Three tenets for secure cyber-physical system design and assessment

This paper presents a threat-driven quantitative mathematical framework for secure cyber-physical system design and assessment. Called The Three Tenets, this originally empirical approach has been used by the US Air Force Research Laboratory (AFRL) for secure system research and development. The Tenets were first documented in 2005 as a teachable methodology. The Tenets are motivated by a system threat model that itself consists of three elements which must exist for successful attacks to occur: – system susceptibility; – threat accessibility and; – threat capability. The Three Tenets arise naturally by countering each threat element individually. Specifically, the tenets are: Tenet 1: Focus on What’s Critical - systems should include only essential functions (to reduce susceptibility); Tenet 2: Move Key Assets Out-of-Band - make mission essential elements and security controls difficult for attackers to reach logically and physically (to reduce accessibility); Tenet 3: Detect, React, Adapt - confound the attacker by implementing sensing system elements with dynamic response technologies (to counteract the attackers’ capabilities). As a design methodology, the Tenets mitigate reverse engineering and subsequent attacks on complex systems. Quantified by a Bayesian analysis and further justified by analytic properties of attack graph models, the Tenets suggest concrete cyber security metrics for system assessment.

[1]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[2]  James A. Whittaker,et al.  Neutralizing windows-based malicious mobile code , 2002, SAC '02.

[3]  T.E. Bell Managing Murphy's law: engineering a minimum-risk system , 1989, IEEE Spectrum.

[4]  Gary L. Guzie Vulnerability Risk Assessment. , 2000 .

[5]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[6]  D McMorrow,et al.  Science of Cyber-Security , 2010 .

[7]  Lawrence Carin,et al.  Cybersecurity Strategies: The QuERIES Methodology , 2008, Computer.

[8]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[9]  Vincent Guyot Smart Card Security , 2010 .

[10]  Kymie M. C. Tan,et al.  An Approach to Measuring a System's Attack Surface , 2007 .

[11]  David Evans Nsf/iarpa/nsa Workshop on the Science of Security , .

[12]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[13]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[14]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[15]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[16]  Lawrence E. Cohen,et al.  Social Change and Crime Rate Trends: A Routine Activity Approach , 1979 .

[17]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[18]  F. Schneider Trust in Cyberspace , 1998 .

[19]  I. Gertsbakh,et al.  Statistical Reliability Theory , 1988 .

[20]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[21]  Fred B. Schneider,et al.  Least Privilege and More , 2003, IEEE Secur. Priv..

[22]  Jacob West,et al.  Secure Programming with Static Analysis , 2007 .

[23]  Sushil Jajodia,et al.  Toward measuring network security using attack graphs , 2007, QoP '07.

[24]  Alexander Kott Science of Cyber Security as a System of Models and Problems , 2015, ArXiv.

[25]  W. V. Eck Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? , 1996 .

[26]  Edward A. Lee,et al.  Actor-Oriented Design of Embedded Hardware and Software Systems , 2003, J. Circuits Syst. Comput..

[27]  D. Schum,et al.  Formal and empirical research on cascaded inference in jurisprudence. , 1982 .

[28]  Somesh Jha,et al.  Minimization and Reliability Analyses of Attack Graphs , 2002 .

[29]  Edmund M. Clarke,et al.  Ranking Attack Graphs , 2006, RAID.