Limitations on Observability of Effects in Cyber-Physical Systems
This addresses security vulnerabilities in critical infrastructure like ATMs, but the approach appears incremental as it builds on formal methods for process models.
The paper tackles the problem of detecting cyber attacks in interconnected Cyber-Physical Systems by identifying a control loop effect called Process Model Inconsistency (PMI), showing that attacks often lead to this inconsistency, which can occur even in complete and correct models.
Increased interconnectivity of Cyber-Physical Systems, by design or otherwise, increases the cyber attack surface and attack vectors. Observing the effects of these attacks is helpful in detecting them. In this paper, we show that many attacks on such systems result in a control loop effect we term Process Model Inconsistency (PMI). Our formal approach elucidates the relationships among incompleteness, incorrectness, safety, and inconsistency of process models. We show that incomplete process models lead to inconsistency. Surprisingly, inconsistency may arise even in complete and correct models. We illustrate our approach through an Automated Teller Machine (ATM) example, and describe the practical implications of the theoretical results.