Cybersecurity Assurance for Critical Infrastructure Jason Jaskolka - - PowerPoint PPT Presentation

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks

Cybersecurity Assurance for Critical Infrastructure

Jason Jaskolka

Collaborator: John Villasenor

Center for International Security and Cooperation Stanford University, Stanford, CA 94305 jaskolka@stanford.edu

May 11, 2017

Jason Jaskolka SCC 2017 1 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks

Acknowledgement & Disclaimer

Acknowledgement This material is based upon work supported by the U.S. Department of Homeland Security under Grant Award Number, 2015-ST-061-CIRC01. Disclaimer The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the

• fficial policies, either expressed or implied, of the U.S. Department of

Homeland Security.

Jason Jaskolka SCC 2017 2 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Critical Infrastructure Project Overview Cybersecurity Challenges in Critical Infrastructure Systems

Critical Infrastructure

Jason Jaskolka SCC 2017 3 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Critical Infrastructure Project Overview Cybersecurity Challenges in Critical Infrastructure Systems

Project Overview

Cybersecurity Assurance for Critical Infrastructure

Focus on the challenges posed by cyber-attacks against critical infrastructures Aims to design and develop critical infrastructure cybersecurity assessment methodologies and associated modelling and simulation environments Enable community to much more effectively:

1

Identify systemic cybersecurity vulnerabilities

2

Preemptively mitigate at least some of those vulnerabilities

3

Quickly and effectively respond to attacks that might exploit the subset of those vulnerabilities

Jason Jaskolka SCC 2017 4 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Critical Infrastructure Project Overview Cybersecurity Challenges in Critical Infrastructure Systems

Operational Need

Significant progress has been made in quality assurance for software and components used to build critical infrastructure systems Much less attention and progress in making the systems robust against intentionally compromised hardware and/or software

Specifically designed to remain undetected in tests formulated to detect accidental design flaws Often only visible, or known, after a system experiences some kind of compromise or failure

Cyber-attacks launched using built-in hardware and/or software vulnerabilities could have a devastating impact

Jason Jaskolka SCC 2017 5 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Critical Infrastructure Project Overview Cybersecurity Challenges in Critical Infrastructure Systems

Cybersecurity Challenges in Critical Infrastructure Systems

Ubiquitous and pervasive Large, complex, and rapidly growing Mix of legacy systems and new technologies Numerous components or agents and even more interactions, some

• f which may be:

Unfamiliar, unplanned, or unexpected Not visible or not immediately comprehensible

Software/Hardware from third-party suppliers Cyber-attackers are far more sophisticated and have access to far more powerful tools than in the past

Jason Jaskolka SCC 2017 6 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Critical Infrastructure Project Overview Cybersecurity Challenges in Critical Infrastructure Systems

Cybersecurity Challenges in Critical Infrastructure Systems

Ubiquitous and pervasive Large, complex, and rapidly growing Mix of legacy systems and new technologies Numerous components or agents and even more interactions, some

• f which may be:

Unfamiliar, unplanned, or unexpected Not visible or not immediately comprehensible

• Implicit

Interactions Software/Hardware from third-party suppliers Cyber-attackers are far more sophisticated and have access to far more powerful tools than in the past

Jason Jaskolka SCC 2017 6 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Implicit Component Interactions Research Problem Why Formal Methods? Proposed Approach for Solving the Problem

Implicit Component Interactions

2015 Jeep Cherokee Hack

Jason Jaskolka SCC 2017 7 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Implicit Component Interactions Research Problem Why Formal Methods? Proposed Approach for Solving the Problem

Research Problem

Assuring safety, security, and reliability of critical infrastructure systems is becoming a top priority Shortcomings in development of formal methods and tools for determining whether such systems are protected from cyber-threats [Bennett 2015] Ability to detect undesirable interactions among system components is needed [Jackson and Ferris 2012] Research Challenge Develop a rigorous (formal methods-based) approach to better understand, identify, analyze, and mitigate implicit component interactions in critical infrastructure systems.

