Skip to main content
SpringerLink
Log in

Towards a Formal Notion of Impact Metric for Cyber-Physical Attacks

  • Conference paper
  • First Online:
Book cover Integrated Formal Methods (IFM 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11023))

Included in the following conference series:

Abstract

Industrial facilities and critical infrastructures are transforming into “smart” environments that dynamically adapt to external events. The result is an ecosystem of heterogeneous physical and cyber components integrated in cyber-physical systems which are more and more exposed to cyber-physical attacks, i.e., security breaches in cyberspace that adversely affect the physical processes at the core of the systems.

We provide a formal compositional metric to estimate the impact of cyber-physical attacks targeting sensor devices of IoT systems formalised in a simple extension of Hennessy and Regan’s Timed Process Language. Our impact metric relies on a discrete-time generalisation of Desharnais et al.’s weak bisimulation metric for concurrent systems. We show the adequacy of our definition on two different attacks on a simple surveillance system.

Partially supported by the project “Dipartimenti di Eccellenza 2018–2022”, funded by the Italian Ministry of Education, Universities and Research (MIUR), and by the Joint Project 2017 “Security Static Analysis for Android Things”, jointly funded by the University of Verona and JuliaSoft Srl.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The finiteness follows from the finiteness of \(\mathcal V\), and hence of \( range (x)\), for any \(x \in \mathcal X\).

  2. 2.

    By Proposition 1, at all time instants greater than n the impact remains p.

  3. 3.

    These probabilities are usually very small; we assume them smaller than \(\frac{1}{2}\).

References

  1. Bilis, E.I., Kröger, W., Cen, N.: Performance of electric power systems under physical malicious attacks. IEEE Syst. J. 7(4), 854–865 (2013)

    Article  Google Scholar 

  2. Bodei, C., Degano, P., Ferrari, G., Galletta, L.: Tracing where IoT data are collected and aggregated. Logical Methods Comput. Sci. 13(3), 1–38 (2017). https://doi.org/10.23638/LMCS-13(3:5)2017

  3. van Breugel, F.: On behavioural pseudometrics and closure ordinals. Inf. Process. Lett. 112(19), 715–718 (2012)

    Article  MathSciNet  Google Scholar 

  4. Deng, Y., Du, W.: The Kantorovich metric in computer science: a brief survey. ENTCS 253(3), 73–82 (2009)

    Google Scholar 

  5. Desharnais, J., Jagadeesan, R., Gupta, V., Panangaden, P.: The metric analogue of weak bisimulation for probabilistic processes. In: LICS 2002, pp. 413–422. IEEE Computer Society (2002). https://doi.org/10.1109/LICS.2002.1029849

  6. Falliere, N., Murchu, L., Chien, E.: W32.STUXnet Dossier (2011)

    Google Scholar 

  7. Focardi, R., Martinelli, F.: A uniform approach for the definition of security properties. In: Wing, J.M., Woodcock, J., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 794–813. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48119-2_44

    Chapter  Google Scholar 

  8. Gebler, D., Larsen, K.G., Tini, S.: Compositional bisimulation metric reasoning with probabilistic process calculi. Logical Meth. Comput. Sci. 12(4), 1–38 (2016)

    MathSciNet  MATH  Google Scholar 

  9. Gebler, D., Tini, S.: SOS specifications for uniformly continuous operators. J. Comput. Syst. Sci. 92, 113–151 (2018)

    Article  MathSciNet  Google Scholar 

  10. Genge, B., Kiss, I., Haller, P.: A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures. IJCIP 10, 3–17 (2015)

    Google Scholar 

  11. Gollmann, D., Gurikov, P., Isakov, A., Krotofil, M., Larsen, J., Winnicki, A.: Cyber-physical systems security: experimental analysis of a vinyl acetate monomer plant. In: Zhou, J., Jones, D. (eds.) ACM CCPS 2015, pp. 1–12. ACM (2015). https://doi.org/10.1145/2732198.2732208

  12. Hennessy, M., Regan, T.: A process algebra for timed systems. Inf. Comput. 117(2), 221–239 (1995)

    Article  MathSciNet  Google Scholar 

  13. Huang, K., Zhou, C., Tian, Y., Yang, S., Qin, Y.: Assessing the physical impact of cyberattacks on industrial cyber-physical systems. IEEE Trans. Industr. Electron. 65(10), 8153–8162 (2018)

    Article  Google Scholar 

  14. Huang, Y., Cárdenas, A.A., Amin, S., Lin, Z., Tsai, H., Sastry, S.: Understanding the physical and economic consequences of attacks on control systems. IJCIP 2(3), 73–83 (2009)

    Google Scholar 

  15. ICS-CERT: Cyber-Attack Against Ukrainian Critical Infrastructure. https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01

  16. Keller, R.M.: Formal verification of parallel programs. Commun. ACM 19, 371–384 (1976)

    Article  MathSciNet  Google Scholar 

  17. Krotofil, M., Cárdenas, A.A., Larsen, J., Gollmann, D.: Vulnerabilities of cyber-physical systems to stale data - determining the optimal time to launch attacks. IJCIP 7(4), 213–232 (2014)

    Google Scholar 

  18. Lanotte, R., Merro, M.: Semantic analysis of gossip protocols for wireless sensor networks. In: Katoen, J.-P., König, B. (eds.) CONCUR 2011. LNCS, vol. 6901, pp. 156–170. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23217-6_11

