defrec establishing physical function virtualization to
play

DefRec: Establishing Physical Function Virtualization to Disrupt - PowerPoint PPT Presentation

Dec 27, 2023 •225 likes •574 views

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids Cyber-Physical Infrastructures Hui Lin 1 , Jianing Zhuang 1 , Yih-Chun Hu 2 , Huayu Zhou 1 1 University of Nevada, Reno 2 University of Illinois,

  1. DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids’ Cyber-Physical Infrastructures Hui Lin 1 , Jianing Zhuang 1 , Yih-Chun Hu 2 , Huayu Zhou 1 1 University of Nevada, Reno 2 University of Illinois, Urbana-Champaign 1

  2. 2

  3. From Passive Detection to Preemptive Prevention • Preemptive approaches disrupting reconnaissance before an adversary starts to inflict physical damage are highly desirable – Preventing reconnaissance on a critical set of physical data can cover more attacks, including unknown ones • Research gap to design practical and efficient anti- reconnaissance approaches – Mimicking system behaviors can be easily detected – Simulations (used in honeypots) are based on a static specification • E.g., inconsistent to proprietary implementation – No not model physical processes 3

  4. Threat Model • We assume that adversaries can compromise any computing devices connected to the control network – Passive attacks monitor network traffic to obtain the knowledge of power grids’ cyber-physical infrastructures – Proactive attacks achieve the same goal by using probing messages – Active attacks manipulate network traffic, including dropping, delaying, compromising existing network packets, or injecting new packets • Passive and proactive attacks are common techniques used in reconnaissance, while active attacks are used to issue attack- concept operations and cause physical damage 4

  5. Design Objective • Disrupt and mislead attackers’ reconnaissance based on passive and proactive attacks, such that their active attacks become ineffective – RO1 & RO2: significantly delay passive and proactive attacks for obtaining the knowledge of the control network – RO3: leverage intelligently crafted decoy data to mislead adversaries into designing ineffective attacks 5

  6. Design Overview of DefRec based on PFV 6

  7. Design Overview of DefRec based on PFV PFV (physical function virtualization): construct virtual nodes that follow the actual implementation of real devices • Complementary to existing Trusted computing base (TCB): security approaches • Network controller application • Edge switches • A few end devices (used as seed devices) • Communication channels connecting them 6

  8. Design Overview of DefRec based on PFV DefRec: specify security policies to disrupt reconnaissance PFV (physical function virtualization): construct virtual nodes that follow the actual implementation of real devices • Complementary to existing Trusted computing base (TCB): security approaches • Network controller application • Edge switches • A few end devices (used as seed devices) • Communication channels connecting them 6

  9. Design Overview of DefRec based on PFV DefRec: specify security policies to disrupt reconnaissance Bus 7 Bus 6 PFV (physical function virtualization): construct virtual nodes that follow the actual implementation of real devices • Complementary to existing Trusted computing base (TCB): security approaches • Network controller application • Edge switches • A few end devices (used as seed devices) • Communication channels connecting them 6

  10. Implementation • Communication networks • Implementation of PFV & DefRec • Physical device • Power grid simulation 7

  11. Implementation – Communication Network • Follow implementation presented in a NSDI paper [1] – Obtained the logical topology of six different communication networks from TopologyZoo dataset – Implemented each network in five HP SDN-compatible switches – In each switch, we grouped physical ports into VLANs (virtual local area network), each of which represents a logical switch; connect VLANs by Ethernet cables – Built Docker instances in seven HP servers as end hosts • Need to enhance each server with Ethernet ports – Implemented DNP3 master and slaves based on opendnp3 library • Alternative approach: use cloud infrastructure, e.g., NSF Geni testbed – Need to configure virtual switches manually – The number of hardware switches are very limited [1] W. Zhou et al., “Enforcing customizable consistency properties in software-defined 8 networks,” in 12th USENIX NSDI, 2015.

