Attack Surface Metrics and Privilege-based Reduction Strategies for Cyber-Physical Systems

TL;DR

This paper develops attack surface metrics and reduction strategies specifically for cyber-physical systems, integrating physical and cyber properties, and automates analysis using AADL models, demonstrated on a power grid case study.

Contribution

It introduces novel attack surface metrics for CPS, along with algorithms and tools integrated with AADL for automated analysis and reduction strategies.

Findings

Metrics effectively evaluate CPS attack surface

Algorithms identify reduction strategies in CPS models

Validated on a power grid case study

Abstract

Cybersecurity risks are often managed by reducing the system's attack surface, which includes minimizing the number of interconnections, privileges, and impacts of an attack. While attack surface reduction techniques have been frequently deployed in more traditional information technology (IT) domains, metrics tailored to cyber-physical systems (CPS) have not yet been identified. This paper introduces attack surface analysis metrics and algorithms to evaluate the attack surface of a CPS. The proposed approach includes both physical system impact metrics, along with a variety of cyber system properties from the software (network connections, methods) and operating system (privileges, exploit mitigations). The proposed algorithm is defined to incorporate with the Architecture Analysis \& Design Language (AADL), which is commonly used to many CPS industries to model their control system architecture, and tools have been developed to automate this analysis on an AADL model. Furthermore, the proposed approach is evaluated on a distribution power grid case study, which includes a 7 feeder distribution system, AADL model of the SCADA control centers, and analysis of the OpenDNP3 protocol library used in many real-world SCADA systems.