CPS: Synergy: Information Flow Analysis for Cyber-Physical System Security

pdf

Achieving security in Cyber-Physical Systems (CPS) has become a critical problem. Due to their ubiquity and the essential role they play in modern societies, CPS such as the smart grid, transportation networks, medical systems, and water distribution systems are a target for malicious attackers. While significant efforts are being made to achieve resilience in CPS, the field of CPS security as a whole suffers from fragmentation. In particular, there is often a sharp divide between mainstream security and privacy and tradition system theoretic techniques.

In this project, we address these challenges by introducing a framework of accountability in Cyber-Physical Systems. This theory of accountability will encompass three main steps: 1) Attack Detection, 2) Responsibility Assignment and Identification, 3) Corrective Measures via Resilient System Design and Control. Within this framework, we incorporate information flow analysis. Information flow analysis is a set of tools developed in software security. At a high level, information flow properties model how inputs of a system affect its outputs. In particular, if changing (intervening on) the values of inputs does not affect the probability distribution of outputs in a stochastic system, then the system is said to satisfy the information flow property of probabilistic non-interference. These information flow notions provide a useful foundation for accountability since they support traceability, i.e. not just detection of violations but also responsibility-assignment, which then can be used to adopt corrective measures.

Our initial results investigate the application of information flow analysis to attack detection. We propose the KL divergence between the distribution of the outputs of a system under attack and the distribution of outputs of a system under normal operation as a causal measure of information flow. Leveraging well-known results that relate the KL divergence to optimal achievable detection, we use information flow analysis to quantify attack detectability as a function of both the defender’s and adversary’s strategies. This allows us to recover and rigorously analyze attack scenarios that were previously considered in the literature. Moreover, it enables us to develop a methodology of design, which allows a defender to change his strategy or possibly increase his degrees of freedom to elicit an adequate information flow from an attacker.

We expect information flow analysis tools to additionally enable the process of attack identification and correction. For instance, we are investigating control and design policies that will allow us to directly attribute information flows to distinct entities. Here, we leverage methods from traitor tracing, which has strong ties to information flow analysis, to obtain efficient algorithms.  Correction includes aspects of robust offline design and resilient online methods to respond to attacks. An important subtopic given the heterogeneous and interconnected nature of a CPS is compositional security.  We leverage prior work for secure composition that relies on checking safety invariants of system components and the interfaces via which the adversary interacts with a CPS. While a useful starting point, we expect to go beyond prior approaches to develop methods for identifying appropriate invariants of physical dynamical systems, and ensuring that computing and physical elements respect each other's invariants.

By integrating the concepts of information flow, a traditional cyber security centric notion, and resilient control of physical dynamical systems, this project will enable unified foundations of CPS security: a framework that applies to diverse application domains and systems comprised of highly heterogeneous components including software, physical devices, and decision making entities. The work will have direct impact on other emerging fields of science and technology such as network science and the Internet-of-Things (IoT).

The project involves opportunities for education and outreach. We expect to provide a course on CPS security centered on information flow analysis. Additionally, we will use the NSF-supported Information Assurance Capacity Building Program at Carnegie Mellon to provide aid to Minority Serving Institutions. Finally, we plan to organize an activity related to this project as part of the Summer Engineering Experience for girls (SEE), an outreach two-week long summer program dedicated to high school girls interested in science and engineering.

Tags:
License: CC-2.5
Submitted by Bruno Sinopoli on