System and method for modeling and analyzing the impact of cyber-security events on cyber-physical systems

US 10,262,143 B2
Filed: 09/13/2016
Issued: 04/16/2019
Est. Priority Date: 09/13/2016
Status: Active Grant

First Claim

Patent Images

1. A method for simulating a cyber-physical system, wherein the method is performed at one or more hardware processors configured to execute one or more programs stored in a memory of a computing system, the method comprising:

receiving a definition of a scope of a simulation;

generating a mapping of a cyber simulation model to a control system simulation model,wherein the cyber simulation model is configured to model a software and hardware architecture of the cyber-physical system; and

wherein the control system simulation model is configured to model a physical behavior of the cyber-physical system;

selecting one or more fault models, wherein the selected fault models are based on the received definition of the scope of the simulation;

generating one or more attack plans for the cyber simulation model, wherein the one or more attack plans are based on the selected one or more fault models;

generating one or more attack hooks for the control system simulation model, wherein the one or more attack hooks are based on the generated mapping of the cyber simulation model to the control system model and based on the generated one or more attack packs for the cyber simulation model;

modifying the control system simulation model to include the one or more generated attack hooks; and

executing a simulation on the modified control system simulation model.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for systematically undertaking model-based security analysis of a cyber physical system (CPS) is provided. In one example, a cyber model simulation and a control system simulation are mapped using various methods to determine which portions of the cyber-model simulation and the control system simulation are correlated with one another. Using the determined correlation, when a cyber-attack is generated on the cyber model simulation, a corresponding attack hook can be generated for the control system model. The attack hook is configured to be integrated into the control system model so as to mimic the effect on the control system that a cyber-attack can engender. Once one or more attack hooks are generated, the user can place the hooks into the control system simulation schemas and run a series of simulations to determine the effects of a cyber event on the control system in a CPS.

Citations

40 Claims

1. A method for simulating a cyber-physical system, wherein the method is performed at one or more hardware processors configured to execute one or more programs stored in a memory of a computing system, the method comprising:
- receiving a definition of a scope of a simulation;
  
  generating a mapping of a cyber simulation model to a control system simulation model,wherein the cyber simulation model is configured to model a software and hardware architecture of the cyber-physical system; and
  
  wherein the control system simulation model is configured to model a physical behavior of the cyber-physical system;
  
  selecting one or more fault models, wherein the selected fault models are based on the received definition of the scope of the simulation;
  
  generating one or more attack plans for the cyber simulation model, wherein the one or more attack plans are based on the selected one or more fault models;
  
  generating one or more attack hooks for the control system simulation model, wherein the one or more attack hooks are based on the generated mapping of the cyber simulation model to the control system model and based on the generated one or more attack packs for the cyber simulation model;
  
  modifying the control system simulation model to include the one or more generated attack hooks; and
  
  executing a simulation on the modified control system simulation model.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein generating a mapping of the cyber simulation model to the control system model comprises:
    - generating one or more versions of the cyber simulation model, wherein a plurality of the versions of the cyber simulation model are based on a different description of the cyber simulation model; and
      
      generating one or more versions of the control system simulation model, wherein each version of the control system simulation model is based on a different abstraction of the control system simulation model.
  - 3. The method of claim 2, wherein generating a mapping of the cyber simulation model to the control system model further comprises:
    - comparing the generated one or more versions of the cyber simulation model with the one or more versions of the control system simulation model; and
      
      determining a most probable mapping between the one or more versions of the cyber simulation model and the one or more versions of the control system simulation model, wherein the determination is based on the comparison between the generated one or more versions of the cyber simulation model and the one or more versions of the control system simulation model.
  - 4. The method of claim 3, wherein comparing the generated one or more versions of the cyber simulation model with the one or more versions of the control system simulation model includes determining one or more lexical similarities between the generated one or more versions of the cyber simulation model and the one or more versions of the control system simulation model.
  - 5. The method of claim 3, wherein comparing the generated one or more versions of the cyber simulation model with the one or more versions of the control system simulation model includes determining one or more behavioral similarities between the generated one or more versions of the cyber simulation model and the one or more versions of the control system simulation model.
  - 6. The method of claim 3, wherein comparing the generated one or more versions of the cyber simulation model with the one or more versions of the control system simulation model includes determining one or more structural similarities between the generated one or more versions of the cyber simulation model and the one or more versions of the control system simulation model.
  - 7. The method of claim 1, wherein generating one or more attack plans for the cyber simulation model comprises:
    - determining and selecting one or more minimal cut sets of the selected one or more fault models.
  - 8. The method of claim 7, wherein generating one or more attack plans for the cyber simulation model further comprises:
    - determining if each selected minimal cut set is cyber inducible; and
      
      generating the one or more attack plans for the cyber simulation model based on the one or more minimal cut sets determined to be cyber inducible.
  - 9. The method of claim 1, wherein generating one or more attack hooks for the control system simulation model comprises:
    - observing one or more events on the cyber simulation model based on the generated attack plans; and
      