    Chapter  Google Scholar 

  19. Lanotte, R., Merro, M., Munteanu, A.: A modest security analysis of cyber-physical systems: a case study. In: Baier, C., Caires, L. (eds.) FORTE 2018. LNCS, vol. 10854, pp. 58–78. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-319-92612-4

    Chapter  Google Scholar 

  20. Lanotte, R., Merro, M., Muradore, R., Viganò, L.: A formal approach to cyber-physical attacks. In: CSF 2017, pp. 436–450. IEEE Computer Society (2017). https://doi.org/10.1109/CSF.2017.12

  21. Lanotte, R., Merro, M., Tini, S.: Compositional weak metrics for group key update. In: Larsen, K.G., Bodlaender, H.L., Raskin, J.F. (eds.) MFCS 2017. LIPIcs, vol. 42, pp. 72:1–72:16. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2017). https://doi.org/10.4230/LIPIcs.MFCS.2017.72

  22. Lanotte, R., Merro, M., Tini, S.: A Probabilistic Calculus of Cyber-Physical Systems. CoRR abs/1707.02279 (2017)

    Google Scholar 

  23. Lanotte, R., Merro, M., Tini, S.: Towards a formal notion of impact metric for cyber-physical attacks (full version). CoRR abs/1806.10463 (2018)

    Google Scholar 

  24. Nigam, V., Talcott, C., Aires Urquiza, A.: Towards the automated verification of cyber-physical security protocols: bounding the number of timed intruders. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 450–470. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_23

    Chapter  Google Scholar 

  25. Orojloo, H., Azgomi, M.: A method for evaluating the consequence propagation of security attacks in cyber-physical systems. Future Gener. Comput. Syst. 67, 57–71 (2017)

    Article  Google Scholar 

  26. Panangaden, P.: Labelled Markov Processes. Imperial College Press, London (2009)

    Book  Google Scholar 

  27. Philippou, A., Lee, I., Sokolsky, O.: Weak bisimulation for probabilistic systems. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 334–349. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44618-4_25

    Chapter  Google Scholar 

  28. Rocchetto, M., Tippenhauer, N.O.: CPDY: extending the Dolev-Yao attacker with physical-layer interactions. In: Ogata, K., Lawford, M., Liu, S. (eds.) ICFEM 2016. LNCS, vol. 10009. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47846-3

    Chapter  Google Scholar 

  29. Rocchetto, M., Tippenhauer, N.O.: On attacker models and profiles for cyber-physical systems. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 427–449. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_22

    Chapter  Google Scholar 

  30. Segala, R.: Modeling and verification of randomized distributed real-time systems. Ph.D. thesis, MIT (1995)

    Google Scholar 

  31. Sgouras, K.I., Birda, A.I., Labridis, D.L.: Cyber attack impact on critical Smart Grid infrastructures. In: IEEE PES ISGT 2014, pp. 1–5. IEEE (2014). https://doi.org/10.1109/ISGT.2014.6816504

  32. Slay, J., Miller, M.: Lessons learned from the Maroochy water breach. In: Goetz, E., Shenoi, S. (eds.) ICCIP 2007. IIFIP, vol. 253, pp. 73–82. Springer, Boston (2008). https://doi.org/10.1007/978-0-387-75462-8_6

    Chapter  Google Scholar 

  33. Sridhar, S., Govindarasu, M.: Model-based attack detection and mitigation for automatic generation control. IEEE Trans. Smart Grid 5(2), 580–591 (2014)

    Article  Google Scholar 

  34. Stewart, W.J.: Introduction to the Numerical Solution of Markov Chains. Princeton University Press, Princeton (1994)

    MATH  Google Scholar 

  35. Urbina, D.I., et al.: Limiting the impact of stealthy attacks on industrial control systems. In: Weippl, E., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, pp. 1092–1105. ACM (2016) https://doi.org/10.1145/2976749.2978388

  36. Vigo, R., Nielson, F., Nielson, H.R.: Broadcast, denial-of-service, and secure communication. In: Johnsen, E.B., Petre, L. (eds.) IFM 2013. LNCS, vol. 7940, pp. 412–427. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38613-8_28

    Chapter  Google Scholar 

  37. Villani, C.: Optimal Transport, Old and New. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-71050-9

    Book  MATH  Google Scholar 

  38. Zacchia Lun, Y., D’Innocenzo, A., Malavolta, I., Di Benedetto, M.D.: Cyber-Physical Systems Security: a Systematic Mapping Study. CoRR abs/1605.09641 (2016)

    Google Scholar 

Download references

Acknowledgements

We thank the anonymous reviewers for valuable comments.

Author information

Authors and Affiliations

  1. Dipartimento di Scienza e Alta Tecnologia, Università dell’Insubria, Como, Italy

    Ruggero Lanotte & Simone Tini

  2. Dipartimento di Informatica, Università degli Studi di Verona, Verona, Italy

    Massimo Merro

Authors
  1. Ruggero Lanotte
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Massimo Merro
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Simone Tini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Massimo Merro .

Editor information

Editors and Affiliations

  1. Università della Svizzera Italiana, Lugano, Switzerland

    Carlo A. Furia

  2. University of Queensland, Brisbane, Queensland, Australia

    Kirsten Winter

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lanotte, R., Merro, M., Tini, S. (2018). Towards a Formal Notion of Impact Metric for Cyber-Physical Attacks. In: Furia, C., Winter, K. (eds) Integrated Formal Methods. IFM 2018. Lecture Notes in Computer Science(), vol 11023. Springer, Cham. https://doi.org/10.1007/978-3-319-98938-9_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-98938-9_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-98937-2

  • Online ISBN: 978-3-319-98938-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation