Smart I/O Modules for Mitigating Cyber-Physical Attacks on Industrial Control Systems

被引:36
作者
Pearce, Hammond [1 ]
Pinisetty, Srinivas [2 ]
Roop, Partha S. [1 ]
Kuo, Matthew M. Y. [4 ]
Ukil, Abhisek [3 ]
机构
[1] Univ Auckland, Dept Elect Comp & Software Engn, Auckland 1010, New Zealand
[2] Indian Inst Technol Bhubaneswar, Bhubaneswar 752050, Odisha, India
[3] Univ Auckland, Dept Elect & Comp Syst Engn, Auckland 1010, New Zealand
[4] Auckland Univ Technol, Sch Engn Comp & Math Sci, Auckland 1010, New Zealand
关键词
Runtime; Security; Hardware; Monitoring; Control systems; Safety; Industries; Cyber-physical attacks; cyber-physical systems (CPSs); industrial control systems; security; runtime enforcement;
D O I
10.1109/TII.2019.2945520
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Cyber-physical systems (CPSs) are implemented in many industrial and embedded control applications. Where these systems are safety-critical, correct and safe behavior is of paramount importance. Malicious attacks on such CPSs can have far-reaching repercussions. For instance, if elements of a power grid behave erratically, physical damage and loss of life could occur. Currently, there is a trend toward increased complexity and connectivity of CPS. However, as this occurs, the potential attack vectors for these systems grow in number, increasing the risk that a given controller might become compromised. In this article, we examine how the dangers of compromised controllers can be mitigated. We propose a novel application of runtime enforcement that can secure the safety of real-world physical systems. Here, we synthesize enforcers to a new hardware architecture within programmable logic controller I/O modules to act as an effective line of defence between the cyber and the physical domains. Our enforcers prevent the physical damage that a compromised control system might be able to perform. To demonstrate the efficacy of our approach, we present several benchmarks, and show that the overhead for each system is extremely minimal.
引用
收藏
页码:4659 / 4669
页数:11
相关论文
共 34 条
  • [11] Byres EJ, 2004, P INT INFR SURV WORK, P3
  • [12] Toward Threat of Implementation Attacks on Substation Security: Case Study on Fault Detection and Isolation
    Chattopadhyay, Anupam
    Ukil, Abhisek
    Jap, Dirmanto
    Bhasin, Shivam
    [J]. IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, 2018, 14 (06) : 2442 - 2451
  • [13] Clark M., 2013, STUDY RUN TIME ASSUR
  • [14] Costin A, 2014, PROCEEDINGS OF THE 23RD USENIX SECURITY SYMPOSIUM, P95
  • [15] Cui A, 2010, 26TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2010), P97
  • [16] Falliere Nicolas, 2011, Security Response, V5, P29
  • [17] Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit
    Garcia, Luis A.
    Brasser, Ferdinand
    Cintuglu, Mehmet H.
    Sadeghi, Ahmad-Reza
    Mohammed, Osama
    Zonouz, Saman A.
    [J]. 24TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2017), 2017,
  • [18] Gorman Siobhan., 2009, WALL STR J
  • [19] Cyber-Physical Systems Security-A Survey
    Humayed, Abdulmalik
    Lin, Jingqiang
    Li, Fengjun
    Luo, Bo
    [J]. IEEE INTERNET OF THINGS JOURNAL, 2017, 4 (06): : 1802 - 1831
  • [20] Jazdi N, 2014, IEEE INT CONF AUTO