445 |
@InProceedings{Ruchkin/2015/AC-SPC,
AUTHOR = {Ruchkin, Ivan and Rao, Ashwini and De Niz, Dio and Chaki, Sagar and Garlan, David},
TITLE = {Eliminating Inter-Domain Vulnerabilities in Cyber-Physical
Systems: An Analysis Contracts Approach},
YEAR = {2015},
MONTH = {16 October},
BOOKTITLE = {Proceedings of the First ACM Workshop on Cyber-Physical Systems Security and Privacy},
ADDRESS = {Denver, Colorado},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/AC for SPC-camera-ready-preprint-v2.pdf},
ABSTRACT = {Designing secure cyber-physical systems (CPS) is a particularly
difficult task since security vulnerabilities stem not
only from traditional cybersecurity concerns, but also physical
ones as well. Many of the standard methods for CPS
design make strong and unverified assumptions about the
trustworthiness of physical devices, such as sensors. When
these assumptions are violated, subtle inter-domain vulnerabilities
are introduced into the system model. In this paper
we propose to use formal specification of analysis contracts
to expose security assumptions and guarantees of analyses
from reliability, control, and sensor security domains. We
show that this specification allows us to determine where
these assumptions are violated or ignore important failure
modes that open the door to malicious attacks. We demonstrate
how this approach can help discover and prevent vulnerabilities
in a self-driving car example.},
KEYWORDS = {Cyberphysical Systems, Science of Security} }
|
|