34 lines
3 KiB
TeX
34 lines
3 KiB
TeX
\section{Problem Statement}
|
|
|
|
The problem this study investigates takes its roots in the intrinsic uncertainty in the measurement of physical values.
|
|
Any physical measurement system introduces noise or abnormal data.
|
|
The challenge resides in designing a trust framework capable of leveraging these uncertainties as a source of information.
|
|
|
|
\begin{problemstatement}
|
|
Given a series of indirect and uncertain observations of a system's integrity, provide a quantitative assessment of the trustworthiness of the system.
|
|
\end{problemstatement}
|
|
|
|
Indirect observations refer to data collected from sensors or monitoring systems that indirectly infer the system's state or behaviour rather than directly measuring it. This uncertainty arises from several factors, including the inherent limitations and imperfections of the sensing or monitoring systems, the complexity of the system being observed, and the inherent variability and unpredictability of the system's behaviour.
|
|
|
|
Indirect observations provide useful insights into systems but are subject to uncertainty due to the nature of their collection and interpretation. This uncertainty can affect the reliability of predictions or decisions based on those observations.
|
|
|
|
|
|
\subsection{Guiding Example}
|
|
|
|
To demonstrate the importance of trust evaluation in power traces and illustrate our approach, we present a reference problem from the field of \ac{cpss}.
|
|
This example is referenced frequently throughout this paper.
|
|
|
|
Consider a server deployed in a nuclear power plant control room.
|
|
This system easily qualifies as a critical infrastructure and its reliability and security are paramount.
|
|
Consider now that side-channel data, such as the server's power usage, is gathered and used as indirect observation for modelling the system's state.
|
|
Activity detectors process the power trace to detect the server's state.
|
|
The result is an array of state labels that maps each power measurement to a state such as \textit{off}, \textit{boot}, or \textit{High Load}.
|
|
|
|
To evaluate the integrity of the system, \ac{stl} properties indicate compliance with pre-defined policies.
|
|
The outputs are either ``satisfied (+1)'', ``uncertain (0)'', or ``violation (-1)''.
|
|
The policies are user-defined based on the domain knowledge related to the system under observation and represent the desired behaviour or constraints that the system should adhere to.
|
|
|
|
The trust framework uses as input the ternary array values computed by the \ac{stl}-checker.
|
|
By employing \ac{sl} formalism (see Section~\ref{sec:sl}), we obtain (1) trust index, which is an ongoing evaluation of the server's trust, (2) a trust snapshot representing the trust over the most recent interval window, and (3) recommended \ac{tca} from the framework to be taken by the user if the trust value decreases below a predetermined threshold.
|
|
|
|
The user can perform the suggested \ac{tca}, such as running antivirus software or rebooting the system. If these actions are detected in the power trace data, trust in the system will increase. \ac{tca} is explained in more detail in Section~\ref{sec:trust_calib_action}.
|