Over the last year, the Internet of Things (IoT) drove the development of cyber-physical systems, leading the convergence between information and operational technologies. This coupling improves performances and saves costs but increases the number of vulnerabilities and the attack surface to malicious actors. Consequently, it is mandatory to understand how IoT devices can be properly integrated into a more secure environment. This issue is even more crucial in the field of Critical Infrastructures, such as energy, water, transportation, and telecommunications. To this aim, this paper analyzes the concept of opacity for Discrete Event Systems (DES) and applies it to a real system. The opacity describes the ability of the system to keep some states secret even if an attacker knows the happening of some events. The proposed approach is validated by applying the concept of opacity on the analysis over a simple system. It is demonstrated that opacity can be guaranteed and exploited when systems having different levels of security are integrated.
Colelli, R., Foglietta, C., Panzieri, S., Pascucci, F. (2019). An opacity approach for security exposure of IoT components in critical infrastructures. In Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics (pp.427-432). Institute of Electrical and Electronics Engineers Inc. [10.1109/SMC.2019.8914291].
An opacity approach for security exposure of IoT components in critical infrastructures
Colelli R.;Foglietta C.;Panzieri S.;Pascucci F.
2019-01-01
Abstract
Over the last year, the Internet of Things (IoT) drove the development of cyber-physical systems, leading the convergence between information and operational technologies. This coupling improves performances and saves costs but increases the number of vulnerabilities and the attack surface to malicious actors. Consequently, it is mandatory to understand how IoT devices can be properly integrated into a more secure environment. This issue is even more crucial in the field of Critical Infrastructures, such as energy, water, transportation, and telecommunications. To this aim, this paper analyzes the concept of opacity for Discrete Event Systems (DES) and applies it to a real system. The opacity describes the ability of the system to keep some states secret even if an attacker knows the happening of some events. The proposed approach is validated by applying the concept of opacity on the analysis over a simple system. It is demonstrated that opacity can be guaranteed and exploited when systems having different levels of security are integrated.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
