Abstract
Controlling information flow in a cyber-physical system (CPS) is challenging because cyber domain decisions and actions manifest themselves as visible changes in the physical domain. This paper presents a nondeducibility-based observability analysis for CPSs. In many CPSs, the capacity of a low-level (LL) observer to deduce high-level (HL) actions ranges from limited to none. However, a collaborative set of observers strategically located in a network may be able to deduce all the HL actions. This paper models a distributed power electronics control device network using a simple DC circuit in order to understand the effect of multiple observers in a CPS. The analysis reveals that the number of observers required to deduce all the HL actions in a system increases linearly with the number of configurable units. A simple definition of nondeducibility based on the uniqueness of low-level projections is also presented. This definition is used to show that a system with two security domain levels could be considered “nondeducibility secure” if no unique LL projections exist.
Chapter PDF
Similar content being viewed by others
References
B. Alpern and F. Schneider, Defining liveness, Information Processing Letters, vol. 21(4), pp. 181–185, 1985.
A. Armbruster, M. Gosnell, B. McMillin and M. Crow, Power transmission control using distributed max-flow, Proceedings of the Twenty-Ninth International Conference on Computer Software and Applications, vol. 1, pp. 256–263, 2005.
K. Barnes and B. Johnson, Introduction to SCADA Protection and Vulnerabilities, Technical Report INEEL/EXT-04-01710, Idaho National Engineering and Environmental Laboratory, Idaho Falls, Idaho, 2004.
D. Bell and L. LaPadula, Secure Computer Systems: Mathematical Foundations, MITRE Technical Report 2547, Volume I, The MITRE Corporation, Bedford, Massachusetts, 1973.
R. Focardi and R. Gorrieri, Classification of security properties (Part I: Information flow), in Foundations of Security Analysis and Design, Tutorial Lectures, R. Focardi and R. Gorrieri (Eds.), Springer, Berlin-Heidelberg, Germany, pp. 331–396, 2001.
J. Goguen and J. Meseguer, Security policies and security models, Proceedings of the IEEE Symposium on Security and Privacy, pp. 11–22, 1982.
J. McLean, A general theory of composition for a class of “possibilistic” properties, IEEE Transactions on Software Engineering, vol. 22(1), pp. 53–67, 1996.
N. Nagatou and T. Watanabe, Run-time detection of covert channels, Proceedings of the First International Conference on Availability, Reliability and Security, pp. 577–584, 2006.
C. O’Halloran, A calculus of information flow, Proceedings of the First European Symposium on Research in Computer Security, pp. 147–159, 1990.
P. Pires and L. Oliveira, Security aspects of SCADA and corporate network interconnections: An overview, Proceedings of the International Conference on the Dependability of Computer Systems, pp. 127–134, 2006.
D. Sutherland, A model of information, Proceedings of the Ninth National Computer Security Conference, pp. 175–183, 1986.
H. Tang and B. McMillin, Security of information flow in the electric power grid, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 43–56, 2007.
H. Tang and B. McMillin, Security property violation in CPS through timing, Proceedings of the Twenty-Eighth International Conference on Distributed Computing Systems, pp. 519–524, 2008.
A. Zakinthinos and E. Lee, A general theory of security properties, Proceedings of the IEEE Symposium on Security and Privacy, pp. 94–102, 1997.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Gamage, T., McMillin, B. (2009). Nondeducibility-Based Analysis of Cyber-Physical Systems. In: Palmer, C., Shenoi, S. (eds) Critical Infrastructure Protection III. ICCIP 2009. IFIP Advances in Information and Communication Technology, vol 311. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04798-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-04798-5_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04797-8
Online ISBN: 978-3-642-04798-5
eBook Packages: Computer ScienceComputer Science (R0)