Stéphane Lafortune

Lilian Kawakami Carvalho, Yi-Chin Wu, Raymond Kwong et al.

The deployment of control systems with network-connected components has made feedback control systems vulnerable to attacks over the network. This paper considers the problem of intrusion detection and mitigation in supervisory control systems, where the attacker has the ability to enable or disable vulnerable actuator commands and erase or insert vulnerable sensor readings. We present a mathematical model for the system under certain classes of actuator enablement attacks, sensor erasure attacks, or sensor insertion attacks. We then propose a defense strategy that aims to detect such attacks online and disables all controllable events after an attack is detected. We develop an algorithmic procedure for verifying whether the system can prevent damage from the attacks considered with the proposed defense strategy, where damage is modeled as the reachability of a pre-defined set of unsafe system states.The technical condition of interest that is necessary and sufficient in this context, termed "GF-safe controllability", is characterized. We show that the verification of GF-safe controllability can be performed using diagnoser or verifier automata. Finally, we illustrate the methodology with a traffic control system example.

Shoma Matsui, Stéphane Lafortune

There is an increasing need to study the vulnerability of communication protocols in distributed systems to malicious attacks that attempt to violate properties such as safety or nonblockingness. In this paper, we propose a common methodology for formal synthesis of successful attacks against two well-known protocols, the Alternating Bit Protocol (ABP) and the Transmission Control Protocol (TCP), where the attacker can always eventually win, called For-all attacks. This generalizes previous work on the synthesis of There-exists attacks for TCP, where the attacker can sometimes win. We model the ABP and TCP protocols and system architecture by finite-state automata and employ the supervisory control theory of discrete event systems to pose and solve the synthesis of For-all attacks, where the attacker has partial observability and controllability of the system events. We consider several scenarios of person-in-themiddle attacks against ABP and TCP and present the results of attack synthesis using our methodology for each case.