Towards systematically deriving defence mechanisms from functional requirements of cyber-physical systems
The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated the development of different attack detection mechanisms, such as those that monitor for violations of invariants, i.e. properties that always hold in normal operation. Given the complexity of CPSs, several...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2020
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/5313 https://ink.library.smu.edu.sg/context/sis_research/article/6316/viewcontent/axiomatic_design_cpss20.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-6316 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-63162020-10-16T03:34:00Z Towards systematically deriving defence mechanisms from functional requirements of cyber-physical systems YOONG, Cheah Huei PALLETI, Venkata Reddy SILVA, Arlindo POSKITT, Christopher M. The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated the development of different attack detection mechanisms, such as those that monitor for violations of invariants, i.e. properties that always hold in normal operation. Given the complexity of CPSs, several existing approaches focus on deriving invariants automatically from data logs, but these can miss possible system behaviours if they are not represented in that data. Furthermore, resolving any design flaws identified in this process is costly, as the CPS is already built. In this position paper, we propose a systematic method for deriving invariants before a CPS is built by analysing its functional requirements. Our method, inspired by the axiomatic design methodology for systems, iteratively analyses dependencies in the design to construct equations and process graphs that model the invariant relationships between CPS components. As a preliminary study, we applied it to the design of a water treatment plant testbed, implementing checkers for two invariants by using decision trees, and finding that they could detect some examples of attacks on the testbed with high accuracy and without false positives. Finally, we explore how developing our method further could lead to more robust CPSs and reduced costs by identifying design weaknesses before systems are implemented. 2020-10-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/5313 info:doi/10.1145/3384941.3409589 https://ink.library.smu.edu.sg/context/sis_research/article/6316/viewcontent/axiomatic_design_cpss20.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University cyber-physical systems systematic design framework anomaly detection axiomatic design supervised machine learning Information Security Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
cyber-physical systems systematic design framework anomaly detection axiomatic design supervised machine learning Information Security Software Engineering |
| spellingShingle |
cyber-physical systems systematic design framework anomaly detection axiomatic design supervised machine learning Information Security Software Engineering YOONG, Cheah Huei PALLETI, Venkata Reddy SILVA, Arlindo POSKITT, Christopher M. Towards systematically deriving defence mechanisms from functional requirements of cyber-physical systems |
| description |
The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated the development of different attack detection mechanisms, such as those that monitor for violations of invariants, i.e. properties that always hold in normal operation. Given the complexity of CPSs, several existing approaches focus on deriving invariants automatically from data logs, but these can miss possible system behaviours if they are not represented in that data. Furthermore, resolving any design flaws identified in this process is costly, as the CPS is already built. In this position paper, we propose a systematic method for deriving invariants before a CPS is built by analysing its functional requirements. Our method, inspired by the axiomatic design methodology for systems, iteratively analyses dependencies in the design to construct equations and process graphs that model the invariant relationships between CPS components. As a preliminary study, we applied it to the design of a water treatment plant testbed, implementing checkers for two invariants by using decision trees, and finding that they could detect some examples of attacks on the testbed with high accuracy and without false positives. Finally, we explore how developing our method further could lead to more robust CPSs and reduced costs by identifying design weaknesses before systems are implemented. |
| format |
text |
| author |
YOONG, Cheah Huei PALLETI, Venkata Reddy SILVA, Arlindo POSKITT, Christopher M. |
| author_facet |
YOONG, Cheah Huei PALLETI, Venkata Reddy SILVA, Arlindo POSKITT, Christopher M. |
| author_sort |
YOONG, Cheah Huei |
| title |
Towards systematically deriving defence mechanisms from functional requirements of cyber-physical systems |
| title_short |
Towards systematically deriving defence mechanisms from functional requirements of cyber-physical systems |
| title_full |
Towards systematically deriving defence mechanisms from functional requirements of cyber-physical systems |
| title_fullStr |
Towards systematically deriving defence mechanisms from functional requirements of cyber-physical systems |
| title_full_unstemmed |
Towards systematically deriving defence mechanisms from functional requirements of cyber-physical systems |
| title_sort |
towards systematically deriving defence mechanisms from functional requirements of cyber-physical systems |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2020 |
| url |
https://ink.library.smu.edu.sg/sis_research/5313 https://ink.library.smu.edu.sg/context/sis_research/article/6316/viewcontent/axiomatic_design_cpss20.pdf |
| _version_ |
1770575399289356288 |