Download pptx - External observer with limited observability cannot deduce operation

Transcript
Page 1: External observer with limited observability cannot deduce operation

The contribution of this work has been the application of formal methods for secure operations of cyber-physical systems

External observer in above scenarios obtains partial information about the entire grid which is not critical where as the internal observer with out DGI can deduce the physical operation on the grid; however, due to the cyber activity involving power balancing, confidentiality is not violated

The operation of the system with every node having DGI might lead to malicious threats as outlined; means to mitigate them should be developed

External observer with limited observability cannot deduce operation

Internal Observer without DGI cannot deduce about the system with out DGI

Internal Observer without DGI cannot deduce about the system composed with DGI

Each node in this case can be represented in SPA as below:

Power flow in the shared power bus is an invariant function of individual gateway loads of the participating nodes and the draw from or contribution to the utility grid

Such a system can be defined as below:

The DGI algorithm can be represented in SPA as below

Future smart grids integrate distributed renewable energy resources (DRER), distributed energy storage devices (DESD), LOADs, and solid state transformers (SST)

The Distributed Grid Intelligence (DGI) applies distributed algorithms in a unique way to achieve economically feasible utilization and storage of alternative energy sources in a distributed fashion

Security and Privacy in a Future Smart GridStudent: Ravi Akella, Department of

Computer Science

Faculty Advisor: Dr. Bruce McMillin, Department of Computer Science

Encoding algorithmic and flow semantics for model checking

The impacts of using the available partial information at substation level could become critical to protect in context of multiple grids tied to the utility

Usage patterns and social regulations impose new challenges

This work was supported in part by the Future Renewable Electric Energy Distribution Management Center; a National Science Foundation supported Engineering Research Center, under grant NSF EEC-0812121 and NSF CSR award CCF-0614633 and Intelligent Systems Center at Missouri S&T.

Modeling of the scenarios are preformed in a Security Process Algebraic (SPA) approach

Information flow models are then applied to verify confidentiality

CONFIDENTIALITY WITH NO DGI

• Partial information about load states of other nodes can be obtained by being a part of the DGI subsystem

Normal

• Knows about nodes in Demand state and their costs which are sent in response to a supply request to estimate migration

Supply

• Respond to Supply requests with cost to get an approximation of the supply node cost

Demand

CONFIDENTIALITY WITH DGI

FUTURE WORK

APPROACHINTRODUCTION

OBJECTIVES

ACKNOWLEDGEMENTS

Model different behaviors of the system using Formal tools- This includes capturing of the inherent concurrency, temporal and non-deterministic elements of the system along with its physical representation

Analyze the confidentiality of information flow in various scenarios and model secure operations in the cyber-physical infrastructure- Physically observable behavior at the cyber-physical boundary and the nature of physical events in the system could violate security and privacy

The Power balancing algorithm keeps all nodes “balanced” with respect to their Supply, Demand and Normal states

Pass messages negotiating load changes until the system has stabilized

Every node maintains partial information of other nodes in the system

CONCLUSIONS

Would you sign up for a discount with your power company in exchange for surrendering control of your thermostat? What if it means that, one day, your auto insurance company will know that you regularly arrive

home on weekends at 2:15 a.m., just after the bars close? (MSNBC Red Tape Chronicles 2009)

The operation is not secure with respect to a malicious DGI process which manipulates its state (Normal /Demand /Supply) to ascertain other DGI states

External Observer

Wind isn’t blowing and Fred is selling to the grid ??? AA..hh!! Fred is dishonest

My utility bill is high ..again! Am I getting any power from Fred?

Bisimulation based Non Deducibility on Composition: What a low-lever user sees in the system is consistent even after the execution of high level processes

Let me get richer by selling my excess “free energy” to the utility rather than to Barney?

Recommended

Instrumenting Systems for Arbitrary Observability
Instrumenting Systems for Arbitrary Observability Technology
GigaOm Radar for Cloud Observability
GigaOm Radar for Cloud Observability Documents
The Road to Observability
The Road to Observability Documents
UNIX OS Observability Tools
UNIX OS Observability Tools Documents
Duck, Duck, Deduce
Duck, Duck, Deduce Documents
Sensorless control of a PMSM with parameters uncertainties · • The state observer methods are based on the machine seen as a nonlinear state-space system and its observability
Sensorless control of a PMSM with parameters uncertainties · • The state observer methods are based on the machine seen as a nonlinear state-space system and its observability Documents
CONTROLLABILITY & OBSERVABILITY
CONTROLLABILITY & OBSERVABILITY Documents
Distributed Systems Observability - Humio
Distributed Systems Observability - Humio Documents
Body Pose as an Indicator of Human-Object Interactiongrauman/research/theses/BS... · 2013-09-12 · 6 1. Introduction Often, a human observer can deduce that a person is interacting
Body Pose as an Indicator of Human-Object Interactiongrauman/research/theses/BS... · 2013-09-12 · 6 1. Introduction Often, a human observer can deduce that a person is interacting Documents
Empirical Gramians and Balanced Truncation for Model ... · Observability Observability (2) Proposition The following statements are equivalent: The observability matrix has full
Empirical Gramians and Balanced Truncation for Model ... · Observability Observability (2) Proposition The following statements are equivalent: The observability matrix has full Documents
A Beginner’s Guide to Observability
A Beginner’s Guide to Observability Documents
FAULT LOCATION ALGORITHMS, OBSERVABILITY AND …
FAULT LOCATION ALGORITHMS, OBSERVABILITY AND … Documents
Digital Control Systems Controllability&Observability
Digital Control Systems Controllability&Observability Documents
Ch4 Observability Tools
Ch4 Observability Tools Documents
Observability and the Glorious Future - GeekWire...Observability and the Glorious Future The Future of Observability in Complex Systems ** ... Our newest SDK makes additional sequential
Observability and the Glorious Future - GeekWire...Observability and the Glorious Future The Future of Observability in Complex Systems ** ... Our newest SDK makes additional sequential Documents
LMIs for Observability and Observer Design - Lecture 06 ...control.asu.edu/Classes/MAE598/598Lecture06.pdf · The Observability Gramian De nition 7. For pair (C;A), the Observability
LMIs for Observability and Observer Design - Lecture 06 ...control.asu.edu/Classes/MAE598/598Lecture06.pdf · The Observability Gramian De nition 7. For pair (C;A), the Observability Documents
Lec 3: Stability, Controllability & Observability
Lec 3: Stability, Controllability & Observability Documents
MariaDB Observability
MariaDB Observability Documents