      determining a corresponding one or more events on the control simulation model based on the observed one or more events on the cyber simulation model and the generated mapping of the cyber simulation model to the control system simulation model.
  - 10. The method of claim 1, wherein modifying the control system simulation model to include one or more generated attack hooks includes inserting the attack hooks into the control system simulation model so as to mimic the effect of the one or more attack packs on the control system simulation model.
  - 11. The method of claim 1, wherein executing a simulation of the modified control system simulation model comprises:
    - selecting one or more run configurations of the control system simulation model; and
      
      executing a simulation on each of the one or more run configurations of the control system simulation model.
  - 12. The method of claim 1, wherein the cyber simulation model is implemented using Architecture Analysis &
    - Design Language (AADL).
  - 13. The method of claim 1, wherein the control system simulation model is implemented using Simulink.

14. A non-transitory computer readable storage medium having stored thereon a set of instructions for simulating a cyber-physical system that when executed by a computing device, cause the computing device to:
- receive a definition of a scope of a simulation;
  
  generate a mapping of a cyber simulation model to a control system simulation model;
  
  wherein the cyber simulation model is configured to model a software and hardware architecture of the cyber-physical system; and
  
  wherein the control system simulation model is configured to model a physical behavior of the cyber-physical system;
  
  select one or more fault models, wherein the selected fault models are based on the received definition of the scope of the simulation;
  
  generate one or more attack plans for the cyber simulation model, wherein the one or more attack plans are based on the imported one or more fault models;
  
  generate one or more attack hooks for the control system simulation model, wherein the one or more attack hooks are based on the generated mapping of the cyber simulation model to the control system model and based on the generated one or more attack packs for the cyber simulation model;
  
  modify the control system simulation model to include the one or more generated attack hooks; and
  
  execute a simulation on the modified control system simulation model.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The non-transitory computer readable storage medium of claim 14, wherein generating a mapping of the cyber simulation model to the control system model comprises:
    - generating one or more versions of the cyber simulation model, wherein a plurality of the versions of the cyber simulation model are based on a different description of the cyber simulation model; and
      
      generating one or more versions of the control system simulation model, wherein each version of the control system simulation model is based on a different abstraction of the control system simulation model.
  - 16. The non-transitory computer readable storage medium of claim 15, wherein generating a mapping of the cyber simulation model to the control system model further comprises:
    - comparing the generated one or more versions of the cyber simulation model with the one or more versions of the control system simulation model; and
      
      determining a most probable mapping between the one or more versions of the cyber simulation model and the one or more versions of the control system simulation model, wherein the determination is based on the comparison between the generated one or more versions of the cyber simulation model and the one or more versions of the control system simulation model.
  - 17. The non-transitory computer readable storage medium of claim 16, wherein comparing the generated one or more versions of the cyber simulation model with the one or more versions of the control system simulation model includes determining one or more lexical similarities between the generated one or more versions of the cyber simulation model and the one or more versions of the control system simulation model.
  - 18. The non-transitory computer readable storage medium of claim 16, wherein comparing the generated one or more versions of the cyber simulation model with the one or more versions of the control system simulation model includes determining one or more behavioral similarities between the generated one or more versions of the cyber simulation model and the one or more versions of the control system simulation model.
  - 19. The non-transitory computer readable storage medium of claim 16, wherein comparing the generated one or more versions of the cyber simulation model with the one or more versions of the control system simulation model includes determining one or more structural similarities between the generated one or more versions of the cyber simulation model and the one or more versions of the control system simulation model.
  - 20. The non-transitory computer readable storage medium of claim 14, wherein generating one or more attack plans for the cyber simulation model comprises:
    - determining and selecting one or more minimal cut sets of the selected one or more fault models.
  - 21. The non-transitory computer readable storage medium of claim 20, wherein generating one or more attack plans for the cyber simulation model further comprises:
    - determining if each selected minimal cut set is cyber inducible; and
      
      generating the one or more attack plans for the cyber simulation model based on the one or more minimal cut sets determined to be cyber inducible.
  - 22. The non-transitory computer readable storage medium of claim 14, wherein generating one or more attack hooks for the control system simulation model comprises:
    - observing one or more events on the cyber simulation model based on the generated attack plans; and
      
      determining a corresponding one or more events on control simulation model based on the observed one or more events on the cyber simulation model and the generated mapping of the cyber simulation model to the control system simulation model.
  - 23. The non-transitory computer readable storage medium of claim 14, wherein modifying the control system simulation model to include one or more generated attack hooks includes inserting the attack hooks into the control system simulation model so as to mimic the effect of the one or more attack packs on the control system simulation model.
  - 24. The non-transitory computer readable storage medium of claim 14, wherein executing a simulation of the modified control system simulation model comprises:
    - selecting one or more run configurations of the control system simulation model; and
      
      executing a simulation on each of the one or more run configuration of the control system simulation model.
  - 25. The non-transitory computer readable storage medium of claim 14, wherein the cyber simulation model is implemented using Architecture Analysis &
    - Design Language (AADL).
  - 26. The non-transitory computer readable storage medium of claim 14, wherein the control system simulation model is implemented using Simulink.

