Evaluating the Exploitability of Implicit Interactions in Distributed Systems

by   Jason Jaskolka, et al.

Implicit interactions refer to those interactions among the components of a system that may be unintended and/or unforeseen by the system designers. As such, they represent cybersecurity vulnerabilities that can be exploited to mount cyber-attacks causing serious and destabilizing system effects. In this paper, we study implicit interactions in distributed systems specified using the algebraic modeling framework known as Communicating Concurrent Kleene Algebra (C^2KA). To identify and defend against a range of possible attack scenarios, we develop a new measure of exploitability for implicit interactions to aid in evaluating the threat posed by the existence of such vulnerabilities in system designs for launching cyber-attacks. The presented approach is based on the modeling and analysis of the influence and response of the system agents and their C^2KA specifications. We also demonstrate the applicability of the proposed approach using a prototype tool that supports the automated analysis. The rigorous, practical techniques presented here enable cybersecurity vulnerabilities in the designs of distributed systems to be more easily identified, assessed, and then mitigated, offering significant improvements to overall system resilience, dependability, and security.



There are no comments yet.


page 1

page 2

page 3

page 4


Fishy Cyber Attack Detection in Industrial Control Systems

Cyber attacks have become serious threats to Industrial Control systems ...

Identifying Implicit Vulnerabilities through Personas as Goal Models

When used in requirements processes and tools, personas have the potenti...

Reinforcement Learning for Feedback-Enabled Cyber Resilience

The rapid growth in the number of devices and their connectivity has enl...

Cyber-Physical Energy Systems Security: Threat Modeling, Risk Assessment, Resources, Metrics, and Case Studies

Cyber-physical systems (CPS) are interconnected architectures that emplo...

Evaluating Cascading Effects of Attacks on Resilience of Industrial Control Systems: A Design-Centric Modeling Approach

A design-centric modeling approach was proposed to model the behavior of...

Evaluation of vulnerability reproducibility in container-based Cyber Range

A cyber range, a practical and highly educational information security e...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.