发布求助
文献互助 智能选刊 最新文献

Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop最新文献

筛选
英文 中文
If I Knew Then What I Know Now: On Reevaluating DNP3 Security using Power Substation Traffic 如果我当时知道我现在知道的:利用变电站流量重新评估DNP3安全性
Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop Pub Date : 2019-12-10 DOI: 10.1145/3372318.3372324
Celine Irvene, Tohid Shekari, David Formby, R. Beyah
{"title":"If I Knew Then What I Know Now: On Reevaluating DNP3 Security using Power Substation Traffic","authors":"Celine Irvene, Tohid Shekari, David Formby, R. Beyah","doi":"10.1145/3372318.3372324","DOIUrl":"https://doi.org/10.1145/3372318.3372324","url":null,"abstract":"In the modern world, the reliable and continuous operation of cyber-physical systems (CPSs) have become increasingly crucial factors of our daily life. As a result, the networking protocols of CPSs have been developed to achieve availability without serious consideration for security. Security flaws in these protocols could lead to system misconfigurations or malicious network penetrations which would severely impact the operation of critical infrastructure and control devices on a CPS network. To combat this some researchers have made efforts to design effective intrusion detection and prevention systems (IDSs/IPSs) for providing security in CPS networks. Most of the past and ongoing work in this space explores security from virtual testbeds or simulated systems, many of which make simplifying assumptions. These artificial platforms generally rely on the expectation that CPS networks are behaviorally very similar to traditional information technology (IT) networks and this does not always hold true in practice. In this paper, we investigate and discuss the feasibility and efficacy of previously proposed DNP3 application layer attacks and their mitigation techniques on network traffic captured from four real-world power grid substations. Based on this and a traffic characterization of the captured data we suggest a set of lightweight, but effective mechanisms to help enhance the security of power substations utilizing the DNP3 protocol. This work primarily focuses on DNP3 since it is the most widely used protocol in power substations which form the backbone of the electricity grid.","PeriodicalId":287941,"journal":{"name":"Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop","volume":"97 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116671494","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Use of an SDN Switch in Support of NIST ICS Security Recommendations and Least Privilege Networking 使用SDN交换机支持NIST ICS安全建议和最小特权网络
Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop Pub Date : 2019-12-10 DOI: 10.1145/3372318.3372321
Varsha Venugopal, J. Alves-Foss, Sandeep Gogineni Ravindrababu
{"title":"Use of an SDN Switch in Support of NIST ICS Security Recommendations and Least Privilege Networking","authors":"Varsha Venugopal, J. Alves-Foss, Sandeep Gogineni Ravindrababu","doi":"10.1145/3372318.3372321","DOIUrl":"https://doi.org/10.1145/3372318.3372321","url":null,"abstract":"If an attacker is able to successfully subvert a device within a network, that often gives them easier access to spread the intrusion to other devices in the network. Common guidance, such as that provided in NIST SP 800-82, recommends network separation and segregation to enforce least privilege within a network, to act as a mitigation against such attacks. This paper evaluates the use of SDN network switches to implement least privilege networking within an industrial control system, and maps SDN switch capabilities to NIST 800-82 recommendations and the corresponding NIST 800-53 security controls. This paper also reports on experiments conducted with two SDN switches to validate the effectiveness of the switches in support of these mappings. Our findings indicate that with appropriate planning, several aspects of least privilege networking, and several of the NIST controls can be implemented with an SDN switch. However, poor configurations can still result in insecure systems.","PeriodicalId":287941,"journal":{"name":"Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116751461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
A Strategy for Security Testing Industrial Firewalls 工业防火墙的安全测试策略
Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop Pub Date : 2019-12-10 DOI: 10.1145/3372318.3372323
Thuy D. Nguyen, S. C. Austin, C. Irvine
