Verifying cyber attack properties

Abstract The heterogeneous, evolving and distributed nature of Cyber-Physical Systems (CPS) means that there is little chance of performing a top down development or anticipating all critical requirements such devices will need to satisfy individually and collectively. This paper describes an approach to verifying system requirements, when they become known, by performing an automated refinement check of its composed components abstracted from the actual implementation. This work was sponsored by the Charles Stark Draper Laboratories under the DARPA HACMS project. The views, opinions, and/or findings expressed are those of the authors and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government

[1]  Augusto Sampaio,et al.  FDR: From Theory to Industrial Application , 2017, Concurrency, Security, and Puzzles.

[2]  Colin O'Halloran Verifying Critical Cyber-Physical Systems After Deployment , 2015, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[3]  A. W. Roscoe,et al.  Data Independence with Generalised Predicate Symbols , 1999, PDPTA.

[4]  Yu Guo,et al.  Certifying low-level programs with hardware interrupts and preemptive threads , 2008, PLDI '08.

[5]  Colin O'Halloran Automated verification of code automatically generated from Simulink® , 2012, Automated Software Engineering.

[6]  Mark A. Hillebrand,et al.  Automated Verification of a Small Hypervisor , 2010, VSTTE.

[7]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[8]  Anthony C. J. Fox Directions in ISA Specification , 2012, ITP.

[9]  Kevin Fu,et al.  Controlling for cybersecurity risks of medical device software , 2013, Commun. ACM.

[10]  Clive H. Pygott,et al.  Formalising C and C++ for Use in High Integrity Systems , 2007, SSS.

[11]  Terry L. David Cyber security challenges in the global airspace , 2016, 2016 Integrated Communications Navigation and Surveillance (ICNS).

[12]  Michael Goldsmith,et al.  Hierarchical Compression for Model-Checking CSP or How to Check 1020 Dining Philosophers for Deadlock , 1995, TACAS.

[13]  Andrew William Roscoe,et al.  FDR into The Cloud , 2014 .

[14]  Steven E. Shladover,et al.  Potential Cyberattacks on Automated Vehicles , 2015, IEEE Transactions on Intelligent Transportation Systems.

[15]  Claude Marché,et al.  The Why/Krakatoa/Caduceus Platform for Deductive Program Verification , 2007, CAV.

[16]  Michael Norrish C formalised in HOL , 1998 .

[17]  Sabine Glesner,et al.  Model Transformations to Mitigate the Semantic Gap in Embedded Systems Verification , 2010, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[18]  Jean Souyris,et al.  Astrée: From Research to Industry , 2007, SAS.

[19]  A. W. Roscoe,et al.  FDR3: a parallel refinement checker for CSP , 2015, International Journal on Software Tools for Technology Transfer.

[20]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[21]  Helge Janicke,et al.  SCADA security in the light of Cyber-Warfare , 2012, Comput. Secur..

[22]  Jim Woodcock,et al.  Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[23]  Michael Norrish,et al.  seL4: formal verification of an operating-system kernel , 2010, Commun. ACM.

[24]  Magnus O. Myreen Formal verification of machine-code programs , 2011 .

[25]  Colin O'Halloran Guess and Verify - Back to the Future , 2009, FM.