systems using timed Rebeca Sci. Comput. Program. 2014 89 41-68

[10]

Sirjani M and Khamespanah E Ábrahám E, Bonsangue M, and Johnsen EB On time actors Theory and Practice of Formal Methods 2016 Cham Springer 373-392

Digital Library

[11]

Khamespanah E, Sirjani M, Sabahi-Kaviani Z, Khosravi R, and Izadi M Timed Rebeca schedulability and deadlock freedom analysis using bounded floating time transition system Sci. Comput. Program. 2015 98 184-204

Digital Library

[12]

Shostack A Threat Modeling: Designing for Security 2014 Hoboken Wiley

Digital Library

[13]

Sirjani M, Movaghar A, Shali A, and De Boer FS Modeling and verification of reactive systems using Rebeca Fundamenta Informaticae 2004 63 4 385-410

Digital Library

[14]

Sirjani M de Boer FS, Bonsangue MM, Graf S, and de Roever W-P Rebeca: theory, applications, and tools Formal Methods for Components and Objects 2007 Heidelberg Springer 102-126

[15]

Sirjani, M., Jaghoori, M.M.: Ten years of analyzing actors: Rebeca experience. In: Formal Modeling: Actors, Open Systems, Biological Systems - Essays, pp. 20–56 (2011)

[16]

Afra: an integrated environment for modeling and verifying Rebeca family designs (2019). https://rebeca-lang.org/alltools/Afra. Accessed 09 Nov 2019

[17]

Sirjani, M., Khamespanah, E., Lee, E.: Model checking software in cyberphysical systems. In: COMPSAC 2020 (2020)

[18]

Giraldo J et al. A survey of physics-based attack detection in cyber-physical systems ACM Comput. Surv. (CSUR) 2018 51 4 1-36

Digital Library

[19]

Choi, S., Yun, J.-H., Kim, S.-K.: A comparison of ICS datasets for security research based on attack paths. In: Luiijf, E., Žutautaitė, I., Hämmerli, B.M. (eds.) CRITIS 2018. LNCS, vol. 11260, pp. 154–166. Springer, Cham (2019).

[20]

Flaus J-M Cybersecurity of Industrial Systems 2019 Hoboken Wiley

[21]

Mathur, A.P., Tippenhauer, N.O.: SWaT: a water treatment testbed for research and training on ICS security. In: Cyber-physical Systems for Smart Water Networks (CySWater), pp. 31–36. IEEE (2016)

[22]

Sirjani, M.: Power is overrated, go for friendliness! Expressiveness, faithfulness, and usability in modeling: the actor experience. In: Principles of Modeling - Essays Dedicated to Edward A. Lee, pp. 423–448 (2018)

[23]

Rebeca (2019). http://rebeca-lang.org/Rebeca. Accessed 03 June 2019

[24]

Khamespanah E, Sirjani M, Mechitov K, and Agha G Modeling and analyzing real-time wireless sensor and actuator networks using actors and model checking Int. J. Softw. Tools Technol. Transfer. 2017 20 5 547-561

Digital Library

[25]

Sharifi, M., Mosaffa, Z., Mohammadi, S., Sirjani, M.: Functional and performance analysis of network-on-chips using actor-based modeling and formal verification. In: ECEASST, vol. 66 (2013)

[26]

Yousefi B, Ghassemi F, and Khosravi R Modeling and efficient verification of wireless ad hoc networks Formal Aspects Comput. 2017 29 6 1051-1086

Digital Library

[27]

Sirjani M, Lee E, and Khamespanah E Model checking cyberphysical systems Mathematics 2020 8 7 1067

[28]

Sirjani, M., Provenzano, L., Asadollah, S.A., Moghadam, M.H.: From requirements to verifiable executable models using Rebeca. In: International Workshop on Automated and verifiable Software sYstem DEvelopment, November 2019

[29]

Henzinger, T.A.: The theory of hybrid automata. In: Proceedings, 11th Annual IEEE Symposium on Logic in Computer Science, New Brunswick, New Jersey, USA, 27–30 July 1996, pp. 278–292. IEEE Computer Society (1996)

[30]

Samonas S and Coss D The CIA strikes back: redefining confidentiality, integrity and availability in security J. Inf. Syst. Secur. 2014 10 3 21-45

[31]

iTrust: Secure water treatment (SWaT) dataset (2019). https://itrust.sutd.edu.sg/itrust-labs_datasets/dataset_info/. Accessed 17 Sept 2019

[32]

Rebeca (2020). http://rebeca-lang.org/allprojects/CRYSTAL

[33]

