Limitations on Observability of Effects in Cyber-Physical Systems
ABSTRACT
Increased interconnectivity of Cyber-Physical Systems, by design or otherwise, increases the cyber attack surface and attack vectors. Observing the effects of these attacks is helpful in detecting them. In this paper, we show that many attacks on such systems result in a control loop effect we term Process Model Inconsistency (PMI). Our formal approach elucidates the relationships among incompleteness, incorrectness, safety, and inconsistency of process models. We show that incomplete process models lead to inconsistency. Surprisingly, inconsistency may arise even in complete and correct models. We illustrate our approach through an Automated Teller Machine (ATM) example, and describe the practical implications of the theoretical results.
Dr. Suresh K. Damodaran is Principal Cybersecurity Architect at the MITRE Corporation, Bedford, MA, USA. He has actively contributed to security applications, standards, architecture, and research for over 15 years. He authored or co-authored 9 granted patents. He is currently interested in the tools and techniques for security and resilience of IoT, medical devices, and other Cyber-Physical Systems. He is also a contributor and lead in Industrial Internet Consortium (IIC). He is a Lifetime Member of Association for Computing Machinery (ACM). He received his Ph.D. in computer science from University of Louisiana and undergraduate degree in electronics engineering from Indian Institute of Technology.
Dr. Paul D. Rowe is a Principal Cyber Resiliency Scientist at The MITRE Corporation. His research interests include cryptographic protocol analysis, Trusted Computing, cyber resiliency, and formal methods for modeling and verification. He is a key contributor to MITRE's protocol analysis tool, the Cryptographic Protocol Shapes Analyzer (CPSA), with applications ranging from key management systems for small unmanned aviation systems (SUAS) to the trust infrastructure of emerging vehicle-to-vehicle communications. He received his PhD in mathematics from the University of Pennsylvania.