Cybersecurity Assurance for Critical Infrastructure
Research Team Leadership
- PI: John Villasenor, University of California at Los Angeles
- Co-PI: Jason Jaskolka, Carleton University
Protection of critical infrastructure is rapidly growing as one of the most important areas of cybersecurity. The primary goal of this project is to design and develop critical infrastructure cybersecurity assessment methodologies and associated modeling and simulation environments.
Critical infrastructures, and more broadly, nearly all safety-critical distributed systems, are large, complex, and consist of numerous components linked in complex ways. This leads to interactions that may not be expected or foreseen by the system designer, known as 'implicit interactions'. The presence of implicit interactions in a system can indicate unforeseen flaws—whether intentional or accidental, innocuous or malicious. Additionally, or alternatively, such interactions can be symptoms of intentionally compromised hardware and/or software specifically designed to remain undetected. Therefore, an understanding of implicit interactions is of vital importance to ensure that systems operate as intended and are resistant to cyber-attacks.
To address this need, we are developing a set of formal methods and tools for determining whether critical infrastructure systems are protected from cyber-threats. Moreover, formal verification and analytic tools are becoming critical to building systems with significantly higher security and safety assurance.
More specifically, we are working on a rigorous, formal methods-based approach for identifying and analyzing the existence of implicit component interactions in critical infrastructure systems. Our goal is to provide a formal understanding of how and why implicit interactions can exist in distributed systems, such as those commonly found in critical infrastructures. Additionally, the methods we are developing can identify deficiencies in important existing system components, allowing for better assessment of the risks being taken by using such components in critical systems.
This project is funded by the U.S. Department of Homeland Security through a contract with the Critical Infrastructure Resilience Institute (CIRI) at the University of Illinois.
Recent publications related to this project:
- Jason Jaskolka and John Villasenor. Identifying Implicit Component Interactions in Distributed Cyber-Physical Systems In Proceedings of the 50th Hawaii International Conference on System Sciences, HICSS-50, pages 5988–5997, Hilton Waikoloa Village, HI, U.S.A., January 2017.
- Jason Jaskolka and John Villasenor. An Approach for Identifying and Analyzing Implicit Interactions in Distributed Systems. IEEE Transactions on Reliability, 66(2):529-546, June 2017.
We are currently working on several more papers and will share as they become available.