Formal design of communication checkers for ICCP using UPPAAL

Vulnerabilities in key communication protocols that drive the daily operations of the power grid may lead to exploits that could potentially disrupt its safety-critical operation and may result in loss of power, consequent financial losses, and disruption of crucial power-dependent services. This paper focuses on the Inter Control Center Communications Protocol, (ICCP), which is the protocol used among control centers for data exchange and control. We discuss use of UPPAAL in formal modeling of portions of ICCP. Specifically, we present an iterative process and framework for the design and formal verification of tailored checking mechanisms that protect resource-exhaustion vulnerabilities in the protocol standard from attacks and exploits. We discuss insights we gained and lessons we learned when modeling the protocol functionalities and running the UPPAAL model checker to prove critical security and safety properties, and we discuss the overall success of this approach.