identifying implicit component interactions in distributed cyber ...€¦ · introduction...
Post on 30-Jul-2020
2 Views
Preview:
TRANSCRIPT
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Identifying Implicit Component Interactions inDistributed Cyber-Physical Systems50th Hawaii International Conference on System Sciences
Jason Jaskolka1,∗ and John Villasenor1,2
1 Center for International Security and CooperationStanford University, Stanford, CA 943052 Department of Electrical Engineering
University of California, Los Angeles, Los Angeles, CA 90095∗ jaskolka@stanford.edu
January 7, 2017
Jason Jaskolka and John Villasenor HICSS-50 1 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Acknowledgement & Disclaimer
Acknowledgement
This material is based upon work supported by the U.S. Department ofHomeland Security under Grant Award Number, 2015-ST-061-CIRC01.
DisclaimerThe views and conclusions contained in this document are those of theauthors and should not be interpreted as necessarily representing theofficial policies, either expressed or implied, of the U.S. Department ofHomeland Security.
Jason Jaskolka and John Villasenor HICSS-50 2 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Outline
1 Introduction
2 Modeling Distributed Cyber-Physical Systems
3 Formulating Implicit Interactions
4 Identifying Implicit Interactions
5 Concluding Remarks
Jason Jaskolka and John Villasenor HICSS-50 3 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Distributed Cyber-Physical SystemsCybersecurity Challenges in Distributed Cyber-Physical SystemsImplicit Component Interactions
Distributed Cyber-Physical Systems
Jason Jaskolka and John Villasenor HICSS-50 4 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Distributed Cyber-Physical SystemsCybersecurity Challenges in Distributed Cyber-Physical SystemsImplicit Component Interactions
Cybersecurity Challenges in Cyber-Physical Systems
Ubiquitous and pervasive
Large and complex
Numerous components or agents
Even more interactions, some of which may be:
Unfamiliar, unplanned, or unexpected
Not visible or not immediately comprehensible
}Implicit
Interactions
Software/Hardware from third-party suppliers
Jason Jaskolka and John Villasenor HICSS-50 5 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Distributed Cyber-Physical SystemsCybersecurity Challenges in Distributed Cyber-Physical SystemsImplicit Component Interactions
Cybersecurity Challenges in Cyber-Physical Systems
Ubiquitous and pervasive
Large and complex
Numerous components or agents
Even more interactions, some of which may be:
Unfamiliar, unplanned, or unexpected
Not visible or not immediately comprehensible
}Implicit
Interactions
Software/Hardware from third-party suppliers
Jason Jaskolka and John Villasenor HICSS-50 5 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Distributed Cyber-Physical SystemsCybersecurity Challenges in Distributed Cyber-Physical SystemsImplicit Component Interactions
Implicit Component Interactions
Can indicate unforeseen flaws allowing for these interactions
Constitute linkages of which designers are generally unaware=⇒ security vulnerability
Hard to avoid simply by intuition
Difficult to detect (by nature)
Can be exploited to mount cyber-attacks at a later time
Jason Jaskolka and John Villasenor HICSS-50 6 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Illustrative Example: Manufacturing CellModeling using C2KA
Illustrative Example: Manufacturing Cell
Jason Jaskolka and John Villasenor HICSS-50 7 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Illustrative Example: Manufacturing CellModeling using C2KA
Illustrative Example: Manufacturing Cell
Jason Jaskolka and John Villasenor HICSS-50 7 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Illustrative Example: Manufacturing CellModeling using C2KA
Illustrative Example: Manufacturing Cell
StorageAgent Handling
AgentProcessingAgent
Control/CoordinationAgent
Jason Jaskolka and John Villasenor HICSS-50 7 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Illustrative Example: Manufacturing CellModeling using C2KA
Illustrative Example: Manufacturing CellMessage Passing
Control Agent(C)
Handling Agent(H)
Processing Agent(P)
Storage Agent(S)
(1) start
(2) load
(3) loaded(6) unloaded
(4) prepare
(5) unload
(7) setup(10) done
(8) ready
(9) process
(9) process
(10) processed
Jason Jaskolka and John Villasenor HICSS-50 8 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Illustrative Example: Manufacturing CellModeling using C2KA
