system aware cyber security
play

System Aware Cyber Security Application of Dynamic System Models - PowerPoint PPT Presentation

Sep 12, 2023 •92 likes •518 views

System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology to the Cyber Security of Physical Systems Barry M. Horowitz, Kate Pierce University of Virginia April, 2012 This material is based upon work

  1. System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology to the Cyber Security of Physical Systems Barry M. Horowitz, Kate Pierce University of Virginia April, 2012 This material is based upon work supported, in whole or in part, by the U.S. Department of Defense through the Systems Engineering Research Center (SERC) under Contract H98230-08-D-0171. SERC is a federally funded University Affiliated Research Center managed by Stevens Institute of Technology

  2. Objectives for System Aware Cyber Security Research • Increase cyber security by developing new system engineering-based technology that provides a Point Defense option for cyber security • Inside the system being protected, for the most critical functions • Complements current defense approaches of network and perimeter cyber security • Directly address supply chain and insider threats that perimeter security does not protect against • Including physical systems as well as information systems • Provide technology design patterns that are reusable and address the assurance of data integrity and rapid forensics, as well as denial of service • Develop a systems engineering scoring framework for evaluating cyber security architectures and what they protect, to arrive at the most cost-effective integrated solution

  3. Publications Jennifer L. Bayuk and Barry M. Horowitz, An Architectural Systems Engineering Methodology for Addressing Cyber Security, Systems Engineering 14 (2011), 294-304. Rick A. Jones and Barry M. Horowitz, System-Aware Cyber Security, • ITNG, 2011 Eighth IEEE International Conference on Information Technology: New Generations, April, 2011, pp. 914-917. (Best Student Paper Award) Rick A. Jones and Barry M. Horowitz, System-Aware Security for • Nuclear Power Systems, 2011 IEEE International Conference on Technologies for Homeland Security, November, 2011. (Featured Conference Paper) Rick A. Jones and Barry M. Horowitz, A System-Aware Cyber • Security Architecture, Systems Engineering, Volume 15, No. 2, February, 2012

  4. System-Aware Cyber Security Architecture • System-Aware Cyber Security Architectures combine design techniques from 3 communities – Cyber Security – Fault-Tolerant Systems – Automatic Control Systems • The point defense solution designers need to come from the communities related to system design, providing a new orientation to complement the established approaches of the information assurance community • New point defense solutions will have independent failure modes from traditional solutions, thereby minimizing probabilities of successful attack via greater defense in depth

  5. A Set of Techniques Utilized in System-Aware Security Cyber Security Fault-Tolerance Automatic Control *Data Provenance *Diverse Redundancy *Physical Control for *Moving Target (DoS, Automated Restoral) Configuration Hopping ( Virtual Control for Hopping) *Redundant Component Voting (Moving Target, Restoral) *Forensics (Data Integrity, Restoral) *State Estimation (Data Integrity) *System Identification (Tactical Forensics, Restoral)

  6. A Set of Techniques Utilized in System-Aware Security Cyber Security Fault-Tolerance Automatic Control *Data Provenance *Diverse Redundancy *Physical Control for *Moving Target (DoS, Automated Restoral) Configuration Hopping ( Virtual Control for Hopping) *Redundant Component Voting (Moving Target, Restoral) *Forensics (Data Integrity, Restoral) *State Estimation (Data Integrity) *System Identification (Tactical Forensics, Restoral) This combination of solutions requires adversaries to: • Understand the details of how the targeted systems actually work

  7. A Set of Techniques Utilized in System-Aware Security Cyber Security Fault-Tolerance Automatic Control *Data Provenance *Diverse Redundancy *Physical Control for *Moving Target (DoS, Automated Restoral) Configuration Hopping ( Virtual Control for Hopping) *Redundant Component Voting (Moving Target, Restoral) *Forensics (Data Integrity, Restoral) *State Estimation (Data Integrity) *System Identification (Tactical Forensics, Restoral) This combination of solutions requires adversaries to: • Understand the details of how the targeted systems actually work • Develop synchronized, distributed exploits consistent with how the attacked system actually works

  8. A Set of Techniques Utilized in System-Aware Security Cyber Security Fault-Tolerance Automatic Control *Data Provenance *Diverse Redundancy *Physical Control for *Moving Target (DoS, Automated Restoral) Configuration Hopping ( Virtual Control for Hopping) *Redundant Component Voting (Moving Target, Restoral) *Forensics (Data Integrity, Restoral) *State Estimation (Data Integrity) *System Identification (Tactical Forensics, Restoral) If implemented properly, this combination of solutions requires adversaries to: • Understand the details of how the targeted systems actually work • Develop synchronized, distributed exploits consistent with how the attacked system actually works • Corrupt multiple supply chains

  9. Example Design Patterns Under Development • Diverse Redundancy for post-attack restoration • Diverse Redundancy + Verifiable Voting for trans-attack defense • Physical Configuration Hopping for moving target defense • Virtual Configuration Hopping for moving target defense • Physical Confirmations of Digital Data • Data Consistency Checking

  10. ATTACK 1: OPERATOR DISPLAY ATTACK ATTