A Formal Adversary Capability Model for SCADA Environments

  • Thomas Richard McEvoy
  • Stephen D. Wolthusen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6712)


Conventional adversary models used in the analysis of cryptographic protocols such as the Dolev-Yao model and variants rely on a simple communication model in which an adversary fully participates in network communication. In the case of control (supervisory control and data acquisition, SCADA) systems, this set of assumptions can lead to undesirable results as constraints on communication affect both defender and adversary capabilities. These include a restricted topology for message passing and real-time processing constraints resulting in message prioritisation. We therefore propose an alternative adversary model explicitly capturing these constraints. We use a π-calculus variant to reason about priorities and constraints on messages (names) and explicitly model multiple adversarial agents rather than a single omnipotent adversary so as to capture synchronisation and communication effects. As an example of the model’s capabilities, we derive targets for intrusion detection based on constraints on adversary action resulting from adversary-agent communication capabilities.


Intrusion Detection Security Property Supervisory Control Covert Channel SCADA System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Mao, W.: A structured operational modelling of the dolev-yao threat model. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2002. LNCS, vol. 2845, pp. 34–46. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Basin, D., Cremers, C.: From Dolev-Yao to Strong Adaptive Corruption: Analyzing Security in the Presence of Compromising Adversaries. Cryptology ePrint Archive, Report 2009/079 (2009),
  3. 3.
    Bergstra, J.A., Middleburg, C.A.: Process Algebra for Hybrid Systems. Theor. Comput. Sci. 335(2-3), 215–280 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Cardenas, A.A., Roosta, T., Sastry, S.: Rethinking Security Properties, Threat Models, and the Design Space in Sensor Networks: A Case Study in Scada Systems. Ad Hoc Netw. 7(8), 1434–1447 (2009)CrossRefGoogle Scholar
  5. 5.
    Dawson, R., Boyd, C., Dawson, E., Nieto, J.M.G.: SKMA: A Key Management Architecture for SCADA Systems. In: ACSW Frontiers 2006: Proceedings of the 2006 Australasian Workshops on Grid Computing and e-Research, pp. 183–192. Australian Computer Society, Inc., Darlinghurst (2006)Google Scholar
  6. 6.
    Dolev, D., Yao, A.C.: On the Security of Public Key Protocols. In: SFCS 1981: Proceedings of the 22nd Annual Symposium on Foundations of Computer Science, pp. 350–357. IEEE Computer Society, Washington, DC (1981)Google Scholar
  7. 7.
    Downs, J.J., Vogel, E.F.: A Plant-Wide Industrial Process Control Problem. Computers & Chemical Engineering 17(3), 245–255 (1993)CrossRefGoogle Scholar
  8. 8.
    Gamez, D., Nadjm-tehrani, S., Bigham, J., Balducelli, C., Burbeck, K., Chyssler, T.: Safeguarding Critical Infrastructures. In: DEPENDABLE COMPUTING SYSTEMS: Paradigms, Performance Issues, and Applications, Wiley[Imprint], Inc., Chichester (2000)Google Scholar
  9. 9.
    McEvoy, T.R., Wolthusen, S.D.: Detecting SCADA Sensor Signal Manipulations in Non-linear Chemical Engineering Processes. In: Proceedings of the IFIP TC 11 25th International Informatin Security Conference, IFIP Advances in Information and Communication TechnologyGoogle Scholar
  10. 10.
    Sangiorgi, D., Walker, D.: PI-Calculus: A Theory of Mobile Processes. Cambridge University Press, New York (2001)zbMATHGoogle Scholar
  11. 11.
    Sheng, S., Chan, W.L., Li, K.K., Xianzhong, D., Xiangjun, Z.: Context Information-based Cyber Security Defense of Protection System. IEEE Transactions on Power Delivery 22(3), 1477–1481 (2007)CrossRefGoogle Scholar
  12. 12.
    Svendsen, N., Wolthusen, S.: The International Federation for Information Processing. In: Modeling And Detecting Anomalies In Scada Systems, 101 (2009)Google Scholar
  13. 13.
    Verba, M., Milvich, J.: Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS). In: IEEE Conference on Technologies for Homeland Security, pp. 469–473 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Thomas Richard McEvoy
    • 2
  • Stephen D. Wolthusen
    • 1
    • 2
  1. 1.Norwegian Information Security Laboratory, Department of Computer ScienceGjøvik University CollegeNorway
  2. 2.Information Security Group, Department of MathematicsRoyal Holloway, University of LondonUK

Personalised recommendations