Yinan Wang,Wei Li,Gangfeng Yan,Sumian Song

DOI: https://doi.org/10.1109/icit.2017.7915433

2017-01-01

Abstract:This paper proposes an unified framework for electrical cyber physical systems (ECPSs) and studies the mechanism of cyber attacks and cyber security. Communication networks are designed by characteristics of power grids. This model is universal to both transmission and distribution grids. The fragility of ECPSs under cyber attacks (DoS attacks and false data injection attacks) is analyzed in three scenarios based on different types and attackers' acknowledgments of the ECPSs. It has been proved that attacks happen at information uploading routers or control strategy downloading routers will influence the system differently. The effectiveness of relay protection policies and cyber security policies are verified by experimental results.

Ruggero Lanotte,Massimo Merro,Riccardo Muradore,Luca Viganò

DOI: https://doi.org/10.48550/arXiv.1611.01377

2017-04-22

Abstract:We apply formal methods to lay and streamline theoretical foundations to reason about Cyber-Physical Systems (CPSs) and cyber-physical attacks. We focus on %a formal treatment of both integrity and DoS attacks to sensors and actuators of CPSs, and on the timing aspects of these attacks. Our contributions are threefold: (1) we define a hybrid process calculus to model both CPSs and cyber-physical attacks; (2) we define a threat model of cyber-physical attacks and provide the means to assess attack tolerance/vulnerability with respect to a given attack; (3) we formalise how to estimate the impact of a successful attack on a CPS and investigate possible quantifications of the success chances of an attack. We illustrate definitions and results by means of a non-trivial engineering application.

Cryptography and Security

Kaixing Huang,Chunjie Zhou,Yu-Chu Tian,Shuanghua Yang,Yuanqing Qin

DOI: https://doi.org/10.1109/tie.2018.2798605

IF: 7.7

2018-10-01

IEEE Transactions on Industrial Electronics

Abstract:Industrial cyber-physical systems (ICPSs) are widely applied in critical infrastructures such as chemical plants, water distribution networks, and power grids. However, they face various cyberattacks, which may cause physical damage to these industrial facilities. Therefore, ensuring the security of ICPSs is of paramount importance. For this purpose, a new risk assessment method is presented in this paper to quantify the impact of cyberattacks on the physical system of ICPSs. This method helps carry out appropriate attack mitigation measures. The method uses a Bayesian network to model the attack propagation process and infers the probabilities of sensors and actuators to be compromised. These probabilities are fed into a stochastic hybrid system (SHS) model to predict the evolution of the physical process being controlled. Then, the security risk is quantified by evaluating the system availability with the SHS model. The effectiveness of the proposed method is demonstrated with a case study on a hardware-in-the-loop simulation test bed.

automation & control systems,engineering, electrical & electronic,instruments & instrumentation

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/tcsii.2020.2999875

2020-01-01

Abstract:In this brief, we analyze the damage caused by malware-induced cyber attacks in Cyber-Physical Power Systems (CPPSs). Incubation period and detection probability of the malware are considered in our analytical framework. From attacker's perspective, the trade-off between attack effectiveness and detection risk is studied to help choose the best attack timing and obtain the maximum payoff. Moreover, we conduct case studies in CPPSs formed by coupling IEEE 118-Bus System with scale-free communication networks. Simulation results reveal that the maximum expected payoff for the attacker is affected by the coupling pattern and the structure of communication network in CPPSs.

Jian Xiang,Ruggero Lanotte,Simone Tini,Stephen Chong,Massimo Merro

2024-03-09

Abstract:This paper contributes a formal framework for quantitative analysis of bounded sensor attacks on cyber-physical systems, using the formalism of differential dynamic logic. Given a precondition and postcondition of a system, we formalize two quantitative safety notions, quantitative forward and backward safety, which respectively express (1) how strong the strongest postcondition of the system is with respect to the specified postcondition, and (2) how strong the specified precondition is with respect to the weakest precondition of the system needed to ensure the specified postcondition holds. We introduce two notions, forward and backward robustness, to characterize the robustness of a system against sensor attacks as the loss of safety. To reason about robustness, we introduce two simulation distances, forward and backward simulation distances, which are defined based on the behavioral distances between the original system and the system with compromised sensors. Forward and backward distances, respectively, characterize upper bounds of the degree of forward and backward safety loss caused by the sensor attacks. We verify the two simulation distances by expressing them as modalities, i.e., formulas of differential dynamic logic, and develop an ad-hoc proof system to reason with such formulas. We showcase our formal notions and reasoning techniques on two non-trivial case studies: an autonomous vehicle that needs to avoid collision and a water tank system.

