A self Adaptive Security Framework for Networked Control...
Transcript of A self Adaptive Security Framework for Networked Control...
A self Adaptive Security Framework for Networked Control Systems
Term Paper PresentationCS 788 Fall 2015
Instructor: Professor Daniel A. Menasce
ByEniye Tebekaemi
November 30, 2015
OUTLINE
Introduction Security Requirements
Solutions Adaptive Framework
Conclusion/Future Work
INTRODUCTION
What?
ANetworkedcontrolsystemsNCSisacontrolsystemwhereinthecontrolloopsareclosedthroughacommunica9onnetwork
NCSrelyonacommunica9onnetworktofacilitatetheexchangeofcontrolandfeedbacksignalsbetweenitscomponents.
Communica9onhelpsthephysicalsystemscollaborateinordertocarryouttheirtaskmoreeffec9vely,efficientlyandintelligently.
Control,Op9mizeandAutomatephysicalsystemobjec9vefunc9ons
Industrialcontrolsystems(ICS)
Distributedcontrolsystems(DCS)
Cyber-physicalsystem(CPS)
UsedinIndustrialandmanufacturingfacili9es,healthsector,powersystems,nuclearplants,trafficmanagementsystems,Avia9onIndustriesandothercri9calinfrastructuresystems.
Where?
PowerManagementSystems-SmartGrid
TransportManagementSystem-IntelligentTransporta9onSystems
Produc9on/ManufacturingPlants-IndustrialControlSystems,SCADA
UnmannedAircraPSystems-UAVs,Drones
SmartBuildings,HomeManagementSystems
HealthSystems-HumanAreaNetwork,HealthMonitoringSystems
SmartCars
SmartCi9es
How?
System 1 System 2 System 3 System 4
Communication Network
Controller
Peer-to-PeerBasedController(AgentBasedController).
CentralController(Master/Slave)
HybridControllers
Sensor/Actuator
Sensor/Actuator
Sensor/Actuator
Sensor/Actuator
SECURITY REQUIREMENTS
NCSmustrespondappropriatelytodisturbancecausedbymalfunc9oningphysicalcomponentsormanipula9onfromcyberspace.
A"ackandThreats
SoPwareandFirmwarebugs
PhysicalAUackonSensorsandNCSComponents
AUackontheCommunica9onChannel
DataFalsifica9onandManipula9onThreats
MalwareandAdvancePersistentThreat(APT)
InsiderThreats
CascadingFailuresandEscala9ngAUacks
Cyber Attacks
SomeReportedCyberA"ackIncidenceonCyber-PhysicalSystems
Security Needs
InordertodesignandimplementappropriatesecuritycontrolsforNCS,weneedtocarefullyiden9fytheirsecurityrequirements.
EachNCShasvaryingsecurityrequirements,somewithmoreemphasisonintegrityandothersonavailability.
PrimaryNeeds
Availability(Con9nuityofOpera9on)
Integrity
Authen9ca9onandAccessControl
Confiden9ality
AuditandLogManagement
SOLUTION
Thebase-levelsubsystemincorporatesvarioussecuritymechanisms,suchasauthen9ca9on,encryp9on,etc.Itisonlythatthedecisionofwhenandhowthosesecuritymechanismsareemployedthatrestswiththemeta-levelsubsystem
Self-Protec>onreferencearchitecture
SOLUTION - Security LevelMonitorandDetect
IntrusionDetec9onsystems(IDS)NetworkMonitorsVulnerabilityScanners
RespondandProtectIntrusionPreven9onSystemsFirewallsAn9virus
PlanandPreventKnowledgeofsystemtobeprotectedSystemsEngineering/ControlTheory/CyberSecurityTakeadvantageofthephysicalproper9esofthesystem
Properties
Integratethesystem’sphysicalproper9esandcybersecuritycontrolsintoamorerobustsecuritysolu9on
Cybersecuritysystemlearnsofsystemviola9onthroughthesystemcontroller,iden9fiestheguiltypacketandupdatesignature
SystemcontrollersystemlearnsofaUacks(successfulorunsuccessful)fromthecybersecuritysystemandchangessystemsse\ngstohardenthephysicalsystem
IncaseswheresensorreadingsistransmiUedoverthenetwork,thereisneedforapredic9vebackupcontrollerbasedofpastbehaviorofthesystem
OperateresilientlyundercyberorphysicalaUacks
DetectpreviouslyunknownaUacks(Zeroday)
Reconfigurephysicalsystemtomi9gatemaliciousbehaviors
Operateinreal-9me
Needstobefastandefficient
