Yoneda Hacking: The Algebra of Attacker Actions
Date
2022-04-13
Authors
Major Professor
Advisor
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Our work focuses on modeling the security of systems from their component-level designs. Towards this goal, we develop a categorical formalism to model attacker actions. Equipping the categorical formalism with algebras produces two interesting results for security modeling. First, using the Yoneda lemma, we can model attacker reconnaissance missions. In this context, the Yoneda lemma shows us that if two system representations, one being complete and the other being the attacker's incomplete view, agree at every possible test, they behave the same. The implication is that attackers can still successfully exploit the system even with incomplete information. Second, we model the potential changes to the system via an exploit. An exploit either manipulates the interactions between system components, such as providing the wrong values to a sensor, or changes the components themselves, such as controlling a global positioning system (GPS). One additional benefit of using category theory is that mathematical operations can be represented as formal diagrams, helpful in applying this analysis in a model-based design setting. We illustrate this modeling framework using an unmanned aerial vehicle (UAV) cyber-physical system model. We demonstrate and model two types of attacks (1) a rewiring attack, which violates data integrity, and (2) a rewriting attack, which violates availability.
Series Number
Journal Issue
Is Version Of
Versions
Series
Academic or Administrative Unit
Type
Preprint
Comments
This preprint is available as Bakirtzis, Georgios, Fabrizio Genovese, and Cody H. Fleming. "Yoneda Hacking: The Algebra of Attacker Actions." arXiv preprint arXiv:2103.00044 (2021). doi: https://doi.org/10.48550/arXiv.2103.00044.
Published as Bakirtzis, Georgios, Fabrizio Genovese, and Cody H. Fleming. "Yoneda hacking: The algebra of attacker actions." ACM Transactions on Cyber-Physical Systems (TCPS) 6, no. 3 (2022): 1-27. doi: https://doi.org/10.1145/3531063.