  12. Implementation – PFV • PFV: use interaction of real • Virtual node template devices to build virtual nodes – Static configuration of – Virtual node template target network – Profile of seed devices • Profile of physical – Packet hooking component devices – Dynamic behavior at network-layer • Packet hooking component – Construct the outbound packets of virtual nodes – Follow the probabilistic behavior of real devices 9

  13. Implementation – PFV • PFV: use interaction of real • Virtual node template devices to build virtual nodes – Static configuration of – Virtual node template target network – Profile of seed devices • Profile of physical – Packet hooking component devices – Dynamic behavior at network-layer • Packet hooking component – Construct the outbound packets of virtual nodes – Follow the probabilistic behavior of real devices 9

  14. Implementation – PFV • PFV: use interaction of real • Virtual node template devices to build virtual nodes – Static configuration of – Virtual node template target network – Profile of seed devices • Profile of physical – Packet hooking component devices – Dynamic behavior at network-layer • Packet hooking component – Construct the outbound packets of virtual nodes – Follow the probabilistic behavior of real devices 9

  15. Implementation – PFV • PFV: use interaction of real • Virtual node template devices to build virtual nodes – Static configuration of – Virtual node template target network – Profile of seed devices • Profile of physical – Packet hooking component devices – Dynamic behavior at network-layer • Packet hooking component – Construct the outbound packets of virtual nodes – Follow the probabilistic behavior of real devices 9

  16. Implementation – PFV • PFV: use interaction of real • Virtual node template devices to build virtual nodes – Static configuration of – Virtual node template target network – Profile of seed devices • Profile of physical – Packet hooking component devices – Dynamic behavior at network-layer • Packet hooking component – Construct the outbound packets of virtual nodes – Follow the probabilistic behavior of real devices 9

  17. Implementation – PFV • PFV: use interaction of real • Virtual node template devices to build virtual nodes – Static configuration of – Virtual node template target network – Profile of seed devices • Profile of physical – Packet hooking component devices – Dynamic behavior at network-layer • Packet hooking component – Construct the outbound packets of virtual nodes – Follow the probabilistic behavior of real devices 9

  18. Implementation – PFV • PFV: use interaction of real • Implemented based on devices to build virtual nodes SDN (software-defined – Virtual node template networking) – Profile of seed devices – Follow implementation – Packet hooking component found in both security and network communities – ONOS, open source network operating system used in commercial networks – Implemented an encoder/decoder of DNP3 in ONOS core services – Implemented software modules loaded by ONOS core services 10

  19. Attack Misleading Policy for Physical Infrastructure • RO3: craft decoy data as the application-layer payload of network packets from virtual nodes – Mislead adversaries into designing ineffective attacks – Satisfy physical model of power grids 11

  20. Attack Misleading Policy for Physical Infrastructure • RO3: craft decoy data as the application-layer payload of network packets from virtual nodes – Mislead adversaries into designing ineffective attacks – Satisfy physical model of power grids • We use the theoretical model of false data injection attack (FDIAs) as a case study 11

  21. Attack Misleading Policy for Physical Infrastructure • RO3: craft decoy data as the application-layer payload of network packets from virtual nodes – Mislead adversaries into designing ineffective attacks – Satisfy physical model of power grids • We use the theoretical model of An example power grid false data injection attack (FDIAs) as a case study – With accurate knowledge of power grids’ topology, active attacks can compromise measurements without raising alerts in state estimation • Measurement errors are less than a detection threshold 11

  22. Attack Misleading Policy for Physical Infrastructure • RO3: craft decoy data as the application-layer payload of network packets from virtual nodes – Mislead adversaries into designing ineffective attacks – Satisfy physical model of power grids • We use the theoretical model of An example power grid false data injection attack (FDIAs) as a case study – With accurate knowledge of power grids’ topology, active attacks can compromise measurements without raising alerts in state estimation • Measurement errors are less than a detection threshold – With misleading knowledge of power grids’ topology, active attacks raise The power grid with decoy data alerts in state estimation observed by adversaries • Measurement errors are 5,000 times of the detection threshold 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids Cyber-Physical Infrastructures Hui Lin 1 , Jianing Zhuang 1 , Yih-Chun Hu 2 , Huayu Zhou 1 1 University of Nevada, Reno 2 University of Illinois,

