"Traditional security models partition the security universe into two distinct and completely separate worlds: high and low level. However, this partition is absolute and complete. The partition of security domains into high and low is too simplistic for more complex cyber-physical systems (CPS). Absolute divisions are conceptually clean, but they do not reflect the real world. Security partitions often overlap, frequently provide for the high level to have complete access to the low level, and are more complex than an impervious wall. The traditional models that handle situations where the security domains are complex or the threat space is ill defined are limited to mutually exclusive worlds. These models are limited to accepting commands from a single source in a system but the CPS accepts commands from multiple sources.
This paper utilizes Multiple Security Domain Nondeducibility (MSDND) as a model to determine information flow among multiple partitions, such as those that occur in a CPS. MSDND is applied to selected aspects of Traffic Collision and Avoidance System (TCAS) and Automatic Dependent Surveillance-Broadcast (ADS-B) air traffic surveillance systems under various physical and cyber security vulnerabilities to determine when the actual operational state can, and cannot be, deduced. It is also used to determine what additional information inputs and flight physics are needed to determine the actual operational state. Several failure scenarios violating the integrity of the system are considered with mitigation using invariants"--Abstract, page iii.
McMillin, Bruce M.
Tauritz, Daniel R.
M.S. in Computer Science
National Science Foundation (U.S.)
National Institute of Standards and Technology (U.S.)
Missouri University of Science and Technology
xi, 118 pages
© 2017 Anusha Thudimilla, All rights reserved.
Thesis - Open Access
Electronic OCLC #
Thudimilla, Anusha, "Multiple security domain nondeducibility air traffic surveillance systems" (2017). Masters Theses. 7725.