Towards Systematically Deriving Defence Mechanisms from Functional Requirements of Cyber-Physical Systems

TL;DR

This paper introduces a systematic approach to derive invariants from functional requirements of cyber-physical systems, aiming to improve early detection of attacks and reduce design costs.

Contribution

It presents a novel method inspired by axiomatic design to derive invariants before system implementation, enhancing security and robustness.

Findings

Successfully applied to a water treatment plant testbed

Detected attack examples with high accuracy

No false positives in the preliminary study

Abstract

The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated the development of different attack detection mechanisms, such as those that monitor for violations of invariants, i.e. properties that always hold in normal operation. Given the complexity of CPSs, several existing approaches focus on deriving invariants automatically from data logs, but these can miss possible system behaviours if they are not represented in that data. Furthermore, resolving any design flaws identified in this process is costly, as the CPS is already built. In this position paper, we propose a systematic method for deriving invariants before a CPS is built by analysing its functional requirements. Our method, inspired by the axiomatic design methodology for systems, iteratively analyses dependencies in the design to construct equations and process graphs that model the invariant relationships between CPS components. As a preliminary study, we applied it to the design of a water treatment plant testbed, implementing checkers for two invariants by using decision trees, and finding that they could detect some examples of attacks on the testbed with high accuracy and without false positives. Finally, we explore how developing our method further could lead to more robust CPSs and reduced costs by identifying design weaknesses before systems are implemented.