344 views • 16 slides
Network Virtualization What is Network Virtualization? Abstraction of the physical network

Network Virtualization What is Network Virtualization? Abstraction of the physical network

Network Virtualization What is Network Virtualization? Abstraction of the physical network Support for multiple logical networks running on a common shared physical substrate A container of network services Aspects of the

589 views • 21 slides
Virtualization and SDN Applications 2 Virtualization Network Virtualization Sharing

Virtualization and SDN Applications 2 Virtualization Network Virtualization Sharing

4/1/2013 Virtualization and SDN Applications 2 Virtualization Network Virtualization Sharing physical hardware or software resources by Share physical network resources to form multiple multiple users and/or use cases diverse virtual

511 views • 5 slides
Virtualization Virtualization Memory virtualization Process feels like it has its own

Virtualization Virtualization Memory virtualization Process feels like it has its own

4/25/08 Virtualization Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view of disks connected to a machine External

441 views • 8 slides
Virtualization What is Virtualization? Virtualization is the simulation of the software and/

Virtualization What is Virtualization? Virtualization is the simulation of the software and/

Virtualization What is Virtualization? Virtualization is the simulation of the software and/ or hardware upon which other software runs. This simulated environment is called a virtual machine --Wikipedia 2 Computer Systems Arch.

1.26k views • 26 slides
Finding the Optimal Reconfiguration for Network Function Virtualization Orchestration with

Finding the Optimal Reconfiguration for Network Function Virtualization Orchestration with

Finding the Optimal Reconfiguration for Network Function Virtualization Orchestration with Time-varied Workload Satyajit Padhy, Jerry Chou National Tsing Hua University The Third International Workshop on Systems and Network Telemetry and

725 views • 26 slides
Recursive Monitoring Language in Network Function Virtualization (NFV) Infrastructure

Recursive Monitoring Language in Network Function Virtualization (NFV) Infrastructure

Recursive Monitoring Language in Network Function Virtualization (NFV) Infrastructure draft-cai-nfvrg-recursive-monitor-00 Xuejun Cai Catalin Meirosu Gregory Mirsky The research leading to these results has received funding from the European

443 views • 10 slides
Flexible Building Blocks for Software Defined Network Function Virtualization

Flexible Building Blocks for Software Defined Network Function Virtualization

Introduction Solution Evaluation Summary Flexible Building Blocks for Software Defined Network Function Virtualization (Tenant-Programmable Virtual Networks) Aryan TaheriMonfared Chunming Rong Department of Electrical Engineering and

1.76k views • 37 slides
Future Internet Chapter 5: Network Function Virtualization 5b: Foundations & Algorithms

Future Internet Chapter 5: Network Function Virtualization 5b: Foundations & Algorithms

Future Internet Chapter 5: Network Function Virtualization 5b: Foundations & Algorithms Holger Karl Computer Networks Group Universitt Paderborn Goals of this session Previous session has dealt with motivating examples and

941 views • 70 slides
Future Internet Chapter 5: Network Function Virtualization 5a: Basics Holger Karl Computer

Future Internet Chapter 5: Network Function Virtualization 5a: Basics Holger Karl Computer

Future Internet Chapter 5: Network Function Virtualization 5a: Basics Holger Karl Computer Networks Group Universitt Paderborn Overview Technical trends & motivation Reference architectures: ETSI, IETF Problems to solve

647 views • 47 slides
CompSci 514: Computer Networks Lecture 16: Network Function Virtualization Xiaowei Yang Adapted

CompSci 514: Computer Networks Lecture 16: Network Function Virtualization Xiaowei Yang Adapted

CompSci 514: Computer Networks Lecture 16: Network Function Virtualization Xiaowei Yang Adapted from Prof. Srinivasa Seshans lecture slides Overview NFV Motivation NFV case study More NFV challenges and solutions Optional