An Algebraic Modeling Framework
Communicating Concurrent Kleene Algebra (C2KA)
Formalism for modeling distributed multi-agent systems
Extension of Concurrent Kleene Algebra (CKA)
Captures communication and concurrency of agents at an abstractalgebraic level
Expresses influence of stimuli on agent behavior in open systems aswell as communication through shared environments
Other existing formalisms do not directly deal with describing howagent behaviors are influenced by stimuli
Primarily concerned with closed systems
Jason Jaskolka and John Villasenor HICSS-50 9 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Illustrative Example: Manufacturing CellModeling using C2KA
Communicating Concurrent Kleene Algebra (C2KA)
Definition (C2KA)
A Communicating Concurrent Kleene Algebra (C2KA) is a system(S,K
), where
S =(S ,⊕,�, d, n
)is a stimulus structure
K =(K ,+, ∗, ; , *©, ;©, 0, 1
)is a CKA(
SK ,+)is a unitary and zero-preserving left S-semimodule with next behavior
mapping ◦ : S × K → K(SK,⊕
)is a unitary and zero-preserving right K-semimodule with next stimulus
mapping λ : S × K → S
and where the following axioms are satisfied for all a, b, c ∈ K and s, t ∈ S:1 s ◦ (a ; b) = (s ◦ a) ;
(λ(s, a) ◦ b
)2 a ≤K c ∨ b = 1 ∨ (s ◦ a) ;
(λ(s, c) ◦ b
)= 0
3 λ(s � t, a) = λ(s, (t ◦ a)
)� λ(t, a)
4 s = d ∨ s ◦ 1 = 15 a = 0 ∨ λ(n, a) = n
Jason Jaskolka and John Villasenor HICSS-50 10 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Illustrative Example: Manufacturing CellModeling using C2KA
Agent SpecificationsIllustrative Example: Manufacturing Cell
Table: Stimulus-response specification of the Control Agent C
◦ start load loaded prepare done unload unloaded setup ready process processedidle idle idle prep idle idle idle idle idle idle idle idleprep prep prep prep prep prep prep init prep prep prep prepinit init init init init init init init init init proc initproc proc proc proc proc proc proc proc proc proc proc idle
λ start load loaded prepare done unload unloaded setup ready process processedidle load n prepare n n n n n n n nprep n n n n n n setup n n n ninit n n n n n n n n n done nproc n n n n n n n n n n end
Control Agent C 7→⟨idle + prep + init + proc
⟩Storage Agent S 7→
⟨empty + full
⟩Handling Agent H 7→
⟨wait + move
⟩Processing Agent P 7→
⟨stby + set + work
⟩Figure: Abstract behavior specification of the manufacturing cell agents
Jason Jaskolka and John Villasenor HICSS-50 11 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Intended Systems InteractionsFormulation of Implicit Interaction Existence
Intended System Interactions
Control Agent(C)
Handling Agent(H)
Processing Agent(P)
Storage Agent(S)
(1) start
(2) load
(3) loaded(6) unloaded
(4) prepare
(5) unload
(7) setup(10) done
(8) ready
(9) process
(9) process
(10) processed
Pintended denotes the set of intended system interactions
Jason Jaskolka and John Villasenor HICSS-50 12 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Intended Systems InteractionsFormulation of Implicit Interaction Existence
Illustrative Example: Manufacturing CellIntended System Interactions
C S C H S C P H
P
C P
C
Pintended ={
C→ S→ C→ H→ S→ C→ P→ H→ P→ C,
C→ S→ C→ H→ S→ C→ P→ H→ C→ P}
Jason Jaskolka and John Villasenor HICSS-50 13 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Intended Systems InteractionsFormulation of Implicit Interaction Existence
Illustrative Example: Manufacturing CellIntended System Interactions
C S C H S C P H
P
C P
C
Pintended ={
C→ S→ C→ H→ S→ C→ P→ H→ P→ C,
C→ S→ C→ H→ S→ C→ P→ H→ C→ P}
Jason Jaskolka and John Villasenor HICSS-50 13 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Intended Systems InteractionsFormulation of Implicit Interaction Existence
Illustrative Example: Manufacturing CellIntended System Interactions
C S C H S C P H
P
C P
C
Pintended ={
C→ S→ C→ H→ S→ C→ P→ H→ P→ C,
C→ S→ C→ H→ S→ C→ P→ H→ C→ P}
Jason Jaskolka and John Villasenor HICSS-50 13 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Intended Systems InteractionsFormulation of Implicit Interaction Existence
Formulating Existence of Implicit Interactions
Definition (Existence of Implicit Interactions)
An implicit interaction (via stimuli) exists in a system formed by a set Aof agents, if and only if for any two agents A,B ∈ A with A 6= B:
∃(p | p =⇒ (A→+
S B) : ∀(q | q ∈ Pintended : ¬SubPath(p, q) ))
where SubPath(p, q) is a predicate indicating that p is a subpath of q.
