TY - GEN
T1 - System controllers in critical infrastructures
AU - Hewett, Rattikorn
AU - Kijsanayothin, Phongphun
PY - 2013
Y1 - 2013
N2 - Control systems are at the heart of many critical infrastructures. Malicious attacks on system controllers like SCADA (Supervisory Control And Data Acquisition) systems are serious threats to critical national infrastructures such as smart grids, nuclear power plants, or transportation systems. Analyzing and verifying the security of the control systems has increasingly become an important defense mechanism. This paper presents an approach that facilitates a semi-automated security system verification of control systems by a novel application of model checking, a technique traditionally used for automated software verification. The proposed approach is different from typical model-checking applications in that it has the ability to uncover missing safety and security properties that should be specified to prevent catastrophes caused by malicious acts. We describe the approach by illustrating its use in analyzing a cooling reactor system controller in a nuclear power plant system. The approach is general and applicable to SCADA and other control systems.
AB - Control systems are at the heart of many critical infrastructures. Malicious attacks on system controllers like SCADA (Supervisory Control And Data Acquisition) systems are serious threats to critical national infrastructures such as smart grids, nuclear power plants, or transportation systems. Analyzing and verifying the security of the control systems has increasingly become an important defense mechanism. This paper presents an approach that facilitates a semi-automated security system verification of control systems by a novel application of model checking, a technique traditionally used for automated software verification. The proposed approach is different from typical model-checking applications in that it has the ability to uncover missing safety and security properties that should be specified to prevent catastrophes caused by malicious acts. We describe the approach by illustrating its use in analyzing a cooling reactor system controller in a nuclear power plant system. The approach is general and applicable to SCADA and other control systems.
KW - Formal verification
KW - Software assurance
KW - System security
UR - http://www.scopus.com/inward/record.url?scp=84875974198&partnerID=8YFLogxK
U2 - 10.1145/2459976.2460009
DO - 10.1145/2459976.2460009
M3 - Conference contribution
AN - SCOPUS:84875974198
SN - 9781450316873
T3 - ACM International Conference Proceeding Series
BT - 8th Annual Cyber Security and Information Intelligence Research Workshop
T2 - 8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013
Y2 - 8 January 2013 through 10 January 2013
ER -