A Modal Model of Stuxnet Attacks on Cyber-Physical Systems: A Matter of Trust

Abstract

Multiple Security Domains Nondeducibility, MSDND, yields results even when the attack hides important information from electronic monitors and human operators. Because MSDND is based upon modal frames, it is able to analyze the event system as it progresses rather than relying on traces of the system. Not only does it provide results as the system evolves, MSDND can point out attacks designed to be missed in other security models. This work examines information flow disruption attacks such as Stuxnet and formally explains the role that implicit trust in the cyber security of a cyber physical system (CPS) plays in the success of the attack. The fact that the attack hides behind MSDND can be used to help secure the system by modifications to break MSDND and leave the attack nowhere to hide. Modal operators are defined to allow the manipulation of belief and trust states within the model. We show how the attack hides and uses the operator's trust to remain undetected. In fact, trust in the CPS is key to the success of the attack.

Meeting Name

8th International Conference on Software Security and Reliability, SERE 2014 (2014: Jun. 30-Jul. 2, San Francisco, CA)

Department(s)

Computer Science

Keywords and Phrases

Cyber-physical systems; Doxastic logic; Information flow security; Nondeducibility; Security models; Stuxnet

International Standard Book Number (ISBN)

978-147994296-1

Document Type

Article - Conference proceedings

Document Version

Citation

File Type

text

Language(s)

English

Rights

© 2014 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.

Link to Full Text

Share

 
COinS