Departmental Papers (CIS)

Date of this Version

10-2019

Document Type

Conference Paper

Comments

The Best Paper Award at 17th ACM-IEEE International Conference on Formal Methods and Models for Codesign (MemoCODE 2019)
San Diego, USA
October 9 - 11, 2019


Abstract

Information flow analysis is an effective way to check useful security properties, such as whether secret information can leak to adversaries. Despite being widely investigated in the realm of programming languages, information-flow- based security analysis has not been widely studied in the domain of cyber-physical systems (CPS). CPS provide interesting challenges to traditional type-based techniques, as they model mixed discrete-continuous behaviors and are usually expressed as a composition of state machines. In this paper, we propose a lightweight static analysis methodology that enables information security properties for CPS models.We introduce a set of security rules for hybrid automata that characterizes the property of non-interference. Based on those rules, we propose an algorithm that generates security constraints between each sub-component of hybrid automata, and then transforms these constraints into a directed dependency graph to search for non-interference violations. The proposed algorithm can be applied directly to parallel compositions of automata without resorting to model-flattening techniques. Our static checker works on hybrid systems modeled in Simulink/Stateflow format and decides whether or not the model satisfies non-interference given a user-provided security annotation for each variable. Moreover, our approach can also infer the security labels of variables, allowing a designer to verify the correctness of partial security annotations. We demonstrate the potential benefits of the proposed methodology on two case studies.

Subject Area

CPS Formal Methods, CPS Security

Publication Source

17th ACM-IEEE International Conference on Formal Methods and Models for Codesign (MemoCODE 2019)

DOI

10.1145/3359986.3361212

Keywords

information flow security, static analysis, hybrid systems, Simulink/Stateflow

Share

COinS
 

Date Posted: 06 November 2019

This document has been peer reviewed.