Towards Formal Verification of Cyber Security Standards

Cyber security standards are often used to ensure the security of industrial control systems. Nowadays, these systems are becoming more decentralized, making them more vulnerable to cyber attacks. One of the challenges of implementing cyber security standards for industrial control systems is the in...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Trudy Instituta sistemnogo programmirovaniâ Jg. 30; H. 4; S. 79 - 94
Hauptverfasser: Kulik, T., Larsen, P.G.
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Russian Academy of Sciences, Ivannikov Institute for System Programming 01.10.2018
Schlagworte:
кибербезопасность, формальный анализ
стандарты кибербезопасности
ISSN:2079-8156, 2220-6426
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Cyber security standards are often used to ensure the security of industrial control systems. Nowadays, these systems are becoming more decentralized, making them more vulnerable to cyber attacks. One of the challenges of implementing cyber security standards for industrial control systems is the inability to verify early that they are compliant with the relevant standards. Cyber security standard compliance is also only validated and not formally verified, often not providing strong proofs of correct use of cyber security standard. In this paper, we propose an approach that uses formal analysis to achieve this. We formally define building blocks necessary to define the system formally in order to enable formal modeling of the system and carry out the analysis using the Alloy Analyzer. Our approach can be used at an early design stage, where problems are less expensive to correct, to ensure that the system has the desired security properties. We show the applicability of our approach by modeling two distinct cyber attacks and mitigations strategies used to defend against these attacks and also evaluate our approach based on its flexibility to handle and combine different aspects of the cyber security standards. We discuss the future directions of our research.
ISSN:2079-8156
2220-6426
DOI:10.15514/ISPRAS-2018-30(4)-5