Run-Time Security Assurance of Cyber Physical System Applications

Khan, Muhammad Taimoor; Serpanos, Dimitrios; Shrobe, Howard

doi:10.1007/978-3-030-16949-7_4

Muhammad Taimoor Khan⁵,
Dimitrios Serpanos⁶ &
Howard Shrobe⁷

999 Accesses

Abstract

We introduce a design methodology to assure run-time security of cyber physical system (CPS) applications. The methodology has two independent, but complementary, components that employ novel approaches to design run-time monitors that detect both computational and false data cyber-attacks to assure security of CPS at run-time. Based on the executable specification of a CPS application, the first component protects CPS computations through comparison of the application execution and the application-specification execution in real-time. The second component assures safety and integrity of CPS data through vulnerability analysis of the application specification for false data injection attacks based on non-linear verification techniques. We demonstrate our approach through its application to a typical CPS example application; we demonstrate that run-time monitors employing verification techniques are effective, efficient, and readily applicable to demanding real-time critical systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

eBook: USD 16.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Hardcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

“Nsf industry 4.0,” https://www.nsf.gov/pubs/2014/nsf14542/nsf14542.htm.
“Nist cps,” https://www.nist.gov/el/cyber-physical-systems.
M. Zeller, “Myth or reality – does the aurora vulnerability pose a risk to my generator?” in 2011 64th Annual Conference for Protective Relay Engineers, April 2011, pp. 130–136.
Google Scholar
R. Langner, “Stuxnet: Dissecting a cyberwarfare weapon,” IEEE Security and Privacy, vol. 9, no. 3, pp. 49–51, May 2011.
Article Google Scholar
B. Kang, K. McLaughlin, and S. Sezer, “Towards a stateful analysis framework for smart grid network intrusion detection,” in Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016, ser. ICS-CSR ’16, 2016, pp. 1–8.
Google Scholar
U. Lindqvist and P. G. Neumann, “The future of the internet of things,” Communications of the ACM, vol. 60, no. 2, pp. 26–30, January 2017.
Article Google Scholar
V. Hodge and J. Austin, “A survey of outlier detection methodologies,” Artif. Intell. Rev., vol. 22, no. 2, pp. 85–126, 2004.
Article Google Scholar
A. Lakhina, M. Crovella, and C. Diot, “Mining anomalies using traffic feature distributions,” SIGCOMM Comput. Commun. Rev., vol. 35, no. 4, pp. 217–228, Aug. 2005.
Article Google Scholar
V. Paxson, “Bro: A system for detecting network intruders in real-time,” in Proceedings of the 7th Conference on USENIX Security Symposium - Volume 7, ser. SSYM’98, Berkeley, CA, USA, 1998, pp. 2435–2463.
Google Scholar
C. Watterson and D. Heffernan, “Runtime verification and monitoring of embedded systems,” Software, IET, vol. 1, no. 5, pp. 172–179, 2007.
Article Google Scholar
S. Adepu and A. Mathur, Using Process Invariants to Detect Cyber Attacks on a Water Treatment System. Springer, 2016, pp. 91–104.
Google Scholar
M. Khan, D. Serpanos, and H. Shrobe, “A rigorous and efficient run-time security monitor for real-time critical embedded system applications,” in IEEE 3rd WF-IoT, December 2016, pp. 100–105.
Google Scholar
M. T. Khan, D. Serpanos, and H. Shrobe, “Armet: Behavior-based secure and resilient industrial control systems,” Proceedings of the IEEE, vol. 106, no. 1, pp. 129–143, Jan 2018.
Article Google Scholar
B. Courcelle and J. Engelfriet, Graph Structure and Monadic Second-Order Logic: A Language-Theoretic Approach. Cambridge University Press, 2012.
Book Google Scholar
G. Hug and J. A. Giampapa, “Vulnerability assessment of ac state estimation with respect to false data injection cyber-attacks,” IEEE Transactions on Smart Grid, vol. 3, no. 3, pp. 1362–1370, 2012.
Article Google Scholar
S. Gao, S. Kong, and E. M. Clarke, “dReal: An SMT Solver for Nonlinear Theories over the Reals,” in Proceedings of the CADE’13. Springer, 2013, pp. 208–214.
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computing and Information Systems, University of Greenwich, London, UK
Muhammad Taimoor Khan
ISI/ATHENA RC and ECE, University of Patras, Patras, Greece
Dimitrios Serpanos
MIT CSAIL, Cambridge, MA, USA
Howard Shrobe

Authors

Muhammad Taimoor Khan
View author publications
You can also search for this author in PubMed Google Scholar
Dimitrios Serpanos
View author publications
You can also search for this author in PubMed Google Scholar
Howard Shrobe
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dimitrios Serpanos .

Editor information

Editors and Affiliations

Dept. of ECE and UMIACS, University of Maryland, College Park, MD, USA
Shuvra S. Bhattacharyya
Dept. of Computer Science, University of California, Los Angeles, CA, USA
Miodrag Potkonjak
Dept. of EECS, Syracuse University, Syracuse, NY, USA
Senem Velipasalar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Khan, M.T., Serpanos, D., Shrobe, H. (2020). Run-Time Security Assurance of Cyber Physical System Applications. In: Bhattacharyya, S., Potkonjak, M., Velipasalar, S. (eds) Embedded, Cyber-Physical, and IoT Systems. Springer, Cham. https://doi.org/10.1007/978-3-030-16949-7_4

Download citation

DOI: https://doi.org/10.1007/978-3-030-16949-7_4
Published: 29 June 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16948-0
Online ISBN: 978-3-030-16949-7
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics