Fraser, Douglas (2025) Applications of model checking in the context of cyber security for digital twins. PhD thesis, University of Glasgow.

Full text available as:

PDF Download (4MB)

Abstract

Cyber security attacks on Industrial Control Systems (ICSs) are increasingly sophisticated, targeting their ability to manage critical processes and posing risks to national infrastructure. Addressing this threat requires innovative methods to ensure the secure design and operation of ICS. Digital Twins (DTs) have emerged as a promising tool for enhancing the efficiency and cyber security of the systems they represent; however, their effectiveness depends on reliable intrusion detection methods and secure integration within existing industrial control environments. Securely deploying a DT to an ICS requires careful consideration of existing architecture and the potential security risks of incorporating the DT itself. Formal methods, in particular model checking, are an effective tool for analysing system design and detecting cyber security vulnerabilities.

We present two complementary applications of model checking techniques to support the deployment of DTs in ICS environments. We first develop a specification-based intrusion detection approach utilising the SPIN model checker and deploy it into a DT environment for a hydroelectric dam testbed. We explain the process we followed to develop Promela models from PLC code to detect inconsistencies between received data and specified system behaviours. Our evaluation shows that the models achieved performance on a par with machine learning approaches while maintaining explainability and delivering metrics of 99.99% precision, 99.05% recall, a 99.52% F1-score, and 99.05% accuracy.

We then address the expanded attack surface that can result from integrating DTs into ICSs. We explore this issue by developing a series of Alloy models that consider the dataflow between a DT and its underlying asset. The developed models incorporate novel modelling of an attacker’s action space to represent how threat actors can move through a network. Using our approach, we model our hydroelectric testbed DT to identify security vulnerabilities in our design and develop an improved network design to mitigate them. Our approach successfully identified security vulnerabilities within the DT-ICS integration and informed network design improvements to reduce the attack surface significantly. Our evaluation confirms that model checking techniques enhance both intrusion detection and security assessment, offering a structured and explainable alternative to machine learning methods. We discuss the merits and drawbacks of each of our approaches and discuss methods of expanding and improving them to support DT development.

Item Type:	Thesis (PhD)
Qualification Level:	Doctoral
Additional Information:	Supported by funding from EPSRC Industrial Case account EP/V519686/1.
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software
Colleges/Schools:	College of Science and Engineering > School of Computing Science
Funder's Name:	Engineering and Physical Sciences Research Council (EPSRC), Engineering and Physical Sciences Research Council (EPSRC)
Supervisor's Name:	Miller, Professor Alice
Date of Award:	2025
Depositing User:	Theses Team
Unique ID:	glathesis:2025-85282
Copyright:	Copyright of this thesis is held by the author.
Date Deposited:	02 Jul 2025 10:30
Last Modified:	29 Oct 2025 09:57
Thesis DOI:	10.5525/gla.thesis.85282
URI:	https://theses.gla.ac.uk/id/eprint/85282

Actions (login required)

View Item

Downloads