1 / 19

Model Checking for Survivability Evaluation Critical Infrastructures

Model Checking for Survivability Evaluation Critical Infrastructures. Boudewijn R. Haverkort University of Twente Dutch Model Checking Day May 9, 2014. Contents. Critical infrastructures Survivability A sewage cleaning facility example Discussion. What are critical infrastructures?.

kira
Download Presentation

Model Checking for Survivability Evaluation Critical Infrastructures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Model Checking for Survivability Evaluation Critical Infrastructures Boudewijn R. HaverkortUniversity of TwenteDutch Model Checking DayMay 9, 2014

  2. Contents • Critical infrastructures • Survivability • A sewage cleaning facility example • Discussion Survivability evaluation of critical infrastructures

  3. What are critical infrastructures? • No formal “final” definition, however, every country maintains a list of what are considered the country’s CI’s • In NL: 11 CI’s have been identified, among them, the water, gas, and electricity networks Survivability evaluation of critical infrastructures

  4. Critical infrastructures are becoming more critical! • Cascading failures in/between infrastructures • Heavy reliance on integrated ICT (SCADA), which is neverfault-free and susceptible to attacks Metro, May 7, 2014 Survivability evaluation of critical infrastructures

  5. Questions & Challenges • How to predict the effects of attacks or failures? • On the critical infrastructuresthemselves, for its users? Economically? • What are the changes upon occurrence? • Is there suitable measurement data available? • Are there models available? • How could such models help? Survivability evaluation of critical infrastructures

  6. What is survivability? • Widely studied in the literature, in many different application fields • “the ability of a system to recover predefined service levels in a timely mannerafter the occurrence of a disaster” • System ability: system boundaries to be defined • Predefined levels of service: to be defined by user • Timely manner: user requirement (politics) • Disaster: any severe disturbance (from component failure to heavy rain or a hurricane) Survivability evaluation of critical infrastructures

  7. GOOD vs. ROOD models • GOOD: Given Occurrence Of Disaster • ROOD: Random Occurrence Of Disaster • GOOD models start with a disaster, hence, there is no need to model the “failure process” or the “disaster probability” • GOOD models avoid: • estimating rare-event disaster probabilities • estimating attack success probabilities • stiffness in model evaluations Survivability evaluation of critical infrastructures

  8. Modelling challenges Stochastic hybrid models • What should be put into the models? • Physical processes (continuous) • ICT processes (discrete) • Randomness and/or non-determinism • Policy decisions • … • How do you want to evaluate your models? • Analytically (fast but limited) model checking • Simulation (slower, but more general, hidden complications) Survivability evaluation of critical infrastructures

  9. Three recent approaches • Electricity: combines behavioral decomposition, a Markovian recovery process with measurement data to evaluate “expected energy not supplied, per hour” • Gas: combines behavioral decomposition, a non-Markovian recovery process with fluid dynamic models to evaluate “time to recovery distribution” • Water: integrated model, combining limited stochastic events with fluid-flow models to evaluate time-dependent survivability probabilities • All models are GOOD Survivability evaluation of critical infrastructures

  10. Water infrastructure • Water provisioning is a legal task of water companies  fines for non-delivery! • Sewage cleaning is important for society • Very large-scale plants (large volumes/space) • Heavy use of SCADA networksand “limited” cyber-security culture • Highly vulnerable for “events” Survivability evaluation of critical infrastructures

  11. Sewagecleaning facility in Enschede FC Twente University of Twente. Twente kanaal Survivability evaluation of critical infrastructures

  12. Severe flooding at heavy rain What are the changes of this not happening? Survivability evaluation of critical infrastructures

  13. Obtained the plant information… Survivability evaluation of critical infrastructures

  14. Made the models as HPnG HPnG: Hybrid Petri Net with General One-Shot Transitions “street” Deterministic failure time (a) of pump Tz Random repair time Survivability evaluation of critical infrastructures

  15. What do we want to know? • Street should remain clean after occurrence of pump failure, and pump should be repaired quickly • Prob{ “street clean” until“pump repaired” within “30 hours after failure” } • In Stochastic Time Logic: • Prob{ (P0= 0) Until[a, a+30] (Pr= 1) } recovery condition within 30 hours after failure safety condition • Fully automated analytical approach for model checking STL on HPnG Survivability evaluation of critical infrastructures

  16. and computed results… Survivability evaluation of critical infrastructures

  17. Remarks • HPnG analysis done independently from distribution of random event • Distribution of random events is brought in afterwards, via deconditioning  very fast • Initially limited to one random event only • Extension developed ( Formats 2014), but exponential in #random events • Simple tool support available: (https://code.google.com/p/fluid-survival-tool/) Survivability evaluation of critical infrastructures

  18. To wrap-up • Introduced: • critical infrastructures • notion of survivabilityand GOOD models • Survivability is exactly what policy makers or utility companies want to know about • Advocated the use of model checking for survivability evaluations (time-bounded until) • Illustrated it for a sewage cleaning facility Survivability evaluation of critical infrastructures

  19. Literature • B.R. Haverkort et al., “Survivability Evaluation of Gas, Water and Electricity Infrastructures”, Proceedings Practical Applications of Stochastic Modeling, May 13, 2014, Newcastle (forthcoming in Electronic Notes in Theoretical Computer Science), features over 60 references! • H. Ghasemieh, A.K.I. Remke, B.R. Haverkort.Survivabilityevaluation of fluid critical infrastructures using hybrid Petri nets. In: Proceedings of the 19th IEEE Pacific Rim International Symposium on Dependable Computing2013, Vancouver, Canada. IEEE Computer Society. • H. Ghasemieh, A.K.I.Remke, B.R. Haverkort.Analysisof a sewage treatment facility using hybrid Petri nets. In: Proceedings of the 7th International Conference on Performance Evaluation Methodologies and Tools, ACM VALUETOOLS 2013, Torino, Italy. • H. Ghasemieh, A.K.I. Remke, B.R. Haverkort, M. GribaudoRegion-Based Analysis of Hybrid Petri Nets with a Single General One-Shot Transition. In: 10th International Conference on Formal Modeling and Analysis of Timed Systems (FORMATS 2012), London, UK. pp. 139-154. Lecture Notes in Computer Science 7595. • L. Cloth, B.R. Haverkort.Model Checking for Survivability. Proc. QEST 2005: 145-154. IEEE Computer Society, 2005. Survivability evaluation of critical infrastructures

More Related