Citation
Armin Wasicek. "Attack Modeling in Ptolemy: Towards a Secure Design for Cyber-Physical Systems". Talk or presentation, 7, November, 2013; Presented at the 10th Biennial Ptolemy Miniconference, Berkeley.

Abstract
Establishing security properties in a computer system is a challenging task that is often neglected during a system’s design. Adding these properties later during the system’s life cycle is common cause for security deficiencies. For instance, vulnerabilities might come from integration problems, misconfiguration, or the installed protection mechanisms might not cover the intended attack model. This work aims to integrate security engineering techniques in the model-based design flow of Cyber-Physical Systems (CPS). Following a model-based design approach facilitates a rigorous systems engineering approach to the design of a CPS. A first step towards this goal is to formally represent an attack model in the model-based design environment. For instance, the manipulation of a sensor in a CPS might take the shape of a corrupted signal. Within a model-based design environment the impact of the corrupted signal on the overall system can be analyzed. Different modes of attack may result in different corrupted signals in the system. The CPS might respond to the corrupted signals either by continuing correct service (i.e., exhibiting intrusion-tolerant behavior) or by malfunctioning. As a result, the designer gains insights, whether appropriate security mechanisms should be put in place to mitigate the effects from such an attack in subsequent steps in the design flow.

Electronic downloads

• wasicek_AttackModeling_PtolemyMiniConf2013.pdf · application/pdf · 1923 kbytes

• HTML

  Armin Wasicek. <a
  href="http://chess.eecs.berkeley.edu/pubs/1039.html"><i>Attack
  Modeling in Ptolemy: Towards a Secure Design for
  Cyber-Physical Systems</i></a>, Talk or
  presentation,  7, November, 2013; Presented at the <a
  href="http://ptolemy.org/conferences/13" >10th
  Biennial Ptolemy Miniconference</a>, Berkeley.

• Plain text

  Armin Wasicek. "Attack Modeling in Ptolemy: Towards a
  Secure Design for Cyber-Physical Systems". Talk or
  presentation,  7, November, 2013; Presented at the <a
  href="http://ptolemy.org/conferences/13" >10th
  Biennial Ptolemy Miniconference</a>, Berkeley.

• BibTeX

  @presentation{Wasicek13_AttackModelingInPtolemyTowardsSecureDesignForCyberPhysical,
      author = {Armin Wasicek},
      title = {Attack Modeling in Ptolemy: Towards a Secure
                Design for Cyber-Physical Systems},
      day = {7},
      month = {November},
      year = {2013},
      note = {Presented at the <a
                href="http://ptolemy.org/conferences/13" >10th
                Biennial Ptolemy Miniconference</a>, Berkeley.},
      abstract = {Establishing security properties in a computer
                system is a challenging task that is often
                neglected during a system’s design. Adding these
                properties later during the system’s life cycle
                is common cause for security deficiencies. For
                instance, vulnerabilities might come from
                integration problems, misconfiguration, or the
                installed protection mechanisms might not cover
                the intended attack model. This work aims to
                integrate security engineering techniques in the
                model-based design flow of Cyber-Physical Systems
                (CPS). Following a model-based design approach
                facilitates a rigorous systems engineering
                approach to the design of a CPS. A first step
                towards this goal is to formally represent an
                attack model in the model-based design
                environment. For instance, the manipulation of a
                sensor in a CPS might take the shape of a
                corrupted signal. Within a model-based design
                environment the impact of the corrupted signal on
                the overall system can be analyzed. Different
                modes of attack may result in different corrupted
                signals in the system. The CPS might respond to
                the corrupted signals either by continuing correct
                service (i.e., exhibiting intrusion-tolerant
                behavior) or by malfunctioning. As a result, the
                designer gains insights, whether appropriate
                security mechanisms should be put in place to
                mitigate the effects from such an attack in
                subsequent steps in the design flow.},
      URL = {http://chess.eecs.berkeley.edu/pubs/1039.html}
  }
  

Posted by Barb Hoversten on 21 Nov 2013.
Groups: ptolemy
For additional information, see the Publications FAQ or contact webmaster at chess eecs berkeley edu.