In the era of Industry 5.0, securing Industrial Control Systems (ICS) is increasingly vital, especially when relying on legacy communication protocols like Modbus TCP that may lack built-in protection mechanisms. This paper addresses the challenge of preserving the confidentiality of internal system states from potential cyber adversaries through a security-by-design framework. We propose a novel approach that leverages Discrete Event Systems (DES) theory to model communication flows and applies probabilistic opacity to quantify the risk of state disclosure. Central to our method is the concept of selective encryption: instead of encrypting all messages, we strategically encrypt only those events that could reveal sensitive information. This gives rise to a budget-constrained optimization problem, where the goal is to enforce opacity under resource limitations. To solve this efficiently, we develop a greedy algorithm that maximizes security by allocating encryption effort to the most critical events. The proposed method is validated using a representative example featuring two distinct query types, demonstrating its capability to limit information leakage while keeping low the computational overhead.
Bonagura, V., Cavone, G., Pascucci, F. (2025). Security-by-Design with Cost-constrained Opacity Enforcement for Modbus TCP based Industrial Control Systems. In Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics (pp.1340-1345). Institute of Electrical and Electronics Engineers Inc. [10.1109/SMC58881.2025.11342867].
Security-by-Design with Cost-constrained Opacity Enforcement for Modbus TCP based Industrial Control Systems
Bonagura V.;Cavone G.;Pascucci F.
2025-01-01
Abstract
In the era of Industry 5.0, securing Industrial Control Systems (ICS) is increasingly vital, especially when relying on legacy communication protocols like Modbus TCP that may lack built-in protection mechanisms. This paper addresses the challenge of preserving the confidentiality of internal system states from potential cyber adversaries through a security-by-design framework. We propose a novel approach that leverages Discrete Event Systems (DES) theory to model communication flows and applies probabilistic opacity to quantify the risk of state disclosure. Central to our method is the concept of selective encryption: instead of encrypting all messages, we strategically encrypt only those events that could reveal sensitive information. This gives rise to a budget-constrained optimization problem, where the goal is to enforce opacity under resource limitations. To solve this efficiently, we develop a greedy algorithm that maximizes security by allocating encryption effort to the most critical events. The proposed method is validated using a representative example featuring two distinct query types, demonstrating its capability to limit information leakage while keeping low the computational overhead.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