{"title":"A Strategy for Security Testing Industrial Firewalls","authors":"Thuy D. Nguyen, S. C. Austin, C. Irvine","doi":"10.1145/3372318.3372323","DOIUrl":"https://doi.org/10.1145/3372318.3372323","url":null,"abstract":"The ability to secure industrial control systems (ICS) against adversaries relies on defense in depth and implementation of security controls. However, as automation and networking of industrial processes increases, so do the opportunities for adversaries to cause destruction and disruption. Many industrial firewalls are proprietary and often users blindly trust that the firewalls meet vendor security claims. Independent testing can assess these claims. This paper describes the security testing of two commercial ICS firewalls to determine whether or not these firewalls provide protection of resources as advertised. Our test philosophy is guided by the Flaw Hypothesis Methodology (FHM)---a penetration testing technique for discovery of security flaws derived from documentation and other evidence. The test coverage includes functional testing, exception testing, and penetration testing. Testing is conducted on a simulated natural gas compressor system, utilizing two open-source vulnerability analysis tools, Nessus and Metasploit. The testing methodology is the first step toward a general approach for selecting and testing firewalls intended for critical control systems.","PeriodicalId":287941,"journal":{"name":"Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125839735","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
ICS-SEA: Formally Modeling the Conflicting Design Constraints in ICS ICS- sea: ICS中冲突设计约束的形式化建模
Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop Pub Date : 2019-12-10 DOI: 10.1145/3372318.3372325
Eyasu Getahun Chekole, Huaqun Guo
{"title":"ICS-SEA: Formally Modeling the Conflicting Design Constraints in ICS","authors":"Eyasu Getahun Chekole, Huaqun Guo","doi":"10.1145/3372318.3372325","DOIUrl":"https://doi.org/10.1145/3372318.3372325","url":null,"abstract":"Industrial control systems (ICS) have been widely adopted in mission-critical infrastructures. However, the increasing prevalence of cyberattacks targeting them has been a critical security concern. On the other hand, the high real-time and availability requirements of ICS limits the applicability of certain available security solutions due to the performance overhead they introduce and the system unavailability they cause. Moreover, scientific metrics (mathematical models) are not available to evaluate the efficiency and resilience of security solutions in the ICS context. Hence, in this paper, we propose ICS-SEA to address the ICS design constraints of Security, Efficiency, and Availability (SEA). Our ICS-SEA formally models the real-time constraints and physical-state resiliency quantitatively based on a typical ICS. We then design two real-world ICS testbeds and evaluate the efficiency and resilience of a few selected security solutions using our defined models. The results show that our ICS-SEA is effective to evaluate security solutions against the SEA conflicting design constraints in ICS.","PeriodicalId":287941,"journal":{"name":"Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121948991","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
An Distributed Cyberattack Diagnosis Scheme for Malicious Protection Operation based on IEC 61850 基于IEC 61850的分布式恶意防护网络攻击诊断方案
Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop Pub Date : 2019-12-10 DOI: 10.1145/3372318.3372326
M. Touhiduzzaman, A. Hahn, S. Lotfifard
{"title":"An Distributed Cyberattack Diagnosis Scheme for Malicious Protection Operation based on IEC 61850","authors":"M. Touhiduzzaman, A. Hahn, S. Lotfifard","doi":"10.1145/3372318.3372326","DOIUrl":"https://doi.org/10.1145/3372318.3372326","url":null,"abstract":"Substation automation systems (SAS) are known to be vulnerable to cyber attacks due to the weaknesses of security features (e.g., encryption, authenticity). These issues were demonstrated by the recent Ukranian cyber attack event on 2016. The security mechanisms located at the SAS need to identify cyberattacks and faults occur in protection operations distributively in efficient manner. This work presents a novel distributed cyberattack diagnosis solution (DCDS) for the SAS, based on the backward reachability graph analysis of behavioral Petri-net (BPN). The proposed distributed BPN model for the SAS is developed based on the IEC 61850 protocol. The distributed diagnoser solution produces a local diagnosis result to detect attacks which is consistent and correct without the use of centralized diagnosis scheme. A case study on the SAS is