609 views • 35 slides
AMD Pacifica Virtualization Technology AMD Unveils Virtualization Platform AMD Pacifica

AMD Pacifica Virtualization Technology AMD Unveils Virtualization Platform AMD Pacifica

AMD Pacifica Virtualization Technology AMD Unveils Virtualization Platform AMD Pacifica Tutorial 2 Virtual Machine Approaches Carve a Server into Many Virtual Machines Hosted Hypervisor-based Virtualization Virtualization App App

539 views • 18 slides
Distributed Network Function Virtualization Fred Oliveira, Fellow at Verizon Sarath Kumar,

Distributed Network Function Virtualization Fred Oliveira, Fellow at Verizon Sarath Kumar,

Distributed Network Function Virtualization Fred Oliveira, Fellow at Verizon Sarath Kumar, Software Engineer at Big Switch Networks Rimma Iontel, Senior Architect at Red Hat Outline What is Distributed NFV? Why do we need

290 views • 17 slides
4/22/2009 Virtualization Memory virtualization Process feels like it has its own address

4/22/2009 Virtualization Memory virtualization Process feels like it has its own address

4/22/2009 Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Distributed Systems Storage virtualization Logical view of disks connected to a machine

407 views • 3 slides
What about Virtualization? Basic Goals Basic goals: Stephen Hand et al (Xen,

What about Virtualization? Basic Goals Basic goals: Stephen Hand et al (Xen,

Cyber-Physical Systems (CPS) OS / Middleware for Cyber-Physical New innovations needed for software infrastructures Systems Communication, computation & physical system aspects to be considered Example applications: Richard West

274 views • 3 slides
Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare

Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare

Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare metal. Dedicated virtualization machine. Higher performance. Typical for servers. Type 2 Virtualization Hypervisor sits on

571 views • 17 slides
Cryptographically Sound Security Proofs for Basic and Public-key Kerberos ESORICS 2006 M.

Cryptographically Sound Security Proofs for Basic and Public-key Kerberos ESORICS 2006 M.

Cryptographically Sound Security Proofs for Basic and Public-key Kerberos ESORICS 2006 M. Backes 1 , I. Cervesato 2 , A. D. Jaggard 3 , A. Scedrov 4 , and J.-K. Tsay 4 1 Saarland University, 2 Carnegie Mellon University - Qatar, 3 Tulane

370 views • 18 slides
CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1

CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1

Diffie-Hellman key exchange Secure against passive eavesdropping but insecure against a man-in-the-middle attack CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1 2 Adding key

492 views • 5 slides
Chapter 0 Readers Guide Cryptography and Network Security The art of war teaches us to rely

Chapter 0 Readers Guide Cryptography and Network Security The art of war teaches us to rely

Chapter 0 Readers Guide Cryptography and Network Security The art of war teaches us to rely not on the Overview & Chapter 1 likelihood of the enemy's not coming, but on our own readiness to receive him; not on the ; chance of his not

450 views • 4 slides
Advanced Systems Security: Attacks on SGX Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security: Attacks on SGX Trent Jaeger Systems and Internet Infrastructure

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Attacks on SGX Trent Jaeger

523 views • 19 slides
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1516/ Chapter 16: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1516/ Chapter 16: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1516/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec SSL/TLS EAP

899 views • 56 slides
Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference

Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference

Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning Milad Nasr 1 , Reza Shokri 2 , Amir Houmansadr 1 1 University of Massachusetts Amherst, 2 National

568 views • 29 slides
Handout 7 Summary of this handout: Key Exchange Protocols Wide-Mouth Frog Needham-Schroeder

Handout 7 Summary of this handout: Key Exchange Protocols Wide-Mouth Frog Needham-Schroeder

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 8 November, 2012 Handout 7 Summary of this handout: Key Exchange Protocols Wide-Mouth Frog Needham-Schroeder Kerberos

477 views • 10 slides
Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

CSS441 Introduction Concepts Architecture Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

678 views • 23 slides

More recommend