From CRCs to resilient control systems: differentiating between reliability and security for the protection of cyber-physical systems

Proceedings of the 3rd international conference on High confidence networked systems Pub Date : 2014-04-15 DOI:10.1145/2566468.2566469

A. Cárdenas

{"title":"From CRCs to resilient control systems: differentiating between reliability and security for the protection of cyber-physical systems","authors":"A. Cárdenas","doi":"10.1145/2566468.2566469","DOIUrl":null,"url":null,"abstract":"In this talk I will discuss the need to establish clear differences between reliability and security for protecting cyber-physical systems (CPS). This is particularly important given the recent interest from researchers in exploring the vulnerability of a CPS when an attacker has partial control of the sensor or actuator signals, which has led to the proposal of several anomaly detection schemes for CPS by using data collected from physical sensors (as opposed to traditional network sensors). In the general setting, data obtained from normal behavior of the system is used to create a model and then any outlier is considered an anomaly and a potential failure or attack; however, this line of research is very similar to the fault-detection, and safety mechanisms that have been deployed in control systems for decades. In particular, the protection of control systems has traditionally been enforced by several safety mechanisms, which include bad data detection, protective relays, safety shutdowns, interlock systems, robust control, and fault-tolerant control; however, so far there has not been a systematic study that tries to identify how much these protection mechanisms can help against attacks (as opposed to failures or accidents), and how can they be broken by an attacker and potentially fixed by a system designer that incorporates attack models in the design of their system. In this talk I describe how current protection mechanisms are analogous to how error correcting codes are used in communications: they protect against a vast majority of random faults and accidents; however they are not secure against attacks - the way cryptographic hash functions are. As a community we need to revisit protection mechanisms available from control theory and then analyze them from a security perspective, giving new guidelines on security metrics and new ways to design attack-resilient CPS. In addition, we also need to avoid falling into the trap of proposing security mechanisms that are evaluated using similar tools from reliability.","PeriodicalId":339979,"journal":{"name":"Proceedings of the 3rd international conference on High confidence networked systems","volume":"15 5-6","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 3rd international conference on High confidence networked systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2566468.2566469","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

In this talk I will discuss the need to establish clear differences between reliability and security for protecting cyber-physical systems (CPS). This is particularly important given the recent interest from researchers in exploring the vulnerability of a CPS when an attacker has partial control of the sensor or actuator signals, which has led to the proposal of several anomaly detection schemes for CPS by using data collected from physical sensors (as opposed to traditional network sensors). In the general setting, data obtained from normal behavior of the system is used to create a model and then any outlier is considered an anomaly and a potential failure or attack; however, this line of research is very similar to the fault-detection, and safety mechanisms that have been deployed in control systems for decades. In particular, the protection of control systems has traditionally been enforced by several safety mechanisms, which include bad data detection, protective relays, safety shutdowns, interlock systems, robust control, and fault-tolerant control; however, so far there has not been a systematic study that tries to identify how much these protection mechanisms can help against attacks (as opposed to failures or accidents), and how can they be broken by an attacker and potentially fixed by a system designer that incorporates attack models in the design of their system. In this talk I describe how current protection mechanisms are analogous to how error correcting codes are used in communications: they protect against a vast majority of random faults and accidents; however they are not secure against attacks - the way cryptographic hash functions are. As a community we need to revisit protection mechanisms available from control theory and then analyze them from a security perspective, giving new guidelines on security metrics and new ways to design attack-resilient CPS. In addition, we also need to avoid falling into the trap of proposing security mechanisms that are evaluated using similar tools from reliability.

查看原文本刊更多论文

从crc到弹性控制系统:区分网络物理系统保护的可靠性和安全性

在这次演讲中，我将讨论在保护网络物理系统(CPS)的可靠性和安全性之间建立明确区别的必要性。考虑到最近研究人员对探索攻击者部分控制传感器或执行器信号时CPS的漏洞感兴趣，这一点尤为重要，这导致了通过使用从物理传感器(与传统网络传感器相反)收集的数据为CPS提出了几种异常检测方案。在一般情况下，从系统的正常行为中获得的数据用于创建模型，然后将任何异常值视为异常和潜在的故障或攻击;然而，这条研究路线与几十年来在控制系统中部署的故障检测和安全机制非常相似。特别是，控制系统的保护传统上是通过几种安全机制来实施的，包括坏数据检测、保护继电器、安全关闭、联锁系统、鲁棒控制和容错控制;然而，到目前为止，还没有一个系统的研究，试图确定这些保护机制在多大程度上有助于抵御攻击(与失败或事故相反)，以及它们如何被攻击者破坏，以及如何被在系统设计中包含攻击模型的系统设计师潜在地修复。在这次演讲中，我将描述当前的保护机制如何类似于通信中使用的纠错码:它们可以防止绝大多数随机故障和事故;然而，它们并不像加密散列函数那样安全，无法抵御攻击。作为一个社区，我们需要重新审视控制理论中可用的保护机制，然后从安全的角度分析它们，给出安全指标的新指导方针和设计抗攻击CPS的新方法。此外，我们还需要避免落入这样的陷阱，即建议使用从可靠性出发的类似工具来评估安全机制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 3rd international conference on High confidence networked systems

自引率

0.00%

发文量