Language-driven assurance for regulatory compliance of control systems

Robin Gandhi, William Mahoney, Ken Dick, Zachary Wilson

Research output: Chapter in Book/Report/Conference proceedingConference contribution


We present a novel approach to precisely specify constraints mandated by regulatory requirements on a control system and monitor the corresponding compliance status in near-real-time. Our research focuses on the design of a language that bridges the gap between abstract regulatory policies and the realities of implementation. Essentially, each regulatory check, a "policy monitor", is authored in a new language we are developing called ADACS (Autonomous component-based policy Description Language for Anomaly monitoring in Control Systems). The semantics of our language are closer to discrete real-time system interactions expressed as events encoded in XML messages, and the language is compiled into binaries of a general purpose language that is portable across many hardware and software platforms. Considering a large number of legacy SCADA systems in place today along with the sensitive nature of their operation, we rely on rapid modeling and simulation of control system components to develop policy monitors in ADACS. Simulation of the system operational behavior facilitates the authoring, tailoring and tuning the corresponding language elements that watch for violations of the regulated behavior. In addition the ability to simulate system interdependencies allow the language author to verify the policy monitors, which will later be used in a live SCADA environment. We anticipate that out-of-band XML-based event generation from distributed and heterogeneous legacy SCADA systems will suit well to integrate the policy monitors developed currently in the simulation environment. The syntax and semantics of ADACS language and events are described, and finally we discuss our future research directions.

Original languageEnglish (US)
Title of host publication5th European Conference on Information Management and Evaluation, ECIME 2011
Number of pages9
StatePublished - 2011
Event5th European Conference on Information Management and Evaluation, ECIME 2011 - Como, Italy
Duration: Sep 8 2011Sep 9 2011

Publication series

Name5th European Conference on Information Management and Evaluation, ECIME 2011


Conference5th European Conference on Information Management and Evaluation, ECIME 2011


  • Control systems
  • Domain specific languages
  • Regulatory compliance

ASJC Scopus subject areas

  • Information Systems and Management
  • Management Science and Operations Research


Dive into the research topics of 'Language-driven assurance for regulatory compliance of control systems'. Together they form a unique fingerprint.

Cite this