On the Interplay Between Cyber and Physical Spaces for Adaptive Security

Ubiquitous computing is resulting in a proliferation of cyber-physical systems that host or manage valuable physical and digital assets. These assets can be harmed by malicious agents through both cyber-enabled or physically-enabled attacks, particularly ones that exploit the often ignored interplay between the cyber and physical world. The explicit representation of spatial topology is key to supporting adaptive security policies. In this paper we explore the use of Bigraphical Reactive Systems to model the topology of cyber and physical spaces and their dynamics. We utilise such models to perform speculative threat analysis through model checking to reason about the consequences of the evolution of topological configurations on the satisfaction of security requirements. We further propose an automatic planning technique to identify an adaptation strategy enacting security policies at runtime to prevent, circumvent, or mitigate possible security requirements violations. We evaluate our approach using a case study concerned with countering insider threats in a building automation system.

[1]  Robin Milner,et al.  The Space and Motion of Communicating Agents , 2009 .

[2]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[3]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[4]  Muffy Calder,et al.  Bigraphs with sharing , 2015, Theor. Comput. Sci..

[5]  Rocco De Nicola,et al.  KLAIM: A Kernel Language for Agents Interaction and Mobility , 1998, IEEE Trans. Software Eng..

[6]  Stephan Merz,et al.  Model Checking , 2000 .

[7]  Robin Milner,et al.  Matching of Bigraphs , 2007, GT-VC@CONCUR.

[8]  Bashar Nuseibeh,et al.  Requirements-driven adaptive security: Protecting variable assets at runtime , 2012, 2012 20th IEEE International Requirements Engineering Conference (RE).

[9]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[10]  Bradley R. Schmerl,et al.  Architecture-based self-protecting software systems , 2013, QoSA '13.

[11]  I. Hogganvik,et al.  Model-based security analysis in seven steps — a guided tour to the CORAS method , 2007 .

[12]  Roel Wieringa,et al.  Integrated assessment and mitigation of physical and digital security threats: Case studies on virtualization , 2011, Inf. Secur. Tech. Rep..

[13]  Sam Malek,et al.  A Systematic Survey of Self-Protecting Software Systems , 2014, ACM Trans. Auton. Adapt. Syst..

[14]  Elisa Bertino,et al.  Prox-RBAC: a proximity-based spatially aware RBAC , 2011, GIS.

[15]  Roberto Gorrieri,et al.  The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties , 1997, IEEE Trans. Software Eng..

[16]  Siddharth Sridhar,et al.  Model-Based Attack Detection and Mitigation for Automatic Generation Control , 2014, IEEE Transactions on Smart Grid.

[17]  Emmanouil Magkos,et al.  Modeling security in cyber-physical systems , 2012, Int. J. Crit. Infrastructure Prot..

[18]  Bruce M. McMillin,et al.  Analysis of information flow security in cyber-physical systems , 2010, Int. J. Crit. Infrastructure Prot..

[19]  Edward A. Lee Cyber Physical Systems: Design Challenges , 2008, 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC).

[20]  Axel van Lamsweerde,et al.  Elaborating security requirements by construction of intentional anti-models , 2004, Proceedings. 26th International Conference on Software Engineering.

[21]  Wolfgang Granzer,et al.  Security in Building Automation Systems , 2010, IEEE Transactions on Industrial Electronics.

[22]  Søren Debois,et al.  A verification environment for bigraphs , 2013, Innovations in Systems and Software Engineering.

[23]  P. Sholander,et al.  Risk assessment for physical and cyber attacks on critical infrastructures , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[24]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[25]  P. Ramadge,et al.  Supervisory control of a class of discrete event processes , 1987 .

[26]  Luca Cardelli,et al.  Mobile Ambients , 1998, FoSSaCS.

[27]  Elisa Bertino,et al.  A formal proximity model for RBAC systems , 2012, 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[28]  Carla Piazza,et al.  CoPS - Checker of Persistent Security , 2004, TACAS.

[29]  Giorgio Bacci,et al.  DBtk: A Toolkit for Directed Bigraphs , 2009, CALCO.

[30]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[31]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[32]  Robin Milner,et al.  Stochastic Bigraphs , 2008, MFPS.

[33]  Pieter H. Hartel,et al.  Portunes: Representing Attack Scenarios Spanning through the Physical, Digital and Social Domain , 2010, ARSPA-WITS.

[34]  Paramvir Bahl,et al.  The Case for VM-Based Cloudlets in Mobile Computing , 2009, IEEE Pervasive Computing.

[35]  Carlo Ghezzi,et al.  Engineering topology aware adaptive security: Preventing requirements violations at runtime , 2014, 2014 IEEE 22nd International Requirements Engineering Conference (RE).

[36]  Felix Klaedtke,et al.  Enforceable Security Policies Revisited , 2012, TSEC.

[37]  Muffy Calder,et al.  Real-time verification of wireless home networks using bigraphs with sharing , 2014, Sci. Comput. Program..

[38]  Carlo Ghezzi,et al.  Topology aware adaptive security , 2014, SEAMS 2014.

[39]  Raja Sengupta,et al.  BIAGENTS – A BIGRAPHICAL AGENT MODEL FOR STRUCTURE-AWARE COMPUTATION , 2012 .

[40]  Alvaro A. Cárdenas,et al.  Resilience of Process Control Systems to Cyber-Physical Attacks , 2013, NordSec.

[41]  Carlo Ghezzi,et al.  Ariadne: Topology Aware Adaptive Security for Cyber-Physical Systems , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[42]  Girish Bhat,et al.  Efficient on-the-fly model checking for CTL , 1995, Proceedings of Tenth Annual IEEE Symposium on Logic in Computer Science.

[43]  Steve Benford,et al.  On Lions, Impala, and Bigraphs , 2016, ACM Trans. Comput. Hum. Interact..

[44]  Hermann Merz,et al.  Building Automation: Communication systems with EIB/KNX, LON and BACnet , 2009 .

[45]  Muffy Calder,et al.  A SAT based algorithm for the matching problem in bigraphs with sharing , 2010 .

[46]  Carlo Ghezzi,et al.  Adding Static and Dynamic Semantics to Building Information Models , 2016, 2016 IEEE/ACM 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS).

[47]  Michael F. Worboys,et al.  A Qualitative Bigraph Model for Indoor Space , 2012, GIScience.