{"title":"CPS:控制系统设备使用的有状态策略实施","authors":"Stephen E. McLaughlin","doi":"10.1145/2523649.2523673","DOIUrl":null,"url":null,"abstract":"Networked control systems used in energy, manufacturing, and transportation combine large, vulnerable attack surfaces with far overprovisioned privileges. Often, compromising a single computer or user account is sufficient to give an attacker free reign over physical machinery. Significant reduction of attack surface size is an ongoing problem, so we shift our focus to reducing the privileges granted to system operators and embedded controllers. To this end, we introduce C2, an enforcement mechanism for policies governing the usage of electromechanical devices. In presenting C2, we address two basic problems: (i.) How should a policy for physical device usage be expressed and enforced? This is a challenging question, as the safe usage of physical devices is dependent on mechanical limitations and the behavior of nearby devices. (ii.) What actions should be taken if a physical machine is issued an operation that violates the policy? C2 takes measures to ensure unsafe behaviors are not caused when denying slightly erroneous yet legitimate operations. We evaluate C2 against six representative control systems, and show that it can efficiently perform policy checks with less than 3.7% overhead, while not introducing new unsafe behaviors into a control system.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"40","resultStr":"{\"title\":\"CPS: stateful policy enforcement for control system device usage\",\"authors\":\"Stephen E. McLaughlin\",\"doi\":\"10.1145/2523649.2523673\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Networked control systems used in energy, manufacturing, and transportation combine large, vulnerable attack surfaces with far overprovisioned privileges. Often, compromising a single computer or user account is sufficient to give an attacker free reign over physical machinery. Significant reduction of attack surface size is an ongoing problem, so we shift our focus to reducing the privileges granted to system operators and embedded controllers. To this end, we introduce C2, an enforcement mechanism for policies governing the usage of electromechanical devices. In presenting C2, we address two basic problems: (i.) How should a policy for physical device usage be expressed and enforced? This is a challenging question, as the safe usage of physical devices is dependent on mechanical limitations and the behavior of nearby devices. (ii.) What actions should be taken if a physical machine is issued an operation that violates the policy? C2 takes measures to ensure unsafe behaviors are not caused when denying slightly erroneous yet legitimate operations. We evaluate C2 against six representative control systems, and show that it can efficiently perform policy checks with less than 3.7% overhead, while not introducing new unsafe behaviors into a control system.\",\"PeriodicalId\":127404,\"journal\":{\"name\":\"Proceedings of the 29th Annual Computer Security Applications Conference\",\"volume\":\"14 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"40\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 29th Annual Computer Security Applications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2523649.2523673\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 29th Annual Computer Security Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2523649.2523673","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
CPS: stateful policy enforcement for control system device usage
Networked control systems used in energy, manufacturing, and transportation combine large, vulnerable attack surfaces with far overprovisioned privileges. Often, compromising a single computer or user account is sufficient to give an attacker free reign over physical machinery. Significant reduction of attack surface size is an ongoing problem, so we shift our focus to reducing the privileges granted to system operators and embedded controllers. To this end, we introduce C2, an enforcement mechanism for policies governing the usage of electromechanical devices. In presenting C2, we address two basic problems: (i.) How should a policy for physical device usage be expressed and enforced? This is a challenging question, as the safe usage of physical devices is dependent on mechanical limitations and the behavior of nearby devices. (ii.) What actions should be taken if a physical machine is issued an operation that violates the policy? C2 takes measures to ensure unsafe behaviors are not caused when denying slightly erroneous yet legitimate operations. We evaluate C2 against six representative control systems, and show that it can efficiently perform policy checks with less than 3.7% overhead, while not introducing new unsafe behaviors into a control system.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