provided to verify our proposed DCDS based on different scenarios that successfully identified cyberattack and other substation (e.g., relay malfunction, normal fault)events. Also, this DCDS is evaluated in the Mininet computer network emulator by using an open-source library (libiec61850) to exchange the SAS messages through IEC 61850.","PeriodicalId":287941,"journal":{"name":"Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop","volume":"520 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121594843","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Probe into Process-Level Attack Detection in Industrial Environments from a Side-Channel Perspective 从侧信道角度探讨工业环境中进程级攻击检测
Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop Pub Date : 2019-12-10 DOI: 10.1145/3372318.3372320
Wissam Aoudi, Albin Hellqvist, Albert Overland, M. Almgren
{"title":"A Probe into Process-Level Attack Detection in Industrial Environments from a Side-Channel Perspective","authors":"Wissam Aoudi, Albin Hellqvist, Albert Overland, M. Almgren","doi":"10.1145/3372318.3372320","DOIUrl":"https://doi.org/10.1145/3372318.3372320","url":null,"abstract":"Process-level detection of cyberattacks on industrial control systems pertain to observing the physical process to detect implausible behavior. State-of-the-art techniques identify a baseline of the normal process behavior from historical measurements and then monitor the system operation in real time to detect deviations from the baseline. Evidently, these techniques are intended to be connected to the control flow to be able to acquire and analyze the necessary measurement data, which makes them susceptible to compromise by the attacker. In this paper, we approach process-level attack detection from a side-channel perspective, where we investigate the feasibility and efficacy of monitoring industrial machines through external sensors. The sensors measure physical properties of the process that are bound to change during a cyberattack. We demonstrate the viability of our approach through simulations and experiments on real industrial machines.","PeriodicalId":287941,"journal":{"name":"Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133634542","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Gas what?: I can see your GasPots. Studying the fingerprintability of ICS honeypots in the wild 气什么?我能看到你的气垫。研究ICS蜜罐在野外的指纹识别能力
Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop Pub Date : 2019-12-10 DOI: 10.1145/3372318.3372322
Mohammad-Reza Zamiri-Gourabi, Ali Razmjoo-Qalaei, Babak Amin Azad
{"title":"Gas what?: I can see your GasPots. Studying the fingerprintability of ICS honeypots in the wild","authors":"Mohammad-Reza Zamiri-Gourabi, Ali Razmjoo-Qalaei, Babak Amin Azad","doi":"10.1145/3372318.3372322","DOIUrl":"https://doi.org/10.1145/3372318.3372322","url":null,"abstract":"Internet connectivity of electronic devices has brought us the ease of centralized management and these days more and more devices are connected to this globally accessible network. At the same time, this landscape has opened new doors for malicious actors. While internet connectivity is a built-in feature for desktop and mobile devices, Industrial Control Systems (ICS) lag behind. Traditionally, ICS networks have been air-gapped and as a result, many ICS devices are not well-equipped to be connected to the internet. Absence of proper authentication and other security mechanisms is commonly observed on these devices. In response to the new threats of connected ICS systems, various ICS honeypots have been developed during the past decade. These honeypots are used to collect information on the attack landscape of ICS systems. In this research, we show that ICS honeypots should be designed more carefully and existing honeypots can fairly easily be fingerprinted by the attackers. We systematically study the categories of often overlooked behaviors that make ICS honeypots fingerprintable. Moreover, to demonstrate the impact of these flaws, we perform a large scale analysis over the internet to detect GasPot honeypots that emulate automatic tank gauges (ATG). We were able to find 17 existing honeypot instances which is more than the number of discovered GasPots by Shodan. Finally, we released our ICS honeypot scanner and our ATG honeypot which provides full protocol support and fixes the existing flaws within GasPot that makes it detectable.","PeriodicalId":287941,"journal":{"name":"Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117245378","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信