Towards systematically deriving defence mechanisms from functional requirements of cyber-physical systems

Towards systematically deriving defence mechanisms from functional requirements of cyber-physical systems

The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated the development of different attack detection mechanisms, such as those that monitor for violations of invariants, i.e. properties that always hold in normal operation. Given the complexity of CPSs, several...

Full description

Saved in:
Bibliographic Details
Main Authors: YOONG, Cheah Huei, PALLETI, Venkata Reddy, SILVA, Arlindo, POSKITT, Christopher M.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2020
Subjects:
cyber-physical systems
systematic design framework
anomaly detection
axiomatic design
supervised machine learning
Information Security
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/5313
https://ink.library.smu.edu.sg/context/sis_research/article/6316/viewcontent/axiomatic_design_cpss20.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated the development of different attack detection mechanisms, such as those that monitor for violations of invariants, i.e. properties that always hold in normal operation. Given the complexity of CPSs, several existing approaches focus on deriving invariants automatically from data logs, but these can miss possible system behaviours if they are not represented in that data. Furthermore, resolving any design flaws identified in this process is costly, as the CPS is already built. In this position paper, we propose a systematic method for deriving invariants before a CPS is built by analysing its functional requirements. Our method, inspired by the axiomatic design methodology for systems, iteratively analyses dependencies in the design to construct equations and process graphs that model the invariant relationships between CPS components. As a preliminary study, we applied it to the design of a water treatment plant testbed, implementing checkers for two invariants by using decision trees, and finding that they could detect some examples of attacks on the testbed with high accuracy and without false positives. Finally, we explore how developing our method further could lead to more robust CPSs and reduced costs by identifying design weaknesses before systems are implemented.

Similar Items