Jason Jaskolka SCC 2017 8 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Implicit Component Interactions Research Problem Why Formal Methods? Proposed Approach for Solving the Problem

Why Formal Methods?

According to the DHS Cybersecurity Research Roadmap [DHS 2009]

Jason Jaskolka SCC 2017 9 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Implicit Component Interactions Research Problem Why Formal Methods? Proposed Approach for Solving the Problem

Why Formal Methods?

According to the DHS Cybersecurity Research Roadmap [DHS 2009] “Formal verification and other analytic tools that can scale will be critical to building systems with significantly higher assurance than today’s systems.”

Jason Jaskolka SCC 2017 9 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Implicit Component Interactions Research Problem Why Formal Methods? Proposed Approach for Solving the Problem

Why Formal Methods?

According to the DHS Cybersecurity Research Roadmap [DHS 2009] “Formal verification and other analytic tools that can scale will be critical to building systems with significantly higher assurance than today’s systems.” “In particular, theories are needed to support analytic tools that can facilitate the prediction of trustworthiness, inclusion modelling, simulation, and formal methods.”

Jason Jaskolka SCC 2017 9 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Implicit Component Interactions Research Problem Why Formal Methods? Proposed Approach for Solving the Problem

Why Formal Methods?

According to the DHS Cybersecurity Research Roadmap [DHS 2009] “Formal verification and other analytic tools that can scale will be critical to building systems with significantly higher assurance than today’s systems.” “In particular, theories are needed to support analytic tools that can facilitate the prediction of trustworthiness, inclusion modelling, simulation, and formal methods.” “The potential utility of formal methods has increased significantly in the past four decades and needs to be considered whenever it can be demonstrably effective.”

Jason Jaskolka SCC 2017 9 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Implicit Component Interactions Research Problem Why Formal Methods? Proposed Approach for Solving the Problem

Proposed Approach for Solving the Problem

Research Goal Develop methodologies to better understand how and why implicit component interactions can exist in critical infrastructure systems.

1

Model critical infrastructure systems using a mathematical framework

2

Formulate and identify the existence of implicit component interactions

3

Analyze existing implicit component interactions

4

Mitigate the existence of and/or minimize the threat posed by implicit component interactions

Jason Jaskolka SCC 2017 10 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Illustrative Example: Manufacturing Cell

Jason Jaskolka SCC 2017 11 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Illustrative Example: Manufacturing Cell

Jason Jaskolka SCC 2017 11 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Illustrative Example: Manufacturing Cell

Storage Agent Handling Agent Processing Agent Control/Coordination Agent

Jason Jaskolka SCC 2017 11 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Illustrative Example: Manufacturing Cell

Message Passing

Control Agent (C) Handling Agent (H) Processing Agent (P) Storage Agent (S) (2) load (3) loaded (6) unloaded (4) prepare (5) unload (7) setup (10) done (8) ready (9) process (9) process (10) processed (1) start (11) end

Jason Jaskolka SCC 2017 12 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

An Algebraic Modelling Framework

Communicating Concurrent Kleene Algebra (C2KA)

Formalism for modelling distributed multi-agent systems Extension of Concurrent Kleene Algebra (CKA) [Hoare et al. 2011] Captures communication and concurrency of agents at an abstract algebraic level Expresses influence of stimuli on agent behaviour in open systems as well as communication through shared environments

Other existing formalisms do not directly deal with describing how agent behaviours are influenced by stimuli

Primarily concerned with closed systems

Jason Jaskolka SCC 2017 13 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Structure of Agent Behaviours

Adopt the framework of CKA to describe agent behaviours Definition (Concurrent Kleene Algebra) A concurrent Kleene algebra (CKA) is a structure

• K, +, ∗, ; , *

, ; , 0, 1

• such that
• K, +, ∗, *

, 0, 1

• and
• K, +, ; , ;

