System controllers in critical infrastructures

Rattikorn Hewett; Phongphun Kijsanayothin

doi:10.1145/2459976.2460009

System controllers in critical infrastructures

Rattikorn Hewett, Phongphun Kijsanayothin

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Control systems are at the heart of many critical infrastructures. Malicious attacks on system controllers like SCADA (Supervisory Control And Data Acquisition) systems are serious threats to critical national infrastructures such as smart grids, nuclear power plants, or transportation systems. Analyzing and verifying the security of the control systems has increasingly become an important defense mechanism. This paper presents an approach that facilitates a semi-automated security system verification of control systems by a novel application of model checking, a technique traditionally used for automated software verification. The proposed approach is different from typical model-checking applications in that it has the ability to uncover missing safety and security properties that should be specified to prevent catastrophes caused by malicious acts. We describe the approach by illustrating its use in analyzing a cooling reactor system controller in a nuclear power plant system. The approach is general and applicable to SCADA and other control systems.

Original language	English
Title of host publication	8th Annual Cyber Security and Information Intelligence Research Workshop
Subtitle of host publication	Federal Cyber Security R and D Program Thrusts, CSIIRW 2013
DOIs	https://doi.org/10.1145/2459976.2460009
State	Published - 2013
Event	8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013 - Oak Ridge, TN, United States Duration: Jan 8 2013 → Jan 10 2013

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013
Country/Territory	United States
City	Oak Ridge, TN
Period	01/8/13 → 01/10/13

Keywords

Formal verification
Software assurance
System security

Access to Document

10.1145/2459976.2460009

Cite this

@inproceedings{36687516882c48348f18a3ac45c283a2,

title = "System controllers in critical infrastructures",

abstract = "Control systems are at the heart of many critical infrastructures. Malicious attacks on system controllers like SCADA (Supervisory Control And Data Acquisition) systems are serious threats to critical national infrastructures such as smart grids, nuclear power plants, or transportation systems. Analyzing and verifying the security of the control systems has increasingly become an important defense mechanism. This paper presents an approach that facilitates a semi-automated security system verification of control systems by a novel application of model checking, a technique traditionally used for automated software verification. The proposed approach is different from typical model-checking applications in that it has the ability to uncover missing safety and security properties that should be specified to prevent catastrophes caused by malicious acts. We describe the approach by illustrating its use in analyzing a cooling reactor system controller in a nuclear power plant system. The approach is general and applicable to SCADA and other control systems.",

keywords = "Formal verification, Software assurance, System security",

author = "Rattikorn Hewett and Phongphun Kijsanayothin",

year = "2013",

doi = "10.1145/2459976.2460009",

language = "English",

isbn = "9781450316873",

series = "ACM International Conference Proceeding Series",

booktitle = "8th Annual Cyber Security and Information Intelligence Research Workshop",

note = "8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013 ; Conference date: 08-01-2013 Through 10-01-2013",

}

Hewett, R & Kijsanayothin, P 2013, System controllers in critical infrastructures. in 8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013., 29, ACM International Conference Proceeding Series, 8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013, Oak Ridge, TN, United States, 01/8/13. https://doi.org/10.1145/2459976.2460009

System controllers in critical infrastructures. / Hewett, Rattikorn; Kijsanayothin, Phongphun.
8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013. 2013. 29 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - System controllers in critical infrastructures

AU - Hewett, Rattikorn

AU - Kijsanayothin, Phongphun

PY - 2013

Y1 - 2013

N2 - Control systems are at the heart of many critical infrastructures. Malicious attacks on system controllers like SCADA (Supervisory Control And Data Acquisition) systems are serious threats to critical national infrastructures such as smart grids, nuclear power plants, or transportation systems. Analyzing and verifying the security of the control systems has increasingly become an important defense mechanism. This paper presents an approach that facilitates a semi-automated security system verification of control systems by a novel application of model checking, a technique traditionally used for automated software verification. The proposed approach is different from typical model-checking applications in that it has the ability to uncover missing safety and security properties that should be specified to prevent catastrophes caused by malicious acts. We describe the approach by illustrating its use in analyzing a cooling reactor system controller in a nuclear power plant system. The approach is general and applicable to SCADA and other control systems.

AB - Control systems are at the heart of many critical infrastructures. Malicious attacks on system controllers like SCADA (Supervisory Control And Data Acquisition) systems are serious threats to critical national infrastructures such as smart grids, nuclear power plants, or transportation systems. Analyzing and verifying the security of the control systems has increasingly become an important defense mechanism. This paper presents an approach that facilitates a semi-automated security system verification of control systems by a novel application of model checking, a technique traditionally used for automated software verification. The proposed approach is different from typical model-checking applications in that it has the ability to uncover missing safety and security properties that should be specified to prevent catastrophes caused by malicious acts. We describe the approach by illustrating its use in analyzing a cooling reactor system controller in a nuclear power plant system. The approach is general and applicable to SCADA and other control systems.

KW - Formal verification

KW - Software assurance

KW - System security

UR - http://www.scopus.com/inward/record.url?scp=84875974198&partnerID=8YFLogxK

U2 - 10.1145/2459976.2460009

DO - 10.1145/2459976.2460009

M3 - Conference contribution

AN - SCOPUS:84875974198

SN - 9781450316873

T3 - ACM International Conference Proceeding Series

BT - 8th Annual Cyber Security and Information Intelligence Research Workshop

T2 - 8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013

Y2 - 8 January 2013 through 10 January 2013

ER -

System controllers in critical infrastructures

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this