Multiple Security Domain Nondeducibility Air Traffic Surveillance Systems

Abstract

Traditional security models partition the securityuniverse into two distinct and completely separate worlds: highand low level. This partition is absolute and complete. Morecomplex situations, such as those that arise in cyber-physicalsystems (CPS) are better treated as sets of increasingly moresecure domains. In a CPS, security partitions often overlap andthe high-low distinction does not hold well. This paper utilizes Multiple Security Domain Nondeducibility(MSDND) as a model to determine information flow amongmultiple partitions, such as those that occur in a CPS. MSDND isapplied to selected aspects of Automatic Dependent Surveillance-Broadcast(ADS-B) air traffic surveillance system under variousphysical and cyber security vulnerabilities to determine when theactual operational state can, and cannot be, deduced. It is alsoused to determine what additional information inputs and flightphysics are needed to determine the actual operational state. Several failure scenarios violating the integrity of the system areconsidered with mitigation using invariants.

Meeting Name

18th IEEE International Symposium on High Assurance Systems Engineering, HASE 2017 (2017: Jan. 12-14, Singapore)

Department(s)

Computer Science

Research Center/Lab(s)

Intelligent Systems Center

Keywords and Phrases

Cyber-Physical; Integrity; Monitor; Nondeducibiliy

International Standard Book Number (ISBN)

978-1-5090-4636-2

International Standard Serial Number (ISSN)

1530-2059

Document Type

Article - Conference proceedings

Document Version

Citation

File Type

text

Language(s)

English

Rights

© 2017 IEEE Computer Society, All rights reserved.

Publication Date

01 Jan 2017

Link to Full Text

Share

 
COinS