, 0, 1

• are Kleene algebras linked by the exchange axiom given by

(a ∗ b) ; (c ∗ d) ≤K (b ; c) ∗ (a ; d). a ≤K b indicates a is a sub-behaviour of b if and only if a + b = b

Jason Jaskolka SCC 2017 14 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Structure of Stimuli

Each discrete, observable event introduced to a system is considered to be a stimulus which invokes a response from each system agent Definition (Stimulus Structure) Let S

def

=

• S, ⊕, ⊙, d, n
• be an idempotent (i.e., s ⊕ s = s) semiring with

a multiplicatively absorbing d (i.e., s ⊙ d = d ⊙ s = d) and identity n (i.e., s ⊙ n = n ⊙ s = s). We call S a stimulus structure. s ≤S t indicates s is sub-stimulus of t iff s ⊕ t = t

Jason Jaskolka SCC 2017 15 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Communicating Concurrent Kleene Algebra (C2KA)

Definition (C2KA)

A Communicating Concurrent Kleene Algebra (C2KA) is a system

• S, K
• , where

S =

• S, ⊕, ⊙, d, n
• is a stimulus structure

K =

• K, +, ∗, ; , *

, ; , 0, 1

• is a CKA
• SK, +
• is a unitary and zero-preserving left S-semimodule with next behaviour

mapping ◦ : S × K → K

• SK, ⊕
• is a unitary and zero-preserving right K-semimodule with next stimulus

mapping λ : S × K → S and where the following axioms are satisfied for all a, b, c ∈ K and s, t ∈ S:

1

s ◦ (a ; b) = (s ◦ a) ; λ(s, a) ◦ b

• 2

a ≤K c ∨ b = 1 ∨ (s ◦ a) ; λ(s, c) ◦ b

• = 0

3

λ(s ⊙ t, a) = λ

• s, (t ◦ a)
• ⊙ λ(t, a)

4

s = d ∨ s ◦ 1 = 1

5

a = 0 ∨ λ(n, a) = n

Jason Jaskolka SCC 2017 16 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Agent Specifications

Illustrative Example: Manufacturing Cell

Table: Stimulus-response specification of the Control Agent C

• start

load loaded prepare done unload unloaded setup ready process processed end idle idle idle prep idle idle idle idle idle idle idle idle idle prep prep prep prep prep prep prep init prep prep prep prep prep init init init init init init init init init init proc init init proc proc proc proc proc proc proc proc proc proc proc idle proc λ start load loaded prepare done unload unloaded setup ready process processed end idle load n prepare n n n n n n n n n prep n n n n n n setup n n n n n init n n n n n n n n n done n n proc n n n n n n n n n n end n

Control Agent C →

• idle + prep + init + proc
• Storage Agent S

→

• empty + full
• Handling Agent H

→

• wait + move
• Processing Agent P

→

• stby + set + work
• Figure: Abstract behaviour specification of the manufacturing cell agents

Jason Jaskolka SCC 2017 17 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Intended System Interactions

Control Agent (C) Handling Agent (H) Processing Agent (P) Storage Agent (S) (2) load (3) loaded (6) unloaded (4) prepare (5) unload (7) setup (10) done (8) ready (9) process (9) process (10) processed (1) start (11) end

Pintended denotes the set of intended system interactions

Jason Jaskolka SCC 2017 18 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Illustrative Example: Manufacturing Cell

Intended System Interactions

C S C H S C P H P C P C Pintended =

• C → S → C → H → S → C → P → H → P → C,

C → S → C → H → S → C → P → H → C → P

• Jason Jaskolka

SCC 2017 19 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Illustrative Example: Manufacturing Cell

Intended System Interactions

C S C H S C P H P C P C Pintended =

• C → S → C → H → S → C → P → H → P → C,

C → S → C → H → S → C → P → H → C → P

• Jason Jaskolka

SCC 2017 19 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Illustrative Example: Manufacturing Cell

Intended System Interactions

C S C H S C P H P C P C Pintended =

• C → S → C → H → S → C → P → H → P → C,

C → S → C → H → S → C → P → H → C → P

• Jason Jaskolka

SCC 2017 19 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Formulating Existence of Implicit Interactions

Potential for Communication via Stimuli (A →+

S B)

A has the potential for communication via stimuli with B if and only if ∃

• n | n ≥ 1 : A →n

S B

• where

A →n

S B

⇐ ⇒ ∃

• C | C ∈ A ∧ C = A ∧ C = B : A →(n−1)

S

C ∧ C →S B

• A →S B

⇐ ⇒ ∃

• s, t | s, t ∈ Sb ∧ t ≤S λ(s, a) : t ◦ b = b
• Definition (Existence of Implicit Interactions)

An implicit interaction (via stimuli) exists in a system formed by a set A of agents, if and only if for any two agents A, B ∈ A with A = B: ∃

• p | p =

⇒ (A →+

S B) :

∀(q | q ∈ Pintended : ¬SubPath(p, q) )

• where SubPath(p, q) is a predicate indicating that p is a subpath of q.

Jason Jaskolka SCC 2017 20 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Identifying Implicit Interactions

1

Determine the potential communication paths that exist from the system specification

Example: Consider the manufacturing cell:

$ pfc system agentP agentS P ->+ S: True P

• >

C

• >

H

• >

S P

• >

C

• >

S P

• >

H

• >

C

• >

S P

• >

H

• >

S $ pfc system agentH agentC H ->+ C: True H

• >

C H

• >

P

• >

C H

• >

S

• >

C

Control Agent (C) Handling Agent (H) Processing Agent (P) Storage Agent (S)

Jason Jaskolka SCC 2017 21 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Identifying Implicit Interactions

2

Determine if a potential communication path is an implicit interaction

Example: Consider the following potential communication paths: H → S → C and P → C → S

P → C → S Pintended =

• C → S → C → H → S → C → P → H → P → C,

C → S → C → H → S → C → P → H → C → P

• Jason Jaskolka

SCC 2017 22 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Identifying Implicit Interactions

2

Determine if a potential communication path is an implicit interaction

Example: Consider the following potential communication paths: H → S → C and P → C → S

P → C → S Pintended =

• C → S → C → H → S → C → P → H → P → C,

C → S → C → H → S → C → P → H → C → P

• Algorithmically: string matching problem

Jason Jaskolka SCC 2017 22 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Identifying Implicit Interactions

Control Agent (C) Handling Agent (H) Processing Agent (P) Storage Agent (S)

Jason Jaskolka SCC 2017 23 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Identifying Implicit Interactions

Control Agent (C) Handling Agent (H) Processing Agent (P) Storage Agent (S)

C S C H S C P H P C P C

Jason Jaskolka SCC 2017 23 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

Experimental Results

For the manufacturing cell system:

11 of the 30 total interactions are implicit interactions

Result of the potential for out-of-sequence stimuli from system agents

Due to cyber-attack or failure

Demonstrates hidden complexity and coupling among agents

Potential for unexpected system behaviours

Jason Jaskolka SCC 2017 24 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

A Comment on Severity of Implicit Interactions

Definition (Severity Measure)

Let p be a potential interaction in a given system with intended system interactions Pintended. The severity of p (denoted σ(p)) is calculated as follows: σ(p) = 1 − max

q∈Pintended

|lcs

• p, q
• |

|p|

• where lcs
• p, q
• denotes the longest common substring of interactions p and q.

Definition (Less Severe Relation)

Let Pimplicit be a set of implicit interactions for a given system and let p1, p2 ∈ Pimplicit. We define a binary relation on implicit interactions as: p1 p2 ⇐ ⇒ σ(p1) ≤ σ(p2) and we say that p1 is less severe than p2.

Jason Jaskolka SCC 2017 25 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Illustrative Example: Manufacturing Cell Modeling using C2KA Formulating and Identifying Implicit Interactions Analyzing Implicit Interactions Mitigating Implicit Interactions

A Comment on Mitigating Implicit Interactions

Preemptive Approaches

Eliminate potential for communication while maintaining overall system functionality Introduce intermediate agents or modify agent behaviours

Reactive Approaches

Monitor communication and behaviour to find suspicious activity

Jason Jaskolka SCC 2017 26 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Impact of this Research

Impact of this Research

Enhances the understanding of the hidden complexity and coupling in critical infrastructure systems Formal foundation upon which mitigation approaches can be developed Basis for developing guidelines for designing and implementing critical infrastructure systems that are resilient to cyber-threats

Jason Jaskolka SCC 2017 27 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Impact of this Research

Impact of this Research

Enhances the understanding of the hidden complexity and coupling in critical infrastructure systems Formal foundation upon which mitigation approaches can be developed Basis for developing guidelines for designing and implementing critical infrastructure systems that are resilient to cyber-threats There is still much more to be done!

Jason Jaskolka SCC 2017 27 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Future Research Directions Concluding Remarks References Questions

Where Do We Go From Here?

Extension with potential for communication via shared environments Refinements to classification and measurement of severity

Measure the exploitability of identified implicit interactions Study impact of implicit interactions through simulation

Further articulate mitigation approaches Study the applicability on real systems

Batch Chemical Reactor Maritime Port Systems (with NMIO, USCG, and USTRANSCOM)

Jason Jaskolka SCC 2017 28 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Future Research Directions Concluding Remarks References Questions

Concluding Remarks

Implicit component interactions can pose a serious cyber-threat to critical infrastructure systems Elimination of implicit interactions in an ongoing and ambitious undertaking Focus on evolving and enhancing the understanding of our modern systems and networks

Jason Jaskolka SCC 2017 29 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Future Research Directions Concluding Remarks References Questions

Related Publications

• J. Jaskolka and J. Villasenor.

An Approach for Identifying and Analyzing Implicit Interactions in Distributed Systems. IEEE Transactions on Reliability, pages 1–18, 2017.

• J. Jaskolka and J. Villasenor.

Identifying Implicit Component Interactions in Distributed Cyber-Physical Systems. Proceedings of HICSS-50, pages 5988–5997, January 2017.

• J. Jaskolka.

On the Modelling, Analysis, and Mitigation of Distributed Covert Channels. Ph.D. Thesis, McMaster University, March 2015.

• J. Jaskolka and R. Khedri.

A Formulation of the Potential for Communication Condition using C2KA. In A. Peron and C. Piazza, editors, Proceedings of GandALF 2014, volume 161 of Electronic Proceedings in Theoretical Computer Science, pages 161–174. September 2014.

• J. Jaskolka, R. Khedri, and Q. Zhang.

Endowing Concurrent Kleene Algebra with Communication Actions. In P. Höfner, P. Jipsen, W. Kahl, and M. E. Müller, editors, Proceedings of RAMiCS 2014, volume 8428 of Lecture Notes in Computer Science, pages 19–36. April 2014.

Jason Jaskolka SCC 2017 30 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Future Research Directions Concluding Remarks References Questions

References

• C. Bennett.

Feds Lack Method to Grade Critical Infrastructure Cybersecurity. The Hill (Online), November 2015.

• S. Jackson and T. L. J. Ferris.

Infrastructure Resilience: Past, Present, and Future. The CIP Report, 11(6):6–13, December 2012. U.S.A. Department of Homeland Security. A Roadmap for Cybersecurity Research. Department of Homeland Security Science and Technology Directorate, November 2009.

• C. Hoare, B. Möller, G. Struth, and I. Wehrman.

Concurrent Kleene Algebra and its Foundations. Journal of Logic and Algebraic Programming, 80(6):266–296, April 2011.

Jason Jaskolka SCC 2017 31 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Future Research Directions Concluding Remarks References Questions

Questions Questions?

Jason Jaskolka SCC 2017 32 / 33

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Future Research Directions Concluding Remarks References Questions

Thank You Thank You!

Jason Jaskolka SCC 2017 33 / 33