Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

A Behavior-based Approach to Secure and Resilient Industrial Control Systems


Published on

Industrial control systems (ICS) control and manage a significant portion of critical infrastructure. As cyberattacks increasingly target critical infrastructure, ICS security and resilience are required to avoid catastrophic events that may lead even to loss of life. Importantly, ICS differ from traditional IT systems in several ways, from interacting with physical processes to requirements for continuous operation and real-time processing.

In this talk, we present a behavior-based approach to the design of secure and resilient industrial control systems. Starting with a programmable specification of a control process, we develop executable code with specified security properties. A run-time middleware, ARMET, monitors the execution of the program, identifying behavioral deviations due to intrusions or process failures and leading to diagnosis and system recovery. Importantly, our approach includes a novel method for vulnerability analysis of processes.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

A Behavior-based Approach to Secure and Resilient Industrial Control Systems

  1. 1. A Behavior-based Approach to Secure and Resilient Industrial Control Systems Dimitrios Serpanos Industrial Systems Institute/RC ATHENA, Director University of Patras, Professor Patras, Greece Alpen-Adria University Klagenfurt, March 9, 2017
  2. 2. ICS are Cyber-Physical Systems • Inter-disciplinary emerging area • Computation + Physics • Algorithms + Logic + Control + …
  3. 3. IT vs. OT Information Technology Operational Technology Purpose Process transactions, provide information Control or monitor physical processes and equipment Architecture Enterprise wide infrastructure and applications (generic) Event driven, real time, embedded hardware and software (custom) Interfaces GUI, web browser, terminal and keyboard Electromechanical, sensors, actuators, coded displays, hand-held devices Ownership CIO and IT Engineers, technicians, operators and managers Connectivity Corporate network, IP based Control networks, hardwired twisted pair and IP based Role Supports people Controls machines
  4. 4. ICS Control Loop
  5. 5. ICS Control Loop Attack
  6. 6. System View - Requirements • Hierarchical structure • Heterogeneous technologies • Autonomy • Continuous operation/fail-safe • Dependability • Dependence on large number of input devices • Large installation base (legacy systems) • Increasing connectivity
  7. 7. Attacks on ICS • Resilience • Continuous operation under attack • Attack mitigation • Fast recovery after attack • System evolution without disruption Attacks
  8. 8. There have been several incidents…
  9. 9. Strategy and approach • Build it right and continuously monitor - US Federal Government Strategy • Our approach - Programmable (executable) specification with security properties o Secure by design - Middleware monitoring process (app) execution o ARMET compares app and specification execution - Specification includes defense against identified process vulnerabilities o Novel vulnerability analysis against false data injection attacks
  10. 10. Method • Define executable process specification • Augment with all necessary invariants • Refine to a single behavioral spec (program) • Include implementation and specification to middleware (ARMET) • Compare predictions (spec) and observations (implementation) • Identify inconsistencies – diagnose - recover Build it right Continuously monitor
  11. 11. Program derivation by stepwise refinement Specification (set of acceptable behaviors) Refinement step (resolves some implementation questions) Single program Proof (⊇) Proof (⊇) Proof (⊇) Proof (⊇) Proofs constructed & checked with Coq, a general-purpose logic platform
  12. 12. Example: Water tank control (spec)
  13. 13. Example: Water tank control (code)
  14. 14. ARMET: Organization
  15. 15. ARMET: middleware for secure and resilient ICS • Self-aware system - Self-awareness through dependency-directed reasoning • System is allowed to only behave legally - Continuous monitoring of prediction/observation consistency - IF inconsistency, THEN diagnosis - Recovery (safe state from alternate, reliable source) • Detection of unknown attacks - Inconsistency between predictions and observations • System adaptability to evolutionary constraints - ICS-CERT standards, security and privacy policies, etc. - Specify policies as legal behavior & monitor behavioral consistency
  16. 16. Example: Water-tank attack
  17. 17. False Data Injection Attack • FDI attack - Feed fake measurement data to the system - Avoid being detected as bad data - Mislead the controllers - The attacks can be local (each control unit) or global (the whole control network) • FDI defense: develop a defense system using techniques for data estimation based on formalizing - plant, sensors, channels, control software and actuators - attack, defense and detection
  18. 18. ICS Control Loop
  19. 19. FDI Vulnerability – SMT Problem • Assumption - Process P(x) - There is a monitor mon(x,y) [x= process variables, y= measurements] • Write satisfiability expression for process - FDI(y)= There_exists x : pass_monitor(x,y) AND NOT correct_reading(x,y) - Solve for satisfiability of FDI(y) o IF FDI(y) is satisfiable with injected values, THEN there exists attack • Available tool today: dReal
  20. 20. Example: FDI Attack for State Estimation
  21. 21. Analysis of benchmarks
  22. 22. Conclusions • ICS security is extremely challenging • We are developing a general framework for CPS security that generalizes both formal program analysis and fault detection methods • We have a working prototype - We are developing increasingly advanced ICS models • We have a promising vulnerability analysis technique - We have shown vulnerability in realistic nonlinear power grid models • Behavior-based ICS protection and analysis is promising
  23. 23. Team • Howard Shrobe (MIT) • Armando Solar-Lezama (MIT) • Adam Chlipala (MIT) • Sicun Gao (MIT) • Muhammad Taimoor Khan (Alpen-Adria University Klagenfurt) • Sana Al Farsi (QCRI) • Aref Al Tamimi (QCRI) • Mohammed Al Obaidi (QCRI) • Anastasios Fragopoulos (QCRI)
  24. 24. THANK YOU !