On the Identification and Analysis of Previously Unknown Linkages in Critical Infrastructure Systems

Monday, December 5, 2016
11:30 AM - 1:00 PM
(Pacific)

Encina Hall, 2nd floor

Abstract: Critical infrastructure systems including manufacturing facilities, ports, transportation systems, communications networks, and energy and water distribution systems often consist of many interacting components linked in complex ways. This can lead to unforeseen interactions among components that may not be expected or intended by the designers and operators of the system. These interactions constitute linkages within a system of which designers are generally unaware, and that therefore constitute a security vulnerability. In this talk, I will present and discuss a formal approach for identifying and analyzing the existence and severity of security vulnerabilities resulting from these previously unknown linkages (so-called implicit interactions) in critical infrastructure systems. The presence of these implicit interactions in a system can indicate unforeseen flaws that, if not mitigated, could be exploited by an attacker. This can have severe consequences in terms of the safety, security, and reliability of the system. Therefore, this notion of implicit interactions must be carefully managed in order to have systems that operate as intended, and that are resistant to cyber-attacks and failures. 

 
About the Speaker: Jason Jaskolka is a U.S. Department of Homeland Security Cybersecurity Postdoctoral Scholar at Stanford University within the Center for International Security and Cooperation (CISAC). He received his Ph.D. in Software Engineering in 2015 from McMaster University in Hamilton, Ontario, Canada. His research aims to address increasingly critical issues in designing and implementing safe, secure, and reliable systems. His current work involves the design and development of critical infrastructure cybersecurity assessment methodologies and associated modeling and simulation environments. His research interests include cybersecurity assurance, covert channel analysis, distributed multi-agent systems, and algebraic approaches to software engineering.