Skip to main content
SpringerLink
Log in

Controllability and Observability of Risk and Resilience in Cyber-Physical Cloud Systems

  • Chapter
  • First Online:
Secure Cloud Computing

Abstract

Effective management of risk and resilience in a dynamic cyber-physical system is essential for ensuring successful completion of missions by minimizing the adverse impact of attacks and physical failures. With the accurate risk assessment and efficient resilience control of security events and operations, a cyber-physical system can keep performing satisfactorily by adapting to the dynamic changes occurring due to various cybersecurity events and operations, such as exploiting vulnerabilities, detecting intrusions, and recovering compromised nodes. To the best of our knowledge, this book chapter is the first one to present a model with system state equations of linear and non-linear, based on cybersecurity parameters such as cyber assets’ vulnerabilities, criticalities, dependencies, influences, attack types, intrusions, recovery rate, patching rate, normal and compromised nodes. Using this model, this book chapter describes how to apply the controllability and observability aspects of linear/non-linear systems to manage cybersecurity risk and resilience of cyber-physical systems. The purpose of employing controllability is to steer a system from an abnormal security state to a normal security state. That is, by implementing recovery and resilience operations on compromised nodes and assets of a system, it is steered from an abnormal state with compromised nodes towards a state with a fewer or no compromised nodes. Observability is used to determine the system security state by having appropriate cyber output measurements. The challenges for implementing controllability and observability are discussed. An example is provided to illustrate how controllability could be used to achieve resilience within a network.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. D. Catteddu et al., “Security and Resilience in Government Clouds,” ENISA, http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment, Jan. 2011

  2. N. Poolsappasit, R. Dewri, and I. Ray, “Dynamic Security Risk Management Using Bayesian Attack Graphs,” IEEE Trans. on Dependable and Secure Computing, vol. 9, no. 1, Jan./Feb. 2012.

    Google Scholar 

  3. H. Cam, “PeerShield: Determining Control and Resilience Criticality of Collaborative Cyber Assets in Networks,” Cyber Sensing 2012, SPIE Defense, Security, and Sensing, 23–27 April 2012, Baltimore, MD, USA.

    Google Scholar 

  4. R.E. Kalman, “Mathematical description of linear dynamical systems,”. J. Soc. Indus. Appl. Math. Ser. A 1, 152–192 (1963).

    Google Scholar 

  5. D.G. Luenberger, Introduction to Dynamic Systems: Theory, Models, & Applications (Wiley, 1979).

    Google Scholar 

  6. J.-J. Slotine and W. Li. Applied Nonlinear Control (Prentice-Hall, 1991).

    Google Scholar 

  7. Y-Y. Liu, J-J. Slotine, A-L. Barabasi, “Controllability of Complex Systems,” Nature, vol. 473, 12 May 2011.

    Google Scholar 

  8. Y-Y. Liu, J-J. Slotine, A-L. Barabasi, “Observability of Complex Systems,” Proc. of the National Academy of Sciences of the USA, Feb 12, 2013.

    Google Scholar 

  9. L. Checiu, B. Solomon, D. Ionescu, M. Litoiu, G. Iszlai, “Observability and controllability of autonomic computing systems for composed web services,” Proc. of the 6th IEEE International Symposium on Applied Computational Intelligence and Informatics, pp. 269–274, 2011.

    Google Scholar 

  10. Y. Brun, R. Desmarais, K. Geihs, M. Litoiu, A. Lopes, M. Smit, “A design space for self-adaptive systems,” R. Lemos et al. (Eds.), Self-Adaptive Systems, Lecture notes in computer science (LNCS), Vol. 7475, Springer, Berlin Heidelberg (2013), pp. 33–50.

    Google Scholar 

  11. H. Cam, “ Risk and Resilience Controllability-Observability in Cloud Computing Security”, ARO (Army Research Office) Cloud Security Workshop, March 11–12, 2013, George Mason University.

    Google Scholar 

  12. J. Gao, L.J. Guibas, N. Milosavljevic, and D. Zhou, “Distributed Resource Management and Matching in Sensor Networks,” Proc. of the 8th International Symposium on Information Processing in Sensor Networks (IPSN’09), 97–108, April, 2009.

    Google Scholar 

  13. Subrata Chakraborty and Chung-Hsing Yeh, “A simulation based comparitive study of normalization procedures in multiattribute decision making,” in 6th WSEAS Intl. Conference on Artificial Intelligence, Knowledge Engineering and Databases, Corfu Island, Greece, 2007.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Network Science Division, U.S. Army Research Laboratory, Adelphi, MD, 20783, USA

    Hasan Cam

Authors
  1. Hasan Cam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hasan Cam .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, Fairfax, Virginia, USA

    Sushil Jajodia

  2. Center for Secure Information Systems, George Mason University, Fairfax, Virginia, USA

    Krishna Kant

  3. University of Milan, Crema, Italy

    Pierangela Samarati

  4. Computer Security Division, National Institute of Standards and Technology (NIST), Gaithersburg, Maryland, USA

    Anoop Singhal

  5. The MITRE Corporation, McLean, Virginia, USA

    Vipin Swarup

  6. Computing and Information Science Division, Information Sciences Directorate, Triangle Park, North Carolina, USA

    Cliff Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media New York

About this chapter

Cite this chapter

Cam, H. (2014). Controllability and Observability of Risk and Resilience in Cyber-Physical Cloud Systems. In: Jajodia, S., Kant, K., Samarati, P., Singhal, A., Swarup, V., Wang, C. (eds) Secure Cloud Computing. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-9278-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-9278-8_15

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-9277-1

  • Online ISBN: 978-1-4614-9278-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation