Abstract
Industry 4.0 (I4.0) refers to the trend towards automation and data exchange in manufacturing technologies and processes which include cyber-physical systems, where the internet of things connect with each other and the environment via networking. This new connectivity opens systems to attacks, by, e.g., injecting or tampering with messages. The solution supported by standards such as OPC-UA is to sign and/or encrypt messages. However, given the limited resources of devices, instead of applying crypto algorithms to all messages in the network, it is better to focus on the messages that if tampered with or injected, could lead to undesired configurations.
This paper describes a framework for developing and analyzing formal executable specifications of I4.0 applications in Maude. The framework supports the engineering design workflow using theory transformations that include algorithms to enumerate network attacks leading to undesired states, and to determine wrappers preventing these attacks. In particular, given a deployment map from application components to devices we define a theory transformation that models execution of the application on the given set of (networked) devices. Given an enumeration of attacks (message flows) we define a further theory transformation that wraps each device with policies for signing/signature checking for just those messages needed to prevent the attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
See https://www.youtube.com/watch?v=Tkcv-mbhYqk starting at time 55 s for a very small scale version of the PnP.
- 2.
Note that the attributes ssbs and oEMsgs do not affect rule application.
References
Cyberattack on a German steel-mill (2016). https://www.sentryo.net/cyberattack-on-a-german-steel-mill/
Celik, Z.B., McDaniel, P., Tan, G.: SOTERIA: automated IoT safety and security analysis (2018). https://arxiv.org/pdf/1805.08876
Chadha, R., Gunter, C.A., Meseguer, J., Shankesi, R., Viswanathan, M.: Modular preservation of safety properties by cookie-based DoS-protection wrappers. In: Barthe, G., de Boer, F.S. (eds.) FMOODS 2008. LNCS, vol. 5051, pp. 39–58. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68863-1_4
Clavel, M., et al.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71999-1
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
ENSIA: Good practices for security of internet of things in the context of smart manufacturing (2018)
Fiat, M., et al.: OPC UA security analysis (2017)
Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A.: Bounded memory Dolev-Yao adversaries in collaborative systems. Inf. Comput. 238, 233–261 (2014)
Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L.: Time, computational complexity, and probability in the analysis of distance-bounding protocols. J. Comput. Secur. 25(6), 585–630 (2017)
Lanotte, R., Merro, M., Muradore, R., Vigano, L.: Time, computational complexity, and probability in the analysis of distance-bounding protocols. J. Comput. Secur. 25(6), 585–630 (2017)
Liu, S., Sandur, A., Meseguer, J., Ölveczky, P.C., Wang, Q.: Generating correct-by-construction distributed implementations from formal Maude designs. In: NFM20 (2020)
Lun, Y.Z., D’Innocenzo, A., Malavolta, I., Di Benedetto, M.D.: Cyber-physical systems security: a systematic mapping study. CoRR, abs/1605.09641 (2016)
Meseguer, J.: Taming distributed system complexity through formal patterns. Sci. Comput. Program. 83, 3–34 (2014)
Nigam, V., Talcott, C.: Formal security verification of industry 4.0 applications. In: ETFA, Special Track on Cybersecurity in Industrial Control Systems (2019)
Nigam, V., Talcott, C., Urquiza, A.A.: Symbolic timed trace equivalence. In: Catherine Meadow’s Festschirft (2019)
Tabrizi, F.M., Pattabiraman, K.: IOT: formal security analysis of smart embedded systems. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 1–15. ACM, New York (2016)
Terzimehic, T., Voss, S., Wenger, M.: Using design space exploration to calculate deployment configurations of IEC 61499-based systems. In: 14th IEEE International Conference on Automation Science and Engineering, pp. 881–886 (2018)
Urquiza, A.A., et al.: Resource-bounded intruders in denial of service attacks. In: CSF, pp. 382–396 (2019)
Yoong, L.H., Roop, P.S., Bhatti, Z.E., Kuo, M.M.Y.: Model-Driven Design Using IEC 61499. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-10521-5
Acknowledgements
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 830892. Talcott is partly supported by ONR grant N00014-15-1-2202 and NRL grant N0017317-1-G002. Nigam is partially supported by NRL grant N0017317-1-G002, and CNPq grant 303909/2018-8.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Nigam, V., Talcott, C. (2020). Automated Construction of Security Integrity Wrappers for Industry 4.0 Applications. In: Escobar, S., Martí-Oliet, N. (eds) Rewriting Logic and Its Applications. WRLA 2020. Lecture Notes in Computer Science(), vol 12328. Springer, Cham. https://doi.org/10.1007/978-3-030-63595-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-63595-4_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63594-7
Online ISBN: 978-3-030-63595-4
eBook Packages: Computer ScienceComputer Science (R0)