A Modal Model of Stuxnet Attacks on Cyber-Physical Systems: A Matter of Trust
Multiple Security Domains Nondeducibility, MSDND, yields results even when the attack hides important information from electronic monitors and human operators. Because MSDND is based upon modal frames, it is able to analyze the event system as it progresses rather than relying on traces of the system. Not only does it provide results as the system evolves, MSDND can point out attacks designed to be missed in other security models. This work examines information flow disruption attacks such as Stuxnet and formally explains the role that implicit trust in the cyber security of a cyber physical system (CPS) plays in the success of the attack. The fact that the attack hides behind MSDND can be used to help secure the system by modifications to break MSDND and leave the attack nowhere to hide. Modal operators are defined to allow the manipulation of belief and trust states within the model. We show how the attack hides and uses the operator's trust to remain undetected. In fact, trust in the CPS is key to the success of the attack.
G. W. Howser and B. M. McMillin, "A Modal Model of Stuxnet Attacks on Cyber-Physical Systems: A Matter of Trust," Proceedings of the 8th International Conference on Software Security and Reliability (2014, San Francisco, CA), pp. 225-234, Institute of Electrical and Electronics Engineers (IEEE), Jul 2014.
The definitive version is available at https://doi.org/10.1109/SERE.2014.36
8th International Conference on Software Security and Reliability, SERE 2014 (2014: Jun. 30-Jul. 2, San Francisco, CA)
Keywords and Phrases
Cyber-physical systems; Doxastic logic; Information flow security; Nondeducibility; Security models; Stuxnet
International Standard Book Number (ISBN)
Article - Conference proceedings
© 2014 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.