Burch JR, Clarke EM, Long DE, McMillan KL, and Dill DL Symbolic model checking for sequential circuit verification IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 1994 13 4 401-424

Digital Library

[34]

Wasicek, A., Derler, P., Lee, E.A.: Aspect-oriented modeling of attacks in automotive cyber-physical systems. In: ACM/EDAC/IEEE Design Automation Conference (DAC) (2014)

[35]

Buck, J., Ha, S., Lee, E.A., Messerschmitt, D.G.: Ptolemy: a framework for simulating and prototyping heterogeneous systems. In: Readings in Hardware/software Co-Design, pp. 527–543 (2001)

[36]

Rocchetto, M., Tippenhauer, N.O.: Towards formal security analysis of industrial control systems. In: ACM Asia Conference on Computer and Communications Security, pp. 114–126. ACM (2017)

[37]

Fritz R and Zhang P Modeling and detection of cyber attacks on discrete event systems IFAC-PapersOnLine 2018 51 7 285-290

[38]

Jahandideh I, Ghassemi F, and Sirjani M Chamberlain R, Taha W, and Törngren M Hybrid Rebeca: modeling and analyzing of cyber-physical systems Cyber Physical Systems. Model-Based Design 2019 Cham Springer 3-27

Cited By

Sun HPoskitt CSun YSun JChen YRoychoudhury APaiva AAbreu RStorey M(2024)ACAV: A Framework for Automatic Causality Analysis in Autonomous Vehicle Accident RecordingsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639175(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639175
Moradi FBagheri MRahmati HYazdi HAsadollah SSirjani M(2022)Monitoring Cyber-Physical Systems Using a Tiny Twin to Prevent Cyber-AttacksModel Checking Software10.1007/978-3-031-15077-7_2(24-43)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1007/978-3-031-15077-7_2
Nigam VTalcott C(2022)Automating Safety Proofs About Cyber-Physical Systems Using Rewriting Modulo SMTRewriting Logic and Its Applications10.1007/978-3-031-12441-9_11(212-229)Online publication date: 2-Apr-2022
https://dl.acm.org/doi/10.1007/978-3-031-12441-9_11

Index Terms

An Actor-Based Approach for Security Analysis of Cyber-Physical Systems

Index terms have been assigned to the content through auto-classification.

Recommendations

Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights
- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
Abstract
Cyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...
Defending Cyber-Physical Attacks on Oil Pipeline Systems: A Game-Theoretic Approach
PrAISe '16: Proceedings of the 1st International Workshop on AI for Privacy and Security

The security of critical infrastructures such as oil and gas cyber-physical systems is a significant concern in today's world where malicious activities are frequent like never before. On one side we have cyber criminals who compromise cyber ...
Observer Design Based Cyber Security for Cyber Physical Systems
CISR '15: Proceedings of the 10th Annual Cyber and Information Security Research Conference

In this paper, an observer based cyber-attack detection and estimation methodology for cyber physical systems is presented. The cyber-attack is considered to influence the physical part of the cyber physical system that compromises human safety. The ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Formal Methods for Industrial Critical Systems: 25th International Conference, FMICS 2020, Vienna, Austria, September 2–3, 2020, Proceedings

Sep 2020

302 pages

ISBN:978-3-030-58297-5

DOI:10.1007/978-3-030-58298-2

Editors:
Maurice H. ter Beek
https://ror.org/04zaypm56ISTI, Consiglio Nazionale delle Ricerche, Pisa, Italy
,
Dejan Ničković
AIT Austrian Institute of Technology GmbH, Vienna, Austria

© Springer Nature Switzerland AG 2020.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 02 September 2020

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sun HPoskitt CSun YSun JChen YRoychoudhury APaiva AAbreu RStorey M(2024)ACAV: A Framework for Automatic Causality Analysis in Autonomous Vehicle Accident RecordingsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639175(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639175
Moradi FBagheri MRahmati HYazdi HAsadollah SSirjani M(2022)Monitoring Cyber-Physical Systems Using a Tiny Twin to Prevent Cyber-AttacksModel Checking Software10.1007/978-3-031-15077-7_2(24-43)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1007/978-3-031-15077-7_2
Nigam VTalcott C(2022)Automating Safety Proofs About Cyber-Physical Systems Using Rewriting Modulo SMTRewriting Logic and Its Applications10.1007/978-3-031-12441-9_11(212-229)Online publication date: 2-Apr-2022
https://dl.acm.org/doi/10.1007/978-3-031-12441-9_11

View Options

View options

Figures

Tables

Media

View Table of Conten