Bridging Dolev-Yao Adversaries and Control Systems with Time-Sensitive Channels
Defining security objectives for industrial control scenarios is a challenging task due to the subtle interactions between system components and because security goals are often far from obvious. Moreover, there is a persistent gap between formal models for channels and adversaries (usually, transition systems) and models for control systems (differential or recurrent equations). To bind these two realms, we translate control systems into transition systems by means of an abstraction with variable time granularity and compose them with a channel model that is controlled by Dolev-Yao adversaries. This opens the road for automatic reasoning about the formal model of a control system using model checkers in a context where the communication channel is tampered with. We address a security objective that has so far largely eluded in models, namely freshness, which is highly relevant for control systems. Beyond the traditional resilience to replay attacks, we point out several flavours of freshness which are often overlooked, e.g., ordering and bounded lifespan. We formalize these notions and show that their absence can lead to attacks that subvert the control system. Finally, we build a proof-of-concept implementation that we use to determine attacks on a simple model which clearly shows that real-world scenarios are within reach.
Keywordscontrol system formal modelling freshness
Unable to display preview. Download preview PDF.
- 3.Cárdenas, A.A., Amin, S., Sastry, S.: Research challenges for the security of control systems. In: Proc. of the 3rd Conference on Hot Topics in Security, pp. 1–6. USENIX (2008)Google Scholar
- 9.Lowe, G.: Casper: A compiler for the analysis of security protocols. In: 10th Computer Security Foundations Workshop, pp. 18–30. IEEE (1997)Google Scholar
- 11.Roberts, M.: Fundamentals of signals and systems. McGraw-Hill (2007)Google Scholar
- 12.Syverson, P.: A taxonomy of replay attacks. In: 7th Computer Security Foundations Workshop, pp. 187–191. IEEE (1994)Google Scholar
- 13.Tazaki, Y., Imura, J.: Discrete-state abstractions of nonlinear systems using multi-resolution quantizer. Hybrid Systems: Computation and Control, 351–365 (2009)Google Scholar
- 14.Teixeira, A., Pérez, D., Sandberg, H., Johansson, K.H.: Attack models and scenarios for networked control systems. In: Proc. of the 1st Conference on High Confidence Networked Systems, HiCoNS 2012, pp. 55–64. ACM (2012)Google Scholar