Towards Provable Security in Industrial Control Systems Via Dynamic Protocol Attestation

TL;DR

This paper presents a formal, machine-checked protocol attestation method to enhance the security of industrial control systems against cyber attacks, ensuring safety properties even under adversarial conditions.

Contribution

It introduces a novel approach combining formal methods, domain-specific language, and dynamic attestation to enforce safe actions in ICS protocols, preventing cyber attacks.

Findings

Effective protocol enforcement demonstrated on Fischertechnik platform

Dynamic attestation maintains safety with acceptable latency and throughput

Formal proofs ensure protocol safety properties

Abstract

Industrial control systems (ICSs) increasingly rely on digital technologies vulnerable to cyber attacks. Cyber attackers can infiltrate ICSs and execute malicious actions. Individually, each action seems innocuous. But taken together, they cause the system to enter an unsafe state. These attacks have resulted in dramatic consequences such as physical damage, economic loss, and environmental catastrophes. This paper introduces a methodology that restricts actions using protocols. These protocols only allow safe actions to execute. Protocols are written in a domain specific language we have embedded in an interactive theorem prover (ITP). The ITP enables formal, machine-checked proofs to ensure protocols maintain safety properties. We use dynamic attestation to ensure ICSs conform to their protocol even if an adversary compromises a component. Since protocol conformance prevents unsafe actions, the previously mentioned cyber attacks become impossible. We demonstrate the effectiveness of our methodology using an example from the Fischertechnik Industry 4.0 platform. We measure dynamic attestation's impact on latency and throughput. Our approach is a starting point for studying how to combine formal methods and protocol design to thwart attacks intended to cripple ICSs.