Environmental Obfuscation of a Cyber Physical System - Vehicle Example

Cyber-Physical Systems (CPSs) are deeply embedded infrastructures that have significant cyber and physical components that interact with each other in complex ways. These interactions can violate a system´s security policy, leading to unintended information flow. The physical portion of such systems is inherently observable, and, as such, many methods of preserving confidentiality are not applicable. This fundamental property of CPSs presents new security challenges. To illustrate this, a vehicle composed of an embedded computer system, its operator, and its environment show how information is disclosed to an observer that is watching from the outside. The example is made of up a vehicle with an automated engine management system (smart cruise control) traveling across some terrain with an observer watching the vehicle. The information that is to be protected is the controller of the vehicle. This model is analyzed using formal models of information flow, namely nondeducibility and noninference. The vehicle´s operation, in context with the terrain of the road, discloses information to the observer. Context is important; the same information that was disclosed with one terrain type is hidden with a different terrain. This problem, its methodology, and results uncover problems, and solutions, based on the theory of information flow, to quantify security in these new types of systems.