A Formal Adversary Capability Model for SCADA Environments. / Mcevoy, Richard; Wolthusen, Stephen D.

Proceedings of the 5th International Workshop on Critical Information Infrastructures Security (CRITIS 2010). Springer-Verlag, 2010. p. 93-103.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

A Formal Adversary Capability Model for SCADA Environments. / Mcevoy, Richard; Wolthusen, Stephen D.

Proceedings of the 5th International Workshop on Critical Information Infrastructures Security (CRITIS 2010). Springer-Verlag, 2010. p. 93-103.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Mcevoy, R & Wolthusen, SD 2010, A Formal Adversary Capability Model for SCADA Environments. in Proceedings of the 5th International Workshop on Critical Information Infrastructures Security (CRITIS 2010). Springer-Verlag, pp. 93-103. https://doi.org/10.1007/978-3-642-21694-7_8

APA

Mcevoy, R., & Wolthusen, S. D. (2010). A Formal Adversary Capability Model for SCADA Environments. In Proceedings of the 5th International Workshop on Critical Information Infrastructures Security (CRITIS 2010) (pp. 93-103). Springer-Verlag. https://doi.org/10.1007/978-3-642-21694-7_8

Vancouver

Mcevoy R, Wolthusen SD. A Formal Adversary Capability Model for SCADA Environments. In Proceedings of the 5th International Workshop on Critical Information Infrastructures Security (CRITIS 2010). Springer-Verlag. 2010. p. 93-103 https://doi.org/10.1007/978-3-642-21694-7_8

Author

Mcevoy, Richard ; Wolthusen, Stephen D. / A Formal Adversary Capability Model for SCADA Environments. Proceedings of the 5th International Workshop on Critical Information Infrastructures Security (CRITIS 2010). Springer-Verlag, 2010. pp. 93-103

BibTeX

@inproceedings{95478d86aa3d45b883b356088c538564,
title = "A Formal Adversary Capability Model for SCADA Environments",
abstract = "Conventional adversary models used in the analysis of cryptographic protocols such as the Dolev-Yao model and variants rely on a simple communication model in which an adversary fully participates in network communication. In the case of control (supervisory control and data acquisition, SCADA) systems, this set of assumptions can lead to undesirable results as constraints on communication affect both defender and adversary capabilities. These include a restricted topology for message passing and real-time processing constraints resulting in message prioritisation. We therefore propose an alternative adversary model explicitly capturing these constraints. We use a π-calculus variant to reason about priorities and constraints on messages (names) and explicitly model multiple adversarial agents rather than a single omnipotent adversary so as to capture synchronisation and communication effects. As an example of the model{\textquoteright}s capabilities, we derive targets for intrusion detection based on constraints on adversary action resulting from adversary-agent communication capabilities. ",
author = "Richard Mcevoy and Wolthusen, {Stephen D.}",
year = "2010",
doi = "10.1007/978-3-642-21694-7_8",
language = "English",
isbn = "978-3-642-21694-7",
pages = "93--103",
booktitle = "Proceedings of the 5th International Workshop on Critical Information Infrastructures Security (CRITIS 2010)",
publisher = "Springer-Verlag",

}

RIS

TY - GEN

T1 - A Formal Adversary Capability Model for SCADA Environments

AU - Mcevoy, Richard

AU - Wolthusen, Stephen D.

PY - 2010

Y1 - 2010

N2 - Conventional adversary models used in the analysis of cryptographic protocols such as the Dolev-Yao model and variants rely on a simple communication model in which an adversary fully participates in network communication. In the case of control (supervisory control and data acquisition, SCADA) systems, this set of assumptions can lead to undesirable results as constraints on communication affect both defender and adversary capabilities. These include a restricted topology for message passing and real-time processing constraints resulting in message prioritisation. We therefore propose an alternative adversary model explicitly capturing these constraints. We use a π-calculus variant to reason about priorities and constraints on messages (names) and explicitly model multiple adversarial agents rather than a single omnipotent adversary so as to capture synchronisation and communication effects. As an example of the model’s capabilities, we derive targets for intrusion detection based on constraints on adversary action resulting from adversary-agent communication capabilities.

AB - Conventional adversary models used in the analysis of cryptographic protocols such as the Dolev-Yao model and variants rely on a simple communication model in which an adversary fully participates in network communication. In the case of control (supervisory control and data acquisition, SCADA) systems, this set of assumptions can lead to undesirable results as constraints on communication affect both defender and adversary capabilities. These include a restricted topology for message passing and real-time processing constraints resulting in message prioritisation. We therefore propose an alternative adversary model explicitly capturing these constraints. We use a π-calculus variant to reason about priorities and constraints on messages (names) and explicitly model multiple adversarial agents rather than a single omnipotent adversary so as to capture synchronisation and communication effects. As an example of the model’s capabilities, we derive targets for intrusion detection based on constraints on adversary action resulting from adversary-agent communication capabilities.

U2 - 10.1007/978-3-642-21694-7_8

DO - 10.1007/978-3-642-21694-7_8

M3 - Conference contribution

SN - 978-3-642-21694-7

SP - 93

EP - 103

BT - Proceedings of the 5th International Workshop on Critical Information Infrastructures Security (CRITIS 2010)

PB - Springer-Verlag

ER -