Cyber-Physical Systems (CPSs) are deeply embedded infrastructures that have significant cyber and physical components that interact with each other in complex ways. These interactions can violate a system's security policy, leading to unintended information flow. The physical portion of such systems is inherently observable, and, as such, many methods of preserving confidentiality are not applicable. This fundamental property of CPSs presents new security challenges. To illustrate this, a vehicle composed of an embedded computer system, its operator, and its environment show how information is disclosed to an observer that is watching from the outside. The example is made of up a vehicle with an automated engine management system (smart cruise control) traveling across some terrain with an observer watching the vehicle. The information that is to be protected is the controller of the vehicle. This model is analyzed using formal models of information flow, namely nondeducibility and noninference. The vehicle's operation, in context with the terrain of the road, discloses information to the observer. Context is important; the same information that was disclosed with one terrain type is hidden with a different terrain. This problem, its methodology, and results uncover problems, and solutions, based on the theory of information flow, to quantify security in these new types of systems.
J. Madden et al., "Environmental Obfuscation of a Cyber Physical System - Vehicle Example," Proceedings of the 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops (COMPSACW), Institute of Electrical and Electronics Engineers (IEEE), Jul 2010.
The definitive version is available at https://doi.org/10.1109/COMPSACW.2010.39
2010 IEEE 34th Annual Computer Software and Applications Conference Workshops (COMPSACW)
Missouri University of Science and Technology. Intelligent Systems Center
National Science Foundation (U.S.)
Keywords and Phrases
Information Flow; Road Vehicles; Security
Article - Conference proceedings
© 2010 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.