Systems and Control,Cryptography and Security,Emerging Technologies,Logic in Computer Science

Martín Barrère,Chris Hankin,Nicolas Nicolaou,Demetrios G. Eliades,Thomas Parisini

DOI: https://doi.org/10.1016/j.jisa.2020.102471

IF: 4.96

2020-06-01

Journal of Information Security and Applications

Abstract:<p>In recent years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical attacks, having massive destructive consequences. Security metrics are therefore essential to assess and improve their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs and hypergraphs which is able to efficiently identify the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our tool, META4ICS (pronounced as <em>metaphorics</em>), leverages state-of-the-art methods from the field of logical satisfiability optimisation and MAX-SAT techniques in order to achieve efficient computation times. In addition, we present a case study where we have used our system to analyse the security posture of a realistic Water Transport Network (WTN).</p>

computer science, information systems

Fabio Pasqualetti,Florian Dörfler,Francesco Bullo

DOI: https://doi.org/10.48550/arXiv.1103.2795

2011-03-15

Abstract:Future power networks will be characterized by safe and reliable functionality against physical malfunctions and cyber attacks. This paper proposes a unified framework and advanced monitoring procedures to detect and identify network components malfunction or measurements corruption caused by an omniscient adversary. We model a power system under cyber-physical attack as a linear time-invariant descriptor system with unknown inputs. Our attack model generalizes the prototypical stealth, (dynamic) false-data injection and replay attacks. We characterize the fundamental limitations of both static and dynamic procedures for attack detection and identification. Additionally, we design provably-correct (dynamic) detection and identification procedures based on tools from geometric control theory. Finally, we illustrate the effectiveness of our method through a comparison with existing (static) detection algorithms, and through a numerical study.

Optimization and Control,Systems and Control

Martín Barrère,Chris Hankin,Nicolas Nicolau,Demetrios G. Eliades,Thomas Parisini

DOI: https://doi.org/10.48550/arXiv.1905.04796

2019-05-12

Cryptography and Security

Abstract:In recent years, Industrial Control Systems (ICS) have become an appealing target for cyber attacks, having massive destructive consequences. Security metrics are therefore essential to assess their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs that represent cyber-physical dependencies among network components. Our metric is able to efficiently identify sets of critical cyber-physical components, with minimal cost for an attacker, such that if compromised, the system would enter into a non-operational state. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MAX-SAT problem. Our tool, META4ICS, leverages state-of-the-art techniques from the field of logical satisfiability optimisation in order to achieve efficient computation times. Our experimental results indicate that the proposed security metric can efficiently scale to networks with thousands of nodes and be computed in seconds. In addition, we present a case study where we have used our system to analyse the security posture of a realistic water transport network. We discuss our findings on the plant as well as further security applications of our metric.

Giacomo Gori,Lorenzo Rinieri,Andrea Melis,Amir Al Sadi,Franco Callegati,Marco Prandini

DOI: https://doi.org/10.3390/electronics13071208

IF: 2.9

2024-03-26

Electronics

Abstract:Nowadays, as the cyber-threat landscape is evolving and digital assets are proliferating and becoming more and more interconnected with the internet and heterogeneous devices, it is fundamental to be able to obtain a sensible measure of the security of devices, networks, and systems. Industrial cyber–physical systems (ICPSs), in particular, can be exposed to high operational risks that entail damage to revenues, assets, and even people. A way to overcome the open question of measuring security is with the use of security metrics. With metrics it is possible to rely on proven indicators that benchmark systems, identify vulnerabilities, and show practical data to assess the risk. However, security metrics are often proposed with specific contexts in mind, and a set of them specifically crafted for ICPSs is not explicitly available in the literature. For this reason, in this work, we analyze the current state of the art in the selection of security metrics and we propose a systematic methodology to gather, filter, and validate security metrics. Then, we apply the procedure to the ICPS domain, gathering almost 300 metrics from the literature, analyzing the domain to identify the properties useful to filter the metrics, and applying a validation framework to assess the validity of the filtered metrics, obtaining a final set capable of measuring the security of ICPSs from different perspectives.

engineering, electrical & electronic,computer science, information systems,physics, applied