Jason Jaskolka and John Villasenor HICSS-50 14 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Identification of Implicit InteractionsExperimental Results
Identifying Implicit Interactions
1 Determine the potential communication paths that exist from thesystem specification
Example: Consider the manufacturing cell:
$ pfc system agentP agentSP ->+ S: True
P -> C -> H -> SP -> C -> SP -> H -> C -> SP -> H -> S
$ pfc system agentH agentCH ->+ C: True
H -> CH -> P -> CH -> S -> C
Control Agent(C)
Handling Agent(H)
Processing Agent(P)
Storage Agent(S)
Jason Jaskolka and John Villasenor HICSS-50 15 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Identification of Implicit InteractionsExperimental Results
Identifying Implicit Interactions
2 Determine if a potential communication path is an implicitinteraction
Example: Consider the following potential communication paths:H → S → C and P → C → S
P→ C→ SPintended =
{C→ S→ C→ H→ S→ C→ P→ H→ P→ C,
C→ S→ C→ H→ S→ C→ P→ H→ C→ P}
Jason Jaskolka and John Villasenor HICSS-50 16 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Identification of Implicit InteractionsExperimental Results
Identifying Implicit InteractionsControl Agent
(C)
Handling Agent(H)
Processing Agent(P)
Storage Agent(S)
C S C H S C P H
P
C P
C
Jason Jaskolka and John Villasenor HICSS-50 17 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Identification of Implicit InteractionsExperimental Results
Identifying Implicit InteractionsControl Agent
(C)
Handling Agent(H)
Processing Agent(P)
Storage Agent(S)
C S C H S C P H
P
C P
C
Jason Jaskolka and John Villasenor HICSS-50 17 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Identification of Implicit InteractionsExperimental Results
Experimental Results
For the manufacturing cell system:
11 of the 30 total interactions are implicit interactions
Result of the potential for out-of-sequence stimuli from systemagents
Demonstrates hidden complexity and coupling among agents
Potential for unexpected system behaviors
Jason Jaskolka and John Villasenor HICSS-50 18 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Impact of this ResearchFuture Research DirectionsConcluding RemarksQuestions
Impact of this Work
Enhances the understanding of the hidden complexity and couplingin distributed cyber-physical systems
Formal foundation upon which mitigation approaches can bedeveloped
Basis for developing guidelines for designing and implementingcyber-physical systems that are resilient to cyber-threats
There is still much more to be done!
Jason Jaskolka and John Villasenor HICSS-50 19 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Impact of this ResearchFuture Research DirectionsConcluding RemarksQuestions
Impact of this Work
Enhances the understanding of the hidden complexity and couplingin distributed cyber-physical systems
Formal foundation upon which mitigation approaches can bedeveloped
Basis for developing guidelines for designing and implementingcyber-physical systems that are resilient to cyber-threats
There is still much more to be done!
Jason Jaskolka and John Villasenor HICSS-50 19 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Impact of this ResearchFuture Research DirectionsConcluding RemarksQuestions
Where Do We Go From Here?
Extension with potential for communication via shared environments
Classification and measurement of severity
Measure the exploitability of identified implicit interactions
Study impact of implicit interactions through simulation
Articulate mitigation approaches
Study the applicability on real systems
Jason Jaskolka and John Villasenor HICSS-50 20 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Impact of this ResearchFuture Research DirectionsConcluding RemarksQuestions
Concluding Remarks
Implicit component interactions can pose a serious cyber-threat tocyber-physical systems
Elimination of implicit interactions in an ongoing and ambitiousundertaking
Focus on evolving and enhancing the understanding of our modernsystems and networks
Jason Jaskolka and John Villasenor HICSS-50 21 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Impact of this ResearchFuture Research DirectionsConcluding RemarksQuestions
Questions
Questions?
Jason Jaskolka and John Villasenor HICSS-50 22 / 23
IntroductionModeling Distributed Cyber-Physical Systems
Formulating Implicit InteractionsIdentifying Implicit Interactions
Concluding Remarks
Impact of this ResearchFuture Research DirectionsConcluding RemarksQuestions
Thank You
Thank You!
Jason Jaskolka and John Villasenor HICSS-50 23 / 23
top related