Adaptive Security Framework
IDS/IPSController
Signature Database
Fire
wal
l
System Model
Master Controller
State Predictor
Historical Data
Sensors/Actuators
Adap>veSecurityControllerFrameworkforNCS
Component Description
FirewallIsolatesthesystemfromexternalnetworkPreservestheintegrityofthelocalmastercontroller
IDS/IPSControllerAuthen9ca9onDataIntegrityDeeppacketinspec9onSignature/Anomalybaseddetec9onUpdatesignaturedatabase
SignatureDatabaseSignaturesofknownmalicioustrafficPreinstalledandlearned
Component Description
SystemModelSystemhighlevelgoalsSystembehaviorGuardcondi9ons
LocalSecurityControllerEvaluateSystemStateControlsensors/actuatorsDropbadpacketNo9fySystemsecuritycontrollerObtaindatafrompredic9vemodel
StatePredictorCon9nuouslycomputetheexpectedsystemstateUsesystemmodel,systemcurrentstateandhistoricaldata
Terms and Definition
isthetypeofaUackwherenisthetotalnumberoftype,andisthefrequencyofaUackoftypei
1 <= i <= n
fi
istheprobabilityofcorrectclassifica9onofaUacktype
istheseverityofanaUacktype, k 2 {0, 1, 2, 3, 4, 5}0representleastsevereand5representmostsevere
isthesetofallsecuritycontrolsforavailability
Ti
Pr(Ti)
STi,k
isthesetofallsecuritycontrolsforintegrityisthesetofallsecuritycontrolsforconfiden9ality
Eachsecuritycontrolhasacorrespondingimpactlevel,definedas,andforavailability,integrityandconfiden9alitycontrolsrespec9vely.
l
A = {a1, a2, . . . , am}G = {g1, g2, . . . , gm}C = {c1, c2, . . . , cm}
lailgi lci
isascalingfunc9onthattakesasinputtheaUacktype,frequency,probabilityofcorrectnessandtoproduceappropriatescalingfactorsforavailability,integrityorconfiden9ality.
F (Ti, fi, P r(Ti), STi,k) = {↵A,↵G,↵C}
{0 ↵ 1}
System Operation
Malicious
State Predictor
Implement
START
IDS/IPS
Master Controller
Good
IDS/IPSFailstodetecta"ackIDS/IPSControllermonitorstrafficformaliciouspackets.Failstoiden9fymaliciouspacket(ZeroDay)andpassespackettomastercontrollerMastercontrollerevaluatesdataand/orcontrolinforma9oninpacketagainstthecurrentsystemstateifsystemguardcondi9onsandwouldbeviolated.Good?YES-implementGood?NO:Obtaines9matedbehaviorfromstatepredictorEvaluateandimplementNo9fyIDS/IPSControllerIDS/IPSextractsignatureofproblempacket,andupdatesignaturedatabaseClassifydetectedaUacktonearestaUacktype
NO
NO
YES
System Operation
Malicious
State PredictorImplement
START
IDS/IPS
Master Controller
YES
Obtain New Security Configuration
IDS/IPSdetectsa"ackIDS/IPSControllermonitorstrafficformaliciouspackets.Iden9fymaliciouspacketandinformsmastercontrollerMastercontrollerobtainses9matedbehaviorfromstatepredictorandimplements
Mastercontrollercomputesnewsecurityconfigura9ontomi9gatetheaUackMastercontrollerreconfiguresecuritycontrolsbasedonnewconfigura9on
Whereisthemaximumpossibleimpactleveldeterminedbydomainexperts
System Operation
A0 ⇢ A,G
0 ⇢ G,C0 ⇢ C
< = {A0, G
0, C
0} l< = lA0 + lG0 + lC0
lA
0 = minx<mX
x=1
la
x
TheIDS/IPScontroldetectsanaUack,classifiestheaUackandcomputesandno9fiesthemastercontroller.Themastercontrollerselectssecuritycontrolshavingimpact
↵A,↵G,↵C
lG0 = miny<mX
y=1
lgy lC0 = minz<mX
z=1
lcz
SuchThat
lA0 � ↵AlA
lC0 � ↵C lC
lG0 � ↵GlG
lA, lG, lC
Isthenewthesecurityconfigura9onwithimpact
CONCLUSION
Theincreaseintegra9onofinforma9onandcommunica9ontechnologyintophysicalsystemsespeciallycri9calinfrastructures,exposessuchsystemstocyberaUackswhichcouldresultineconomiclosses,and/orlossoflivesandproper9es
Currentsolu9onsarenotwellequippedtohandlethenewkindsofaUackspeculiartocyberphysicalsystems.
Othersfocusoneitherthecyberpart(IDS/IPS)orthephysicalpart(Backupcontroller)oftheproblem
Thisworkintegratesthecyberandphysicalpartsintooneelaboratesolu9on.
