Enforcing Information Flow Security Properties in Cyber-Physical Systems: A Generalized Framework Based on Compensation
2010 IEEE 34th Annual Computer Software and Applications Conference Workshops (2010)
July 19, 2010 to July 23, 2010
This paper presents a general theory of event compensation as an information flow security enforcement mechanism for Cyber-Physical Systems (CPSs). The fundamental research problem being investigated is that externally observable events in modern CPSs have the propensity to divulge sensitive settings to adversaries, resulting in a confidentiality violation. This is a less studied yet emerging concern in modern system security. A viable method to mitigate such violations is to use information flow security based enforcement mechanisms since access control based security models cannot impose restrictions on information propagation. Further, the disjoint nature of security analysis is not appropriate for systems with highly integrated physical and cyber infrastructures. The proposed compensation based security framework is foundational work that unifies cyber and physical aspects of security through the shared semantics of information flow. A DC circuit example is presented to demonstrate this concept.
cyber-physical systems, information flow security, execution monitoring enforcement, runtime security
T. T. Gamage, B. M. McMillin and T. P. Roth, "Enforcing Information Flow Security Properties in Cyber-Physical Systems: A Generalized Framework Based on Compensation," 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops(COMPSACW), Seoul, Korea, 2010, pp. 158-163.