Skip to main content
SpringerLink
Log in

Formal Model In-The-Loop for Secure Industrial Control Networks

  • Conference paper
  • First Online:
Formal Aspects of Component Software (FACS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13712))

Included in the following conference series:

Abstract

Current trends of digitalization are becoming significantly prevalent within the field of industrial control systems. While in recent history a typical industrial control system would have been isolated with rudimentary ways of extracting data, nowadays it is becoming expected that the control system could not only provide large amounts of data over the network but also receive firmware updates and patches. To this end it is important to secure the communication between the components of the system, as well as ensure that only approved components can communicate together. Secure communication and device authentication could be achieved by use of cryptographic keys and certificates. The system however must be able to securely manage the keys and certificates in order to ensure their authenticity and validity. In this paper we present a prototype of a pluggable key management device for industrial control systems with a key management protocol and integrated formal analysis of the running system – a model in-the-loop. This allows the system to continuously analyse the network traffic according to the protocol using VDM and hence assure compliance with several security properties. We use off-the-shelf hardware, custom key and device management protocol and VDM to ensure that the device satisfies requirements posed by our industrial partner.

This work is supported by the Manufacturing Academy of Denmark (MADE), for more information see https://www.made.dk.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Our industrial partner wishes to remain anonymous.

References

  1. Bartocci, E., Falcone, Y., Francalanza, A., Reger, G.: Introduction to runtime verification. In: Bartocci, E., Falcone, Y. (eds.) Lectures on Runtime Verification. LNCS, vol. 10457, pp. 1–33. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75632-5_1

    Chapter  Google Scholar 

  2. Dojen, R., Zhang, F., Coffey, T.: On the formal verification of a cluster based key management protocol for wireless sensor networks. In: 2008 IEEE International Performance, Computing and Communications Conference, pp. 499–506

    Google Scholar 

  3. Elrad, T., Filman, R.E., Bader, A.: Aspect-oriented programming: introduction. Commun. ACM 44(10), 29–32 (2001)

    Article  Google Scholar 

  4. Fitzgerald, J.S., Larsen, P.G., Verhoef, M.: Vienna development method. In: Wah, B. (ed.) Wiley Encyclopedia of Computer Science and Engineering. Wiley, Hoboken (2008)

    Google Scholar 

  5. Fitzgerald, J., Larsen, P.G., Mukherjee, P., Plat, N., Verhoef, M.: Validated Designs for Object-Oriented Systems. Springer, New York (2005). https://doi.org/10.1007/b138800,http://overturetool.org/publications/books/vdoos/

  6. Fitzgerald, J.S., Larsen, P.G., Verhoef, M.: Vienna Development Method, pp. 1–11. Wiley, Hoboken (2008). https://doi.org/10.1002/9780470050118.ecse447

  7. Gao, S., Deng, Y., Yu, H., He, X., Beznosov, K., Cooper, K.: Applying aspect-orientation in designing security systems: a case study, August 2004

    Google Scholar 

  8. Gargantini, A., Heitmeyer, C.: Using model checking to generate tests from requirements specifications, pp. 146–162, January 1999

    Google Scholar 

  9. Hansen, Y.: Python Scapy Dot11: Python Programming for Wi-Fi Pentesters, 2nd edn. CreateSpace Independent Publishing Platform, North Charleston, SC, USA (2018)

    Google Scholar 

  10. Hilsdale, E., Hugunin, J.: Advice weaving in AspectJ. In: Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, AOSD 2004, pp. 26–35. ACM, New York (2004). https://doi.org/10.1145/976270.976276

  11. Kahya, N., Ghoualmi, N., Lafourcade, P.: Key management protocol in WIMAX revisited. In: Wyld, D., Zizka, J., Nagamalai, D. (eds.) Advances in Computer Science, Engineering & Applications. AISC, vol. 167, pp. 853–862. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30111-7_82

  12. Kinney, S.L.: Trusted Platform Module Basics: Using TPM in Embedded Systems. Elsevier, Amsterdam (2006)

    Google Scholar 

  13. Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P., Jones, K.: A survey of cyber security management in industrial control systems. Int. J. Crit. Infrastruct. Prot. 9, 52–80 (2015). https://doi.org/10.1016/j.ijcip.2015.02.002

    Article  Google Scholar 

  14. Kulik, T., Boudjadar, J., Aranha, D.: Towards formally verified key management for industrial control systems. In: 8th International Conference on Formal Methods in Software Engineering, pp. 119–129, October 2020. https://doi.org/10.1145/3372020.3391555

  15. Kulik, T., Boudjadar, J., Tran-Jørgensen, P.W.V.: Security verification of industrial control systems using partial model checking. In: FormaliSE 2020, pp. 98–108. ACM, New York (2020). https://doi.org/10.1145/3372020.3391558

  16. Kulik, T., et al.: A survey of practical formal methods for security. Form. Asp. Comput. (2022). https://doi.org/10.1145/3522582

  17. Kulik, T., Tran-Jørgensen, P.W.V., Boudjadar, J.: Formal security analysis of cloud-connected industrial control systems. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 71–84. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12942-2_7

