Towards evidence-based cybersecurity assessment of programmable systems to ensure the protection of critical IT infrastructure

The paper is devoted to developing scientific principles, methods, means, and information technology of model-oriented verification and evidence-based assessment using functional safety and cybersecurity cases for programmable systems of critical applications (PSCA). In particular, information and control systems important for the safety of nuclear power plants (NPPs), aerospace systems, railway domains, etc., developed using Field Programmable Gate Arrays (FPGAs) and hardware platforms are reviewed. The goal is to ensure the guaranteed completeness and reliability of its functional safety and cybersecurity assessment by developing and implementing a set of formal and semi-formal methods and tools that consider defects of different nature – physical, design, trojans, and vulnerabilities that can be attacked and lead to a fatal system failure, which results in damaging the critical IT infrastructure. The methods shown are based on integrating algebraic, tabular, graph models, and case assessment methodology. The methods are implemented as appropriate technologies for evidence-based verification and evaluation of PSCA. For formal methods, a prototype of a translator of Very High-Speed Integrated Circuits Hardware Description Language (VHDL) code is developed into an algebra of behaviors. It provides evidence-based verification and a framework and tools to design reports on assessing the cybersecurity and functional safety of programmable systems.