Visible to the public Security Analysis of Cloud-Connected Industrial Control Systems Using Combinatorial Testing

TitleSecurity Analysis of Cloud-Connected Industrial Control Systems Using Combinatorial Testing
Publication TypeConference Paper
Year of Publication2019
AuthorsTran-Jørgensen, Peter W. V., Kulik, Tomas, Boudjadar, Jalil, Larsen, Peter Gorm
Conference NameProceedings of the 17th ACM-IEEE International Conference on Formal Methods and Models for System Design
PublisherAssociation for Computing Machinery
Conference LocationLa Jolla, California
ISBN Number978-1-4503-6997-8
Keywordscombinatorial testing, formal verification, industrial control systems, Industrial Control Systems Anomaly Detection, model checking, pubcrawl, resilience, Resiliency, Scalability, VDM-SL
Abstract

Industrial control systems are moving from monolithic to distributed and cloud-connected architectures, which increases system complexity and vulnerability, thus complicates security analysis. When exhaustive verification accounts for this complexity the state space being sought grows drastically as the system model evolves and more details are considered. Eventually this may lead to state space explosion, which makes exhaustive verification infeasible. To address this, we use VDM-SL's combinatorial testing feature to generate security attacks that are executed against the model to verify whether the system has the desired security properties. We demonstrate our approach using a cloud-connected industrial control system that is responsible for performing safety-critical tasks and handling client requests sent to the control network. Although the approach is not exhaustive it enables verification of mitigation strategies for a large number of attacks and complex systems within reasonable time.

DOI10.1145/3359986.3361211
Citation Keytran-jorgensen_security_2019