Hyperproperties of real-valued signals

A hyperproperty is a property that requires two or more execution traces to check. This is in contrast to properties expressed using temporal logics such as LTL, MTL and STL, which can be checked over individual traces. Hyperproperties are important as they are used to specify critical system performance objectives, such as those related to security, stochastic (or average) performance, and relationships between behaviors. We present the first study of hyperproperties of cyber-physical systems (CPSs). We introduce a new formalism for specifying a class of hyperproperties defined over real-valued signals, called HyperSTL. The proposed logic extends signal temporal logic (STL) by adding existential and universal trace quantifiers into STL's syntax to relate multiple execution traces. Several instances of hyperproperties of CPSs including stability, security, and safety are studied and expressed in terms of HyperSTL formulae. Furthermore, we propose a testing technique that allows us to check or falsify hyperproperties of CPS models. We present a discussion on the feasibility of falsifying or verifying various classes of hyperproperties for CPSs. We extend the quantitative semantics of STL to HyperSTL and show its utility in formulating algorithms for falsification of HyperSTL specifications. We demonstrate how we can specify and falsify HyperSTL properties for two case studies involving automotive control systems.

[1]  Niraj K. Jha,et al.  Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system , 2011, 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services.

[2]  J. Todd Wittbold,et al.  Information flow in nondeterministic systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Paulo Tabuada,et al.  Non-invasive Spoofing Attacks for Anti-lock Braking Systems , 2013, CHES.

[5]  Antoine Girard,et al.  Temporal Logic Verification Using Simulation , 2006, FORMATS.

[6]  Dejan Nickovic,et al.  Monitoring Temporal Properties of Continuous Signals , 2004, FORMATS/FTRTFT.

[7]  Srivaths Ravi,et al.  Tamper resistance mechanisms for secure embedded systems , 2004, 17th International Conference on VLSI Design. Proceedings..

[8]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[9]  P. Kocher,et al.  Di erential Power Analysis , 1999 .

[10]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[11]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[12]  Miroslav Pajic,et al.  Design methodologies for securing cyber-physical systems , 2015, 2015 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[13]  Bernd Finkbeiner,et al.  Temporal Logics for Hyperproperties , 2013, POST.

[14]  Gabor Karsai,et al.  Semantic Translation of Simulink/Stateflow Models to Hybrid Automata Using Graph Transformations , 2004, GT-VMT@ETAPS.

[15]  Markus N. Rabe,et al.  A temporal logic approach to iInformation-flow control , 2016 .

[16]  Fei Hu,et al.  Detection of Faults and Attacks Including False Data Injection Attack in Smart Grid Using Kalman Filter , 2014, IEEE Transactions on Control of Network Systems.

[17]  Leslie Lamport,et al.  Distributed Systems: Methods and Tools for Specification, An Advanced Course, April 3-12, 1984 and April 16-25, 1985, Munich, Germany , 1985, Advanced Course: Distributed Systems.

[18]  Arquimedes Canedo,et al.  Security-aware functional modeling of Cyber-Physical Systems , 2015, 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation (ETFA).

[19]  Andrew C. Myers,et al.  Observational determinism for concurrent program security , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[20]  Zhu Han,et al.  Detecting False Data Injection Attacks on Power Grid by Sparse Optimization , 2014, IEEE Transactions on Smart Grid.

[21]  Thomas Peyrin,et al.  Security challenges in automotive hardware/software architecture design , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[22]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[23]  Ali Davoudi,et al.  Detection of False-Data Injection Attacks in Cyber-Physical DC Microgrids , 2017, IEEE Transactions on Industrial Informatics.

[24]  Umair Siddique,et al.  Rewriting-Based Runtime Verification for Alternation-Free HyperLTL , 2017, TACAS.

[25]  Sanjit A. Seshia,et al.  Mining Requirements From Closed-Loop Control Models , 2015, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[26]  G. P. Szegö,et al.  Stability theory of dynamical systems , 1970 .

[27]  Borzoo Bonakdarpour,et al.  Runtime Verification of k-Safety Hyperproperties in HyperLTL , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[28]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[29]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[30]  Houssam Abbas,et al.  Robustness-guided temporal logic testing and verification for Stochastic Cyber-Physical Systems , 2014, The 4th Annual IEEE International Conference on Cyber Technology in Automation, Control and Intelligent.

[31]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[32]  Srivaths Ravi,et al.  Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..

[33]  Houssam Abbas,et al.  Formal property verification in a conformance testing framework , 2014, 2014 Twelfth ACM/IEEE Conference on Formal Methods and Models for Codesign (MEMOCODE).

[34]  Heejo Lee,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. INVITED PAPER Cyber–Physical Security of a Smart Grid Infrastructure , 2022 .

[35]  Bruce Schneier,et al.  Side Channel Cryptanalysis of Product Ciphers , 1998, J. Comput. Secur..

[36]  Thomas A. Henzinger,et al.  Lipschitz Robustness of Timed I/O Systems , 2016, VMCAI.

[37]  A. Agung Julius,et al.  Census Signal Temporal Logic Inference for Multiagent Group Behavior Analysis , 2016, IEEE Transactions on Automation Science and Engineering.

[38]  Antoine Girard,et al.  Verification Using Simulation , 2006, HSCC.

[39]  Maciej Koutny,et al.  Opacity generalised to transition systems , 2005, International Journal of Information Security.

[40]  Alexandre Donzé,et al.  Breach, A Toolbox for Verification and Parameter Synthesis of Hybrid Systems , 2010, CAV.

[41]  David Sands,et al.  Dimensions and principles of declassification , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[42]  Paulo Tabuada,et al.  Secure state estimation: Optimal guarantees against sensor attacks in the presence of noise , 2015, 2015 IEEE International Symposium on Information Theory (ISIT).

[43]  Sriram Sankaranarayanan,et al.  Monte-carlo techniques for falsification of temporal properties of non-linear hybrid systems , 2010, HSCC '10.

[44]  Georgios E. Fainekos,et al.  Mining parametric temporal logic properties in model-based design for cyber-physical systems , 2015, International Journal on Software Tools for Technology Transfer.