Abstract
Effective management of risk and resilience in a dynamic cyber-physical system is essential for ensuring successful completion of missions by minimizing the adverse impact of attacks and physical failures. With the accurate risk assessment and efficient resilience control of security events and operations, a cyber-physical system can keep performing satisfactorily by adapting to the dynamic changes occurring due to various cybersecurity events and operations, such as exploiting vulnerabilities, detecting intrusions, and recovering compromised nodes. To the best of our knowledge, this book chapter is the first one to present a model with system state equations of linear and non-linear, based on cybersecurity parameters such as cyber assets’ vulnerabilities, criticalities, dependencies, influences, attack types, intrusions, recovery rate, patching rate, normal and compromised nodes. Using this model, this book chapter describes how to apply the controllability and observability aspects of linear/non-linear systems to manage cybersecurity risk and resilience of cyber-physical systems. The purpose of employing controllability is to steer a system from an abnormal security state to a normal security state. That is, by implementing recovery and resilience operations on compromised nodes and assets of a system, it is steered from an abnormal state with compromised nodes towards a state with a fewer or no compromised nodes. Observability is used to determine the system security state by having appropriate cyber output measurements. The challenges for implementing controllability and observability are discussed. An example is provided to illustrate how controllability could be used to achieve resilience within a network.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
D. Catteddu et al., “Security and Resilience in Government Clouds,” ENISA, http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment, Jan. 2011
N. Poolsappasit, R. Dewri, and I. Ray, “Dynamic Security Risk Management Using Bayesian Attack Graphs,” IEEE Trans. on Dependable and Secure Computing, vol. 9, no. 1, Jan./Feb. 2012.
H. Cam, “PeerShield: Determining Control and Resilience Criticality of Collaborative Cyber Assets in Networks,” Cyber Sensing 2012, SPIE Defense, Security, and Sensing, 23–27 April 2012, Baltimore, MD, USA.
R.E. Kalman, “Mathematical description of linear dynamical systems,”. J. Soc. Indus. Appl. Math. Ser. A 1, 152–192 (1963).
D.G. Luenberger, Introduction to Dynamic Systems: Theory, Models, & Applications (Wiley, 1979).
J.-J. Slotine and W. Li. Applied Nonlinear Control (Prentice-Hall, 1991).
Y-Y. Liu, J-J. Slotine, A-L. Barabasi, “Controllability of Complex Systems,” Nature, vol. 473, 12 May 2011.
Y-Y. Liu, J-J. Slotine, A-L. Barabasi, “Observability of Complex Systems,” Proc. of the National Academy of Sciences of the USA, Feb 12, 2013.
L. Checiu, B. Solomon, D. Ionescu, M. Litoiu, G. Iszlai, “Observability and controllability of autonomic computing systems for composed web services,” Proc. of the 6th IEEE International Symposium on Applied Computational Intelligence and Informatics, pp. 269–274, 2011.
Y. Brun, R. Desmarais, K. Geihs, M. Litoiu, A. Lopes, M. Smit, “A design space for self-adaptive systems,” R. Lemos et al. (Eds.), Self-Adaptive Systems, Lecture notes in computer science (LNCS), Vol. 7475, Springer, Berlin Heidelberg (2013), pp. 33–50.
H. Cam, “ Risk and Resilience Controllability-Observability in Cloud Computing Security”, ARO (Army Research Office) Cloud Security Workshop, March 11–12, 2013, George Mason University.
J. Gao, L.J. Guibas, N. Milosavljevic, and D. Zhou, “Distributed Resource Management and Matching in Sensor Networks,” Proc. of the 8th International Symposium on Information Processing in Sensor Networks (IPSN’09), 97–108, April, 2009.
Subrata Chakraborty and Chung-Hsing Yeh, “A simulation based comparitive study of normalization procedures in multiattribute decision making,” in 6th WSEAS Intl. Conference on Artificial Intelligence, Knowledge Engineering and Databases, Corfu Island, Greece, 2007.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Cam, H. (2014). Controllability and Observability of Risk and Resilience in Cyber-Physical Cloud Systems. In: Jajodia, S., Kant, K., Samarati, P., Singhal, A., Swarup, V., Wang, C. (eds) Secure Cloud Computing. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-9278-8_15
Download citation
DOI: https://doi.org/10.1007/978-1-4614-9278-8_15
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-9277-1
Online ISBN: 978-1-4614-9278-8
eBook Packages: Computer ScienceComputer Science (R0)