Yoneda Hacking: The Algebra of Attacker Actions

02/26/2021
by   Georgios Bakirtzis, et al.
0

Our work focuses on modeling security of systems from their component-level designs. Towards this goal we develop a categorical formalism to model attacker actions. Equipping the categorical formalism with algebras produces two interesting results for security modeling. First, using the Yoneda lemma, we are able to model attacker reconnaissance missions. In this context, the Yoneda lemma formally shows us that if two system representations, one being complete and the other being the attacker's incomplete view, agree at every possible test, then they behave the same. The implication is that attackers can still successfully exploit the system even with incomplete information. Second, we model the possible changes that can occur to the system via an exploit. An exploit either manipulates the interactions between system components, for example, providing the wrong values to a sensor, or changes the components themselves, for example, manipulating the firmware of a global positioning system (GPS). One additional benefit of using category theory is that mathematical operations can be represented as formal diagrams, which is useful for applying this analysis in a model-based design setting. We illustrate this modeling framework using a cyber-physical system model of an unmanned aerial vehicle (UAV). We demonstrate and model two types of attacks (1) a rewiring attack, which violates data integrity, and (2) a rewriting attack, which violates availability.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

06/06/2020

An Attacker Modeling Framework for the Assessment of Cyber-Physical Systems Security

Characterizing attacker behavior with respect to Cyber-Physical Systems ...
02/12/2019

A Formal Approach to Physics-Based Attacks in Cyber-Physical Systems (Extended Version)

We apply formal methods to lay and streamline theoretical foundations to...
05/28/2019

On Evaluating the Effectiveness of the HoneyBot: A Case Study

In recent years, cyber-physical system (CPS) security as applied to robo...
02/12/2019

Parametric analyses of attack-fault trees

Risk assessment of cyber-physical systems, such as power plants, connect...
08/09/2020

Consumer UAV Cybersecurity Vulnerability Assessment Using Fuzzing Tests

Unmanned Aerial Vehicles (UAVs) are remote-controlled vehicles capable o...
02/09/2019

A Game of Drones: Cyber-Physical Security of Time-Critical UAV Applications with Cumulative Prospect Theory Perceptions and Valuations

The effective deployment of unmanned aerial vehicle (UAV) systems and se...
10/02/2021

Repttack: Exploiting Cloud Schedulers to Guide Co-Location Attacks

Cloud computing paradigms have emerged as a major facility to store and ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.