Evaluating the Exploitability of Implicit Interactions in Distributed Systems

Abstract: Implicit interactions refer to those interactions among the components of a system that may be unintended and/or unforeseen by the system designers. As such, they represent cybersecurity vulnerabilities that can be exploited to mount cyber-attacks causing serious and destabilizing system effects. In this paper, we study implicit interactions in distributed systems specified using the algebraic modeling framework known as Communicating Concurrent Kleene Algebra (C$^2$KA). To identify and defend against a range of possible attack scenarios, we develop a new measure of exploitability for implicit interactions to aid in evaluating the threat posed by the existence of such vulnerabilities in system designs for launching cyber-attacks. The presented approach is based on the modeling and analysis of the influence and response of the system agents and their C$^2$KA specifications. We also demonstrate the applicability of the proposed approach using a prototype tool that supports the automated analysis. The rigorous, practical techniques presented here enable cybersecurity vulnerabilities in the designs of distributed systems to be more easily identified, assessed, and then mitigated, offering significant improvements to overall system resilience, dependability, and security.