Nondeducibility-Based Analysis of Cyber-Physical Systems

  • Thoshitha Gamage
  • Bruce McMillin
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 311)


Controlling information flow in a cyber-physical system (CPS) is challenging because cyber domain decisions and actions manifest themselves as visible changes in the physical domain. This paper presents a nondeducibility-based observability analysis for CPSs. In many CPSs, the capacity of a low-level (LL) observer to deduce high-level (HL) actions ranges from limited to none. However, a collaborative set of observers strategically located in a network may be able to deduce all the HL actions. This paper models a distributed power electronics control device network using a simple DC circuit in order to understand the effect of multiple observers in a CPS. The analysis reveals that the number of observers required to deduce all the HL actions in a system increases linearly with the number of configurable units. A simple definition of nondeducibility based on the uniqueness of low-level projections is also presented. This definition is used to show that a system with two security domain levels could be considered “nondeducibility secure” if no unique LL projections exist.


Cyber-physical systems information flow security nondeducibility 


  1. 1.
    B. Alpern and F. Schneider, Defining liveness, Information Processing Letters, vol. 21(4), pp. 181–185, 1985.MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    A. Armbruster, M. Gosnell, B. McMillin and M. Crow, Power transmission control using distributed max-flow, Proceedings of the Twenty-Ninth International Conference on Computer Software and Applications, vol. 1, pp. 256–263, 2005.Google Scholar
  3. 3.
    K. Barnes and B. Johnson, Introduction to SCADA Protection and Vulnerabilities, Technical Report INEEL/EXT-04-01710, Idaho National Engineering and Environmental Laboratory, Idaho Falls, Idaho, 2004.Google Scholar
  4. 4.
    D. Bell and L. LaPadula, Secure Computer Systems: Mathematical Foundations, MITRE Technical Report 2547, Volume I, The MITRE Corporation, Bedford, Massachusetts, 1973.Google Scholar
  5. 5.
    R. Focardi and R. Gorrieri, Classification of security properties (Part I: Information flow), in Foundations of Security Analysis and Design, Tutorial Lectures, R. Focardi and R. Gorrieri (Eds.), Springer, Berlin-Heidelberg, Germany, pp. 331–396, 2001.CrossRefGoogle Scholar
  6. 6.
    J. Goguen and J. Meseguer, Security policies and security models, Proceedings of the IEEE Symposium on Security and Privacy, pp. 11–22, 1982.Google Scholar
  7. 7.
    J. McLean, A general theory of composition for a class of “possibilistic” properties, IEEE Transactions on Software Engineering, vol. 22(1), pp. 53–67, 1996.CrossRefGoogle Scholar
  8. 8.
    N. Nagatou and T. Watanabe, Run-time detection of covert channels, Proceedings of the First International Conference on Availability, Reliability and Security, pp. 577–584, 2006.Google Scholar
  9. 9.
    C. O’Halloran, A calculus of information flow, Proceedings of the First European Symposium on Research in Computer Security, pp. 147–159, 1990.Google Scholar
  10. 10.
    P. Pires and L. Oliveira, Security aspects of SCADA and corporate network interconnections: An overview, Proceedings of the International Conference on the Dependability of Computer Systems, pp. 127–134, 2006.Google Scholar
  11. 11.
    D. Sutherland, A model of information, Proceedings of the Ninth National Computer Security Conference, pp. 175–183, 1986.Google Scholar
  12. 12.
    H. Tang and B. McMillin, Security of information flow in the electric power grid, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 43–56, 2007.CrossRefGoogle Scholar
  13. 13.
    H. Tang and B. McMillin, Security property violation in CPS through timing, Proceedings of the Twenty-Eighth International Conference on Distributed Computing Systems, pp. 519–524, 2008.Google Scholar
  14. 14.
    A. Zakinthinos and E. Lee, A general theory of security properties, Proceedings of the IEEE Symposium on Security and Privacy, pp. 94–102, 1997.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Thoshitha Gamage
  • Bruce McMillin

There are no affiliations available

Personalised recommendations