Mariana Segovia,Jose Rubio-Hernan,Ana Rosa Cavalli,Joaquin Garcia-Alfaro

DOI: https://doi.org/10.48550/arXiv.2009.06927

2020-09-15

Abstract:Cyber-Physical Systems (CPS) use computational resources to control physical process and provide critical services. For this reason, an attack in these systems may have dangerous consequences in the physical world. Hence, resilience is a fundamental property to ensure the safety of the people, the environment and the controlled physical process. In this paper, we present metrics to quantify the resilience level based on the design, structure, stability, and performance under the attack of a given CPS. The metrics provide reference points to evaluate whether the system is better prepared or not to face the adversaries. This way, it is possible to quantify the ability to recover from an adversary using its mathematical model based on switched linear systems and actuators saturation. Finally, we validate our approach using a numeric simulation on the Tennesse Eastman control challenge problem.

Cryptography and Security

Lennart Bader,Martin Serror,Olav Lamberts,Ömer Sen,Dennis van der Velde,Immanuel Hacker,Julian Filter,Elmar Padilla,Martin Henze

DOI: https://doi.org/10.1109/EuroSP57164.2023.00066

2023-05-16

Abstract:The increasing digitalization of power grids and especially the shift towards IP-based communication drastically increase the susceptibility to cyberattacks, potentially leading to blackouts and physical damage. Understanding the involved risks, the interplay of communication and physical assets, and the effects of cyberattacks are paramount for the uninterrupted operation of this critical infrastructure. However, as the impact of cyberattacks cannot be researched in real-world power grids, current efforts tend to focus on analyzing isolated aspects at small scales, often covering only either physical or communication assets. To fill this gap, we present WATTSON, a comprehensive research environment that facilitates reproducing, implementing, and analyzing cyberattacks against power grids and, in particular, their impact on both communication and physical processes. We validate WATTSON's accuracy against a physical testbed and show its scalability to realistic power grid sizes. We then perform authentic cyberattacks, such as Industroyer, within the environment and study their impact on the power grid's energy and communication side. Besides known vulnerabilities, our results reveal the ripple effects of susceptible communication on complex cyber-physical processes and thus lay the foundation for effective countermeasures.

Cryptography and Security,Systems and Control

Zhongyuan Hau,John H. Castellanos,Jianying Zhou

DOI: https://doi.org/10.1145/3384941.3409587

2020-07-17

Abstract:A design-centric modeling approach was proposed to model the behaviour of the physical processes controlled by Industrial Control Systems (ICS) and study the cascading impact of data-oriented attacks. A threat model was used as input to guide the construction of the CPS model where control components which are within the adversary's intent and capabilities are extracted. The relevant control components are subsequently modeled together with their control dependencies and operational design specifications. The approach was demonstrated and validated on a water treatment testbed. Attacks were simulated on the testbed model where its resilience to attacks was evaluated using proposed metrics such as Impact Ratio and Time-to-Critical-State. From the analysis of the attacks, design strengths and weaknesses were identified and design improvements were recommended to increase the testbed's resilience to attacks.

Cryptography and Security,Systems and Control

Lingxuan Zhang,Linsen Li,Futai Zou,Jiachao Niu

DOI: https://doi.org/10.1145/3386263.3406945

2020-01-01

Abstract:Industrial cyber-physical systems (ICPSs) are widely used in critical infrastructures. However, they threaten by various cyberattacks which can directly damage the physical processes of ICPSs. Therefore, we proposed a method to quantitatively assess the risk of cyberattacks on the physical systems of ICPSs. This method conduces implement-appropriate security strategies to protect the security of ICPSs. We use an extended Bayesian attack graph to quantify the probabilities of cyberattacks. In addition, we model the cyberattacks as the illegal control signals injected into the physical system and the illegal actions that change the structure of the physical system. With the established model, we compute a new metric: Physical-System-Deviation-Risk (PSDR), which is used to assess the impact of cyberattacks on the physical system. The risk of the physical systems caused by cyberattacks can be quantified by the PSDR and the probabilities of cyberattacks. Moreover, we use a specific case to demonstrate the effectiveness of this assessment method.

Piotr Żebrowski,Aitor Couce-Vieira,Alessandro Mancuso

DOI: https://doi.org/10.1111/risa.13900

Abstract:Critical infrastructures are increasingly reliant on information and communications technology (ICT) for more efficient operations, which, at the same time, exposes them to cyber threats. As the frequency and severity of cyberattacks are increasing, so are the costs of critical infrastructure security. Efficient allocation of resources is thus a crucial issue for cybersecurity. A common practice in managing cyber threats is to conduct a qualitative analysis of individual attack scenarios through risk matrices, prioritizing the scenarios according to their perceived urgency and addressing them in order until all the resources available for cybersecurity are spent. Apart from methodological caveats, this approach may lead to suboptimal resource allocations, given that potential synergies between different attack scenarios and among available security measures are not taken into consideration. To overcome this shortcoming, we propose a quantitative framework that features: (1) a more holistic picture of the cybersecurity landscape, represented as a Bayesian network (BN) that encompasses multiple attack scenarios and thus allows for a better appreciation of vulnerabilities; and (2) a multiobjective optimization model built on top of the said BN that explicitly represents multiple dimensions of the potential impacts of successful cyberattacks. Our framework adopts a broader perspective than the standard cost-benefit analysis and allows the formulation of more nuanced security objectives. We also propose a computationally efficient algorithm that identifies the set of Pareto-optimal portfolios of security measures that simultaneously minimize various types of expected cyberattack impacts, while satisfying budgetary and other constraints. We illustrate our framework with a case study of electric power grids.

Martín Barrère,Chris Hankin,Demetrios G. Eliades,Nicolas Nicolau,Thomas Parisini

DOI: https://doi.org/10.48550/arXiv.1911.09404

2019-11-21

Cryptography and Security

Abstract:Over the last years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical threats. Efficient models and techniques able to capture their complex structure and identify critical cyber-physical components are therefore essential. AND/OR graphs have proven very useful in this context as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. In addition, ICS settings normally involve various cyber and physical security measures that simultaneously protect multiple ICS components in overlapping manners, which makes this problem even harder. In this paper, we present an extended security metric based on AND/OR hypergraphs which efficiently identifies the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our approach relies on MAX-SAT techniques, which we have incorporated in META4ICS, a Java-based security metric analyser for ICS. We also provide a thorough performance evaluation that shows the feasibility of our method. Finally, we illustrate our methodology through a case study in which we analyse the security posture of a realistic Water Transport Network (WTN).

hasan cam,pierre mouallem,yilin mo,bruno sinopoli,benjamin nkrumah

DOI: https://doi.org/10.1109/CogSIMA.2014.6816560

2014-01-01

Abstract:A distributed cyber control system comprises various types of assets, including sensors, intrusion detection systems, scanners, controllers, and actuators. The modeling and analysis of these components usually require multi-disciplinary approaches. This paper presents a modeling and dynamic analysis of a distributed cyber control system for situational awareness by taking advantage of control theory and time Petri net. Linear time-invariant systems are used to model the target system, attacks, assets influences, and an anomaly-based intrusion detection system. Time Petri nets are used to model the impact and timing relationships of attacks, vulnerability, and recovery at every node. To characterize those distributed control systems that are perfectly attackable, algebraic and topological attackability conditions are derived. Numerical evaluation is performed to determine the impact of attacks on distributed control system.

Giusj Digioia,Chiara Foglietta,Stefano Panzieri,Alessandro Falleni

DOI: https://doi.org/10.1109/eisic.2012.30

2012-08-01

Abstract:Recently issues about cyber-war have gained relevant attention, especially because of gravity of damages that could be caused by cyber attacks to strategic targets, mining security of citizens. Examples of targets might include national civil and military airports, command and control systems of civil and military transportation means electronic military systems for national defense, national infrastructures for water and electricity distribution, industries and also hospitals or firefighters informatics systems. The risk of cyber attacks for the mentioned systems and infrastructures has grown because of the introduction of general-purpose and open (not proprietary)communication protocols, widely interconnecting systems and services. With this regard, it is of great importance the problem of evaluating the impact that cyber attacks could generate and to select effective countermeasures to protect military and civil heterogeneous and interconnected systems. In this paper the Mixed Holistic Reductionist (MHR) model is proposed as a conceptual methodology to evaluate the impact of a set of cyber attacks to military and civil infrastructures of strategic interest. The reductionist approach allows modeling of heterogeneous systems using the simplest elements and then coming to assess the interaction of basic components. The holistic paradigm instead allows to analyze complex systems by evaluating their behavior in complex and thus as a monolithic unit. This model allows combining the holistic method with the reductionist, trying to maintain the benefits of both paradigms. The two methods are linked together through an additional layer which is an intermediate level of abstraction, usually represented by the services of any infrastructure. Services are defined as logical objects, in order to obtain useful functionality to the customer, or other infrastructure. The validity of MHR model has been already tested within the context of Critical Infrastructure protection. In particular, it has been implemented in CISIA, a system-interdependency simulator, developed by “Roma Tre”University. In this work, the effectiveness of the model is studied with regard to government infrastructure protection from cyber attacks and, with this regard, an explicative case study is presented.

Adamu Hussaini,Cheng Qian,Weixian Liao,Wei Yu

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics55523.2022.00112

2022-01-01

Abstract:The (IoT) paradigm’s fundamental goal is to massively connect the “smart things” through standardized interfaces, providing a variety of smart services. Cyber-Physical Systems (CPS) include both physical and cyber components and can apply to various application domains (smart grid, smart transportation, smart manufacturing, etc.). The Digital Twin (DT) is a cyber clone of physical objects (things), which will be an essential component in CPS. This paper designs a systematic taxonomy to explore different attacks on DT-based CPS and how they affect the system from a four-layer architecture perspective. We present an attack space for DT-based CPS on four layers (i.e., object layer, communication layer, DT layer, and application layer), three attack objects (i.e., confidentiality, integrity, and availability), and attack types combined with strength and knowledge. Furthermore, some selected case studies are conducted to examine attacks on representative DT-based CPS (smart grid, smart transportation, and smart manufacturing). Finally, we propose a defense mechanism called Secured DT Development Life Cycle (SDTDLC) and point out the importance of leveraging other enabling techniques (intrusion detection, blockchain, modeling, simulation, and emulation) to secure DT-based CPS.

Gregory Epiphaniou,Mohammad Hammoudeh,Hu Yuan,Carsten Maple,Uchenna Ani

DOI: https://doi.org/10.1016/j.simpat.2023.102744

IF: 4.199

2023-05-01

Simulation Modelling Practice and Theory

Abstract:The exponential increase of data volume and velocity have necessitated a tighter linkage of physical and cyber components in modern Cyber–physical systems (CPS) to achieve faster response times and autonomous component reconfiguration. To attain this degree of efficiency, the integration of virtual and physical components reinforced by artificial intelligence also promises to improve the resilience of these systems against organised and often skillful adversaries. The ability to visualise, validate, and illustrate the benefits of this integration, while taking into account improvements in cyber modelling and simulation tools and procedures, is critical to that adoption. Using Cyber Modelling and Simulation (M&S) this study evaluates the scale and complexity required to achieve an acceptable level of cyber resilience testing in an IoT-enabled critical national infrastructure (CNI). This research focuses on the benefits and challenges of integrating cyber modelling and simulation (M&S) with digital twins and threat source characterisation methodologies towards a cost-effective security and resilience assessment. Using our dedicated DT environment, we show how adversaries can utilise cyber–physical systems as a point of entry to a broader network in a scenario where they are trying to attack a port.

computer science, interdisciplinary applications, software engineering

Rajib Ranjan Maiti,Sridhar Adepu,Emil Lupu

2023-07-26

Abstract:We propose a new method to quantify the impact of cyber attacks in Cyber Physical Systems (CPSs). In particular, our method allows to identify the Design Parameter (DPs) affected due to a cyber attack launched on a different set of DPs in the same CPS. To achieve this, we adopt causal graphs to causally link DPs with each other and quantify the impact of one DP on another. Using SWaT, a real world testbed of a water treatment system, we demonstrate that causal graphs can be build in two ways: i) using domain knowledge of the control logic and the physical connectivity structure of the DPs, we call these causal domain graphs and ii) learning from operational data logs, we call these causal learnt graphs. We then compare these graphs when a same set of DPs is used. Our analysis shows a common set of edges between the causal domain graphs and the causal learnt graphs exists, which helps validate the causal learnt graphs. Additionally, we show that the learnt graphs can discover new causal relations, not initially considered in the domain graphs, that help significantly characterising the impact of the attack. We use causal domain graphs to estimate the parameters of the graphs, and the causal learnt graphs for causal inference. To learn the structure of the causal learnt graphs in all the six-stages of SWaT, we experiment with three learning algorithms: Peter Clarke (PC), Hill Climb (HC) search and Chow-Lie (CH). Finally, we demonstrate how causal graphs can be used to analyse the impact of cyber attacks by analysing nine well known cyber attacks on the SWaT test bed. We find that by using causal learnt graphs the DPs impacted by the attacks are correctly discovered with a probability greater than 0.9.

Cryptography and Security,Systems and Control