Providesanadap9vesecuritycontrolframeworkthatcanbeadaptedtoanycyberphysicaldomain
AutonomouslychangesthesecuritypostureofthesysteminresponsetoaUackpossibili9es
Futureworkwouldbetodeveloponthisideafocusingonaspecificcyber-physicaldomain,adaptandtestthisframework
REFERENCE1. K.Sawada,T.Sasaki,S.Shin,andS.Hosokawa,“Afallbackcontrolstudyofnetworkedcontrolsystemsforcybersecurity,”inControl
Conference(ASCC),201510thAsian,2015,pp.1–6.2. R.MitchellandI.-R.Chen,“Adap9veIntrusionDetec9onofMaliciousUnmannedAirVehiclesUsingBehaviorRuleSpecifica9ons,”IEEE
Trans.Syst.ManCybern.Syst.,vol.44,no.5,pp.593–604,May2014.3. G.Koutsandria,V.Muthukumar,M.Parvania,S.Peisert,C.McParland,andA.Scaglione,“AhybridnetworkIDSforprotec9vedigitalrelays
inthepowertransmissiongrid,”inSmartGridCommunicaCons(SmartGridComm),2014IEEEInternaConalConferenceon,2014,pp.908–913.
4. F.Pasquale\,F.Dorfler,andF.Bullo,“Control-Theore9cMethodsforCyberphysicalSecurity:GeometricPrinciplesforOp9malCross-LayerResilientControlSystems,”IEEEControlSyst.,vol.35,no.1,pp.110–127,Feb.2015.
5. F.Pasquale\,F.Dorfler,andF.Bullo,“AUackDetec9onandIden9fica9oninCyber-PhysicalSystems,”IEEETrans.Autom.Control,vol.58,no.11,pp.2715–2729,Nov.2013.
6. “Networkedcontrolsystem,”Wikipedia,thefreeencyclopedia.07-Oct-2015.7. Z.Drias,A.Serhrouchni,andO.Vogel,“Analysisofcybersecurityforindustrialcontrolsystems,”in2015InternaConalConferenceonCyber
SecurityofSmartCiCes,IndustrialControlSystemandCommunicaCons(SSIC),2015,pp.1–8.8. H.Sandberg,S.Amin,andK.Johansson,“CyberphysicalSecurityinNetworkedControlSystems:AnIntroduc9ontotheIssue,”IEEEControl
Syst.,vol.35,no.1,pp.20–23,Feb.2015.9. A.Teixeira,K.C.Sou,H.Sandberg,andK.H.Johansson,“Quan9fyingCyber-SecurityforNetworkedControlSystems,”inControlofCyber-
PhysicalSystems,vol.449,D.C.Tarraf,Ed.Heidelberg:SpringerInterna9onalPublishing,2013,pp.123–142.10. Z.Durumeric,M.Payer,V.Paxson,J.Kasten,D.Adrian,J.A.Halderman,M.Bailey,F.Li,N.Weaver,J.Amann,andJ.Beekman,“TheMaUer
ofHeartbleed,”2014,pp.475–488.11. A.Teixeira,G.Dán,H.Sandberg,andK.H.Johansson,“AcybersecuritystudyofaSCADAenergymanagementsystem:Stealthydecep9on
aUacksonthestatees9mator,”ArXivPrepr.ArXiv10111828,2010.12. D.Kushner,“TheRealStoryofStuxnet,”26-Feb-2013.[Online].Available:hUp://spectrum.ieee.org/telecom/security/the-real-story-of-
stuxnet.[Accessed:28-Sep-2015].13. L.Dueñas-OsorioandS.M.Vemuru,“Cascadingfailuresincomplexinfrastructuresystems,”Struct.Saf.,vol.31,no.2,pp.157–167,Mar.
2009.14. T.Lu,X.Guo,Y.Li,Y.Peng,X.Zhang,F.Xie,andY.Gao,“CyberphysicalSecurityforIndustrialControlSystemsBasedonWirelessSensor
Networks,”Int.J.Distrib.Sens.Netw.,vol.2014,p.e438350,Jun.2014.15. E.Yuan,N.Esfahani,andS.Malek,“ASystema9cSurveyofSelf-Protec9ngSoPwareSystems,”ACMTrans.Auton.Adapt.Syst.,vol.8,no.4,
pp.1–41,Jan.2014.16. O.A.Harshe,N.TejaChiluvuri,C.D.PaUerson,andW.T.Baumann,“Designandimplementa9onofasecurityframeworkforindustrial
controlsystems,”in2015InternaConalConferenceonIndustrialInstrumentaConandControl(ICIC),2015,pp.127–132.17. P.Lee,A.Clark,L.Bushnell,andR.Poovendran,“ModelingandDesigningNetworkDefenseagainstControlChannelJammingAUacks:A
Passivity-BasedApproach,”inControlofCyber-PhysicalSystems,D.C.Tarraf,Ed.SpringerInterna9onalPublishing,2013,pp.161–175.
THANK YOU