Visible to the public A Modal Model of Stuxnet Attacks on Cyber-physical Systems: A Matter of Trust

TitleA Modal Model of Stuxnet Attacks on Cyber-physical Systems: A Matter of Trust
Publication TypeConference Paper
Year of Publication2014
AuthorsHowser, G., McMillin, B.
Conference NameSoftware Security and Reliability (SERE), 2014 Eighth International Conference on
Date PublishedJune
KeywordsAnalytical models, belief manipulation, Bismuth, Cognition, Cost accounting, CPS, Cyber physical system, cyber security, Cyber-physical systems, doxastic logic, electronic monitors, event system analysis, human operators, implicit trust, information flow disruption attacks, information flow security, modal frames, modal model, Monitoring, MSDND, multiple security domains nondeducibility, nondeducibility, security, security models, security of data, Software, Stuxnet, Stuxnet attacks, trust state manipulation, Trusted Computing

Multiple Security Domains Nondeducibility, MSDND, yields results even when the attack hides important information from electronic monitors and human operators. Because MSDND is based upon modal frames, it is able to analyze the event system as it progresses rather than relying on traces of the system. Not only does it provide results as the system evolves, MSDND can point out attacks designed to be missed in other security models. This work examines information flow disruption attacks such as Stuxnet and formally explains the role that implicit trust in the cyber security of a cyber physical system (CPS) plays in the success of the attack. The fact that the attack hides behind MSDND can be used to help secure the system by modifications to break MSDND and leave the attack nowhere to hide. Modal operators are defined to allow the manipulation of belief and trust states within the model. We show how the attack hides and uses the operator's trust to remain undetected. In fact, trust in the CPS is key to the success of the attack.

Citation Key6895433