Home   Research Publications Members Related Software
IndexBrowse   BibliographiesMy selection
 Search: in   (word length ≥ 3)
      Login
Publication no #445   Download bibtex file Type :   Html | Bib | Both
Add to my selection
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analysis Contracts Approach

Ivan Ruchkin, Ashwini Rao, Dio De Niz, Sagar Chaki and David Garlan.


In Proceedings of the First ACM Workshop on Cyber-Physical Systems Security and Privacy, Denver, Colorado, 16 October 2015.

Online links: PDF

Abstract
Designing secure cyber-physical systems (CPS) is a particularly difficult task since security vulnerabilities stem not only from traditional cybersecurity concerns, but also physical ones as well. Many of the standard methods for CPS design make strong and unverified assumptions about the trustworthiness of physical devices, such as sensors. When these assumptions are violated, subtle inter-domain vulnerabilities are introduced into the system model. In this paper we propose to use formal specification of analysis contracts to expose security assumptions and guarantees of analyses from reliability, control, and sensor security domains. We show that this specification allows us to determine where these assumptions are violated or ignore important failure modes that open the door to malicious attacks. We demonstrate how this approach can help discover and prevent vulnerabilities in a self-driving car example.

Keywords: Cyberphysical Systems, Science of Security.  
@InProceedings{Ruchkin/2015/AC-SPC,
      AUTHOR = {Ruchkin, Ivan and Rao, Ashwini and De Niz, Dio and Chaki, Sagar and Garlan, David},
      TITLE = {Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analysis Contracts Approach},
      YEAR = {2015},
      MONTH = {16 October},
      BOOKTITLE = {Proceedings of the First ACM Workshop on Cyber-Physical Systems Security and Privacy},
      ADDRESS = {Denver, Colorado},
      PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/AC for SPC-camera-ready-preprint-v2.pdf},
      ABSTRACT = {Designing secure cyber-physical systems (CPS) is a particularly difficult task since security vulnerabilities stem not only from traditional cybersecurity concerns, but also physical ones as well. Many of the standard methods for CPS design make strong and unverified assumptions about the trustworthiness of physical devices, such as sensors. When these assumptions are violated, subtle inter-domain vulnerabilities are introduced into the system model. In this paper we propose to use formal specification of analysis contracts to expose security assumptions and guarantees of analyses from reliability, control, and sensor security domains. We show that this specification allows us to determine where these assumptions are violated or ignore important failure modes that open the door to malicious attacks. We demonstrate how this approach can help discover and prevent vulnerabilities in a self-driving car example.},
      KEYWORDS = {Cyberphysical Systems, Science of Security}
}
    Created: 2015-07-08 11:17:59     Modified: 2015-12-14 13:38:25
Feedback: ABLE Webmaster
Last modified: Sat October 12 2019 16:15:32
        BibAdmin