Usability aware secret protection with minimum cost |
| |
| Affiliation: | 1. School of Automation, Northwestern Polytechnical University, China;2. Department of Electrical and Information Engineering, Osaka City University, Japan;3. Systems Control Group, Department of Electrical and Computer Engineering, University of Toronto, Canada |
| |
| Abstract: | In this paper we study a cybersecurity problem of protecting system’s secrets with multiple protections and a required security level, while minimizing the associated cost due to implementation/maintenance of these protections as well as the affected system usability. The target system is modeled as a discrete-event system (DES) in which there are a subset of marker states denoting the services/functions provided to regular users, a subset of secret states, and multiple subsets of protectable events with different security levels. We first introduce usability-aware cost levels for the protectable events, and then formulate the security problem as to ensure that every system trajectory that reaches a secret state contains a specified number of protectable events with at least a certain security level, and the highest usability-aware cost level of these events is minimum. We first provide a necessary and sufficient condition under which this security problem is solvable, and when this condition holds we propose an algorithm to solve the problem based on the supervisory control theory of DES. Moreover, we extend the problem to the case of heterogeneous secrets with different levels of importance, and develop an algorithm to solve this extended problem. Finally, we demonstrate the effectiveness of our solutions with a network security example. |
| |
| Keywords: | Usability Cybersecurity Secret protection Supervisory control theory Discrete-event systems Cyber–physical systems |
| 本文献已被 ScienceDirect 等数据库收录! |
|
