Security Evaluation of Cyber-Physical Systems by Modeling Attacks against Control Loops

Document Type : Research Paper

Author

Department of Computer Engineering, Technical and Vocational University (TVU), Tehran, Iran.

Abstract

Cyber-physical systems (CPSs) are deeply intertwining and integrating the physical processes with cyber components. In these intelligent systems, a process is monitored and controlled by cyber systems and different types of sensitive information is exchanged in a real-time manner. Nowadays, the security of these systems has been considered increasingly. Connecting physical devices to the cyber network makes the critical infrastructures more vulnerable to the adversarial activities. The primary target of attacks against CPSs is often disrupting physical processes under control. Since, improving the security of CPSs has gained considerable importance nowadays. This paper presents a method for modeling the security of CPSs using stochastic Petri nets (SPNs). The proposed method models the system control loop associated with anomaly detection systems (ADSs) in normal behavior and under security attacks. By using this model, we can investigate the consequences of the integrity and denial of service attacks against CPSs and perform probabilistic and temporal analysis of the system under security attacks. By solving the proposed model, the security of CPSs is estimated in terms of metrics, such as mean-time-to-failure and availability. Finally, the security of a chemical plant is investigated as an illustrative example to represent the effectiveness of the proposed modeling method. 

Keywords

References

  1. Kopetz, Real-Time Systems: Design Principles for Distributed Embedded Applications, 2d. ed., Real-Time Systems Series, Sep. 2011.
  2. Alguliyev, Y. Imamverdiyev, and L. Sukhostat, “Cyber-physical systems and their security issues,” Computers in Industry, vol. 100, pp. 212–223, Sep. 2018.
  3. -P. A. Yaacoub, O. Salman, H. N. Noura, N. Kaaniche, A. Chehab, and M. Malli, “Cyber-physical systems security: Limitations, issues and future trends,” Microprocessors and Microsystems, vol. 77, p. 103201, Sep. 2020, doi: https://doi.org/10.1016/j.micpro.2020.103201..
  4. Krotofil and J. Larsen, “Are You Threatening My Hazards?,”  Lecture Notes in Computer Science, pp. 17–32, Jan. 2014, doi: https://doi.org/10.1007/978-3-319-09843-2_2.
  5. Krotofil, A. Cárdenas, J. Larsen, and D. Gollmann, “Vulnerabilities of cyber-physical systems to stale data—Determining the optimal time to launch attacks,” International Journal of Critical Infrastructure Protection, vol. 7, no. 4, pp. 213–232, Dec. 2014.
  6. -W. Ten, J. Hong, and C.-C. Liu, "Anomaly detection for cyber security of the substations," IEEE Trans. Smart Grid, vol. 2, no. 4, pp. 865-873, Dec. 2011.
  7. S. Jagtap, S. S. V. S., and S. V., “A hypergraph based Kohonen map for detecting intrusions over cyber–physical systems traffic,” Future Generation Computer Systems, vol. 119, pp. 84–109, Jun. 2021.
  8. K. Molloy, “Performance analysis using stochastic Petri nets,” IEEE Trans. Computers, vol. 31, pp. 913–917, Sep. 1982.
  9. A. Marsan, G. Balbo, G. Conte, S. Donatelli, and G. Franceschinis, “Modelling with Generalized Stochastic Petri Nets,” ACM SIGMETRICS Performance Evaluation Review, vol. 26, no. 2, p. 2, Aug. 1998.
  10. D. Iannacone and R. A. Bridges, “Quantifiable & comparable evaluations of cyber defensive capabilities: A survey & novel, unified approach,” Computers & Security, vol. 96, p. 101907, Sep. 2020.
  11. C. Lalropuia and V. Gupta, “Modeling cyber-physical attacks based on stochastic game and Markov processes,” Reliability Engineering & System Safety, vol. 181, pp. 28–37, Jan. 2019.
  12. Tantawy, S. Abdelwahed, A. Erradi, and K. Shaban, “Model-Based Risk Assessment for Cyber Physical Systems Security,” Computers & Security, vol. 96, p. 101864, May 2020.
  13. Tripathi, L. K. Singh, A. K. Tripathi, and A. Chaturvedi, “Model based security verification of Cyber-Physical System based on Petrinet: A case study of Nuclear power plant,” Annals of Nuclear Energy, vol. 159, p. 108306, Sep. 2021.
  14. Liu, J. Zhang, P. Zhu, Q. Tan, and W. Yin, “Quantitative cyber-physical security analysis methodology for industrial control systems based on incomplete information Bayesian game,” Computers & Security, vol. 102, p. 102138, Mar. 2021.
  15. A. Kholidy, “Autonomous mitigation of cyber risks in the Cyber–Physical Systems,” Future Generation Computer Systems, vol. 115, pp. 171–187, Feb. 2021.
  16. V. JhaB. AppasaniA.N. GhazaliP. PattanayakD.S. GurjarE. Kabalci, D.K. Mohanta., “Smart grid cyber-physical systems: communication technologies, standards and challenges,” Wireless Networks, Mar. 2021.
  17. Li, C. Sun, and Q. Su, “Analysis of cascading failures of power cyber-physical systems considering false data injection attacks,” Global Energy Interconnection, vol. 4, no. 2, pp. 204–213, Apr. 2021.
  18. Friedberg, K. McLaughlin, P. Smith, D. Laverty, and S. Sezer, “STPA-SafeSec: Safety and security analysis for cyber-physical systems,” Journal of Information Security and Applications, vol. 34, pp. 183–196, June 2017.
  19. Barrère, C. Hankin, N. Nicolaou, D. G. Eliades, and T. Parisini, “Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies,” Journal of Information Security and Applications, vol. 52, p. 102471, June 2020.
  20. T. Amin, F. Khan, S. Z. Halim, and S. Pistikopoulos, “A holistic framework for process safety and security analysis,” Computers & Chemical Engineering, vol. 165, p. 107963, Sep. 2022.
  21. Barrère, C. Hankin, and D. O’Reilly, “Cyber-physical attack graphs (CPAGs): Composable and scalable attack graphs for cyber-physical systems,” Computers & security, vol.132, p.103348, Sep. 2023.
  22. Binnar, and S. Bhirud, “Security Analysis of Cyber Physical System using Digital Forensic Incident Response,” Cyber Security and Applications, p.100034, Dec. 2023.
  23. B. Madan, K. Goševa-Popstojanova, K. Vaidyanathan, and K. S. Trivedi, “A method for modeling and quantifying the security attributes of intrusion tolerant systems,” Performance Evaluation, vol. 56, no. 1–4, pp. 167–186, Mar. 2004.
  24. S. Trivedi, Probability and statistics with reliability, queuing and computer science applications, John Wiley & Sons Ltd., Chichester, UK, Feb. 2001.
  25. Tan, H. J. Marquez, T. Chen, and J. Liu, “Analysis and control of a nonlinear boiler-turbine unit,” Journal of Process Control, vol. 15, no. 8, pp. 883–891, Dec. 2005.
  26. S. Admass, Y. Y. Munaye, and A. A. Diro, “Cyber security: State of the art, challenges and future directions,” Cyber Security and Applications, vol. 2, p. 100031, Jan. 2024.

Files

Share

How to cite

Statistics