Cyber-Physical Topology Language: Definition, Operations, and Application

Maintaining the resilience of a large-scale system requires an accurate view of the system´s cyber and physical state. The ability to collect, organize, and analyze state central to a system´s operation is thus important in today´s environment, in which the number and sophistication of security attacks are increasing. Although a variety of "sensors" (e.g., Intrusion Detection Systems, log files, and physical sensors) are available to collect system state information, it´s difficult for administrators to maintain and analyze the diversity of information needed to understand a system´s security state. Therefore, we have developed the Cyber-Physical Topology Language (CPTL) to represent and reason about system security. CPTL combines ideas from graph theory and formal logics, and provides a framework to capture relationships among the diverse types of sensor information. In this paper, we formally define CPTL as well as operations on CPTL models that can be used to infer a system´s security state. We then illustrate the use of CPTL in both the enterprise and electrical power domains and provide experimental results that illustrate the practicality of the approach.