27. A computing system comprising:
- a memory;
  
  one or more hardware processors; and
  
  one or more programs configured to simulate a cyber-physical system, wherein the one or more programs are stored in the memory and configured to be executed by the one or more hardware processors, the one or more programs when executed by the one or more hardware processors cause the hardware processor to;
  
  receive a definition of a scope of a simulation;
  
  generate a mapping of a cyber simulation model to a control system simulation model;
  
  wherein the cyber simulation model is configured to model a software and hardware architecture of the cyber-physical system; and
  
  wherein the control system simulation model is configured to model a physical behavior of the cyber-physical system;
  
  select one or more fault models, wherein the selected fault models are based on the received definition of the scope of the simulation;
  
  generate one or more attack plans for the cyber simulation model, wherein the one or more attack plans are based on the imported one or more fault models;
  
  generate one or more attack hooks for the control system simulation model, wherein the one or more attack hooks are based on the generated mapping of the cyber simulation model to the control system model and based on the generated one or more attack packs for the cyber simulation model;
  
  modify the control system simulation model to include the one or more generated attack hooks; and
  
  execute a simulation on the modified control system simulation model.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 28. The computing system of claim 27, wherein generating a mapping of the cyber simulation model to the control system model comprises:
    - generating one or more versions of the cyber simulation model, wherein a plurality of the versions of the cyber simulation model are based on a different description of the cyber simulation model; and
      
      generating one or more versions of the control system simulation model, wherein each version of the control system simulation model is based on a different abstraction of the control system simulation model.
  - 29. The computing system of claim 28, wherein generating a mapping of the cyber simulation model to the control system model further comprises:
    - comparing the generated one or more versions of the cyber simulation model with the one or more versions of the control system simulation model; and
      
      determining a most probable mapping between the one or more versions of the cyber simulation model and the one or more versions of the control system simulation model, wherein the determination is based on the comparison between the generated one or more versions of the cyber simulation model and the one or more versions of the control system simulation model.
  - 30. The computing system of claim 29, wherein comparing the generated one or more versions of the cyber simulation model with the one or more versions of the control system simulation model includes determining one or more lexical similarities between the generated one or more versions of the cyber simulation model and the one or more versions of the control system simulation model.
  - 31. The computing system of claim 29, wherein comparing the generated one or more versions of the cyber simulation model with the one or more versions of the control system simulation model includes determining one or more behavioral similarities between the generated one or more versions of the cyber simulation model and the one or more versions of the control system simulation model.
  - 32. The computing system of claim 29, wherein comparing the generated one or more versions of the cyber simulation model with the one or more versions of the control system simulation model includes determining one or more structural similarities between the generated one or more versions of the cyber simulation model and the one or more versions of the control system simulation model.
  - 33. The computing system of claim 27, wherein generating one or more attack plans for the cyber simulation model comprises:
    - determining and selecting one or more minimal cut sets of the selected one or more fault models.
  - 34. The computing system of claim 33, wherein generating one or more attack plans for the cyber simulation model further comprises:
    - determining if each selected minimal cut set is cyber inducible; and
      
      generating the one or more attack plans for the cyber simulation model based on the one or more minimal cut sets determined to be cyber inducible.
  - 35. The computing system of claim 27, wherein generating one or more attack hooks for the control system simulation model comprises:
    - observing one or more events on the cyber simulation model based on the generated attack plans; and
      
      determining a corresponding one or more events on control simulation model based on the observed one or more events on the cyber simulation model and the generated mapping of the cyber simulation model to the control system simulation model.
  - 36. The computing system of claim 27, wherein modifying the control system simulation model to include one or more generated attack hooks includes inserting the attack hooks into the control system simulation model so as to mimic the effect of the one or more attack packs on the control system simulation model.
  - 37. The computing system of claim 27, wherein executing a simulation of the modified control system simulation model comprises:
    - selecting one or more run configurations of the control system simulation model; and
      
      executing a simulation on each of the one or more run configuration of the control system simulation model.
  - 38. The computing system of claim 27, wherein the cyber simulation model is implemented using Architecture Analysis &
    - Design Language (AADL).
  - 39. The computing system of claim 27, wherein the control system simulation model is implemented using Simulink.
  - 40. The computing system of claim 27, wherein the one or more processors are further configured to determine one or more system vulnerabilities based on the executed simulation run.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mitre Corporation
Original Assignee
Mitre Corporation
Inventors
Thomas, Roshan K., Hatfield, Mary C., Lozano, Ivan, Overly, Edward, Korb, Joel G., Vu, Jimmy
Primary Examiner(s)
Lemma, Samson B

Application Number

US15/264,028
Publication Number

US 20180075243A1
Time in Patent Office

945 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

G06F 30/20 Design optimisation, verifi...

System and method for modeling and analyzing the impact of cyber-security events on cyber-physical systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for modeling and analyzing the impact of cyber-security events on cyber-physical systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links