Hide and Seek: An Architecture for Improving Attack-Visibility in Industrial Control Systems
| dc.contributor.author | Giraldo, Jairo | |
| dc.contributor.author | Urbina, David | |
| dc.contributor.author | Cardenas, A. A. | |
| dc.contributor.author | Tippenhauer, N. O. | |
| dc.contributor.utdAuthor | Giraldo, Jairo | |
| dc.contributor.utdAuthor | Urbina, David | |
| dc.date.accessioned | 2020-04-28T21:52:35Z | |
| dc.date.available | 2020-04-28T21:52:35Z | |
| dc.date.issued | 2019-06 | |
| dc.description | Due to copyright restrictions and/or publisher's policy full text access from Treasures at UT Dallas is limited to current UTD affiliates (use the provided Link to Article). | |
| dc.description.abstract | In the past years we have seen an emerging field of research focusing on using the “physics” of a Cyber-Physical System to detect attacks. In its basic form, a security monitor is deployed somewhere in the industrial control network, observes a time-series of the operation of the system, and identifies anomalies in those measurements in order to detect potentially manipulated control commands or manipulated sensor readings. While there is a growing literature on detection mechanisms in that research direction, the problem of where to monitor the physical behavior of the system has received less attention. In this paper, we analyze the problem of where should we monitor these systems, and what attacks can and cannot be detected depending on the location of this network monitor. The location of the monitor is particularly important, because an attacker can bypass attack-detection by lying in some network interfaces while reporting that everything is normal in the others. Our paper is the first detailed study of what can and cannot be detected based on the devices an attacker has compromised and where we monitor our network. We show that there are locations that maximize our visibility against such attacks. Based on our analysis, we design a low-level security monitor that is able to directly observe the field communication between sensors, actuators, and Programmable Logic Controllers (PLCs). We implement that security monitor in a realistic testbed, and demonstrate that it can detect attacks that would otherwise be undetected at the supervisory network. © Springer Nature Switzerland AG 2019. | |
| dc.description.department | Erik Jonsson School of Engineering and Computer Science | |
| dc.description.sponsorship | National Science Foundation with award number CNS-1718848, by the National Institute of Standards and Technology with award number 70NANB17H282, and by the Air Force Research Laboratory under agreement number FA8750-19-2-0010. | |
| dc.identifier | 9783030215675 | |
| dc.identifier.bibliographicCitation | Giraldo, J., D. Urbina, A. A. Cardenas, and N. O. Tippenhauer. 2019. "Hide and seek: An architecture for improving attack-visibility in industrial control systems." Lecture Notes In Computer Science 11464: 175-195, doi: 10.1007/978-3-030-21568-2_9 | |
| dc.identifier.issn | 0302-9743 | |
| dc.identifier.uri | http://dx.doi.org/10.1007/978-3-030-21568-2_9 | |
| dc.identifier.uri | https://hdl.handle.net/10735.1/8351 | |
| dc.identifier.volume | 11464 | |
| dc.language.iso | en | |
| dc.publisher | Springer Verlag | |
| dc.relation.isPartOf | ">Lecture Notes In Computer Science | |
| dc.rights | ©2019 Springer Nature Switzerland AG | |
| dc.source | International Conference on Applied Cryptography and Network Security | |
| dc.subject | Cryptography | |
| dc.subject | Embedded computer systems | |
| dc.subject | Programmable logic devices | |
| dc.subject | Computer networks—Security measures | |
| dc.title | Hide and Seek: An Architecture for Improving Attack-Visibility in Industrial Control Systems | |
| dc.type.genre | article |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- JECS-2061-261254.32-LINK.pdf
- Size:
- 182.93 KB
- Format:
- Adobe Portable Document Format
- Description:
- Link to Article