    Chapter  Google Scholar 

  18. Larsen, P.G., Battle, N., Ferreira, M., Fitzgerald, J., Lausdahl, K., Verhoef, M.: The overture initiative - integrating tools for VDM. SIGSOFT Softw. Eng. Notes 35(1), 1–6 (2010). https://doi.org/10.1145/1668862.1668864

    Article  Google Scholar 

  19. Leucker, M., Schallhart, C.: A brief account of runtime verification. J. Log. Algebraic Program. 78(5), 293–303 (2009). The 1st Workshop on Formal Languages and Analysis of Contract-Oriented Software (FLACOS’07)

    Google Scholar 

  20. Li, W., Li, X., Gao, J., Wang, H.: Design of secure authenticated key management protocol for cloud computing environments. IEEE Trans. Dependable Secur. Comput. 18(3), 1276–1290 (2021). https://doi.org/10.1109/TDSC.2019.2909890

    Article  Google Scholar 

  21. Lucas, P.: On the formalization of programming languages: early history and main approaches. In: Bjørner, D., Jones, C.B. (eds.) The Vienna Development Method: The Meta-Language. LNCS, vol. 61, pp. 1–23. Springer, Heidelberg (1978). https://doi.org/10.1007/3-540-08766-4_8

    Chapter  Google Scholar 

  22. Mammar, A., Nguyen, T.M., Laleau, R.: A formal approach to derive an aspect oriented programming-based implementation of a secure access control filter. Inf. Softw. Technol. 92, 158–178 (2017). https://doi.org/10.1016/j.infsof.2017.08.001

    Article  Google Scholar 

  23. Myers, M., Adams, C., Solo, D., Kemp, D.: Internet x. 509 certificate request message format. Request for Comments 2511 (1999)

    Google Scholar 

  24. Naoui, S., Elhdhili, M.E., Saidane, L.A.: Security analysis of existing IoT key management protocols. In: 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA), pp. 1–7 (2016)

    Google Scholar 

  25. Pointcheval, D.: Asymmetric cryptography and practical security. J. Telecommun. Inf. Technol., 41–56 (2002)

    Google Scholar 

  26. Rahli, V., Guaspari, D., Bickford, M., Constable, R.L.: Formal specification, verification, and implementation of fault-tolerant systems using EventML. Electron. Commun. Eur. Assoc. Softw. Sci. Technol. 72 (2015)

    Google Scholar 

  27. Rocchetto, M., Tippenhauer, N.O.: Towards formal security analysis of industrial control systems. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2017, pp. 114–126. ACM, New York (2017)

    Google Scholar 

  28. Tahir, H.M., Shouket, A., Hussain, S., Nadeem, M., Raza, Z., Zafar, N.A.: Formalization of security properties using VDM-SL. In: 2015 International Conference on Information and Communication Technologies (ICICT), pp. 1–6 (2015)

    Google Scholar 

  29. Tomas Kulik, Hugo Daniel Macedo, P.T., Larsen, P.G.: Modelling the HUBCAP sandbox architecture in VDM: a study in security. In: The 18th OVERTURE Workshop, pp. 1–15 (2020)

    Google Scholar 

  30. Vancea, V., Ubys, L.: Java implementation (2021). https://github.com/valeriuvancea/Key-Managemnt-Protocol-Java-VDM

  31. Vancea, V., Ubys, L.: VDM Trace translator (2021). https://github.com/valeriuvancea/Network-Trace-to-VDM-Trace-Translator

  32. Weyns, D., Iftikhar, M.U., de la Iglesia, D.G., Ahmad, T.: A survey of formal methods in self-adaptive systems. In: Proceedings of the Fifth International C* Conference on Computer Science and Software Engineering, C3S2E 2012, pp. 67–79. ACM, New York (2012). https://doi.org/10.1145/2347583.2347592

  33. Wing, J.M.: A specifier’s introduction to formal methods. Computer 23(9), 8–22 (1990)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DIGIT, Aarhus University, Nordre Ringgade 1, 8000, Aarhus, Denmark

    Laurynas Ubys, Valeriu Nicolas Vancea, Tomas Kulik, Peter Gorm Larsen, Jalil Boudjadar & Diego F. Aranha

  2. Sweet Geeks, Innovations Alle 3, 7100, Vejle, Denmark

    Tomas Kulik

Authors
  1. Laurynas Ubys
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Valeriu Nicolas Vancea
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tomas Kulik
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Peter Gorm Larsen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jalil Boudjadar
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Diego F. Aranha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tomas Kulik .

Editor information

Editors and Affiliations

  1. University of Oslo, Oslo, Norway

    Silvia Lizeth Tapia Tarifa

  2. CISTER Research Centre, ISEP, Porto, Portugal

    José Proença

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ubys, L., Nicolas Vancea, V., Kulik, T., Gorm Larsen, P., Boudjadar, J., Aranha, D.F. (2022). Formal Model In-The-Loop for Secure Industrial Control Networks. In: Tapia Tarifa, S.L., Proença, J. (eds) Formal Aspects of Component Software. FACS 2022. Lecture Notes in Computer Science, vol 13712. Springer, Cham. https://doi.org/10.1007/978-3-031-20872-0_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-20872-0_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-20871-3

  • Online ISBN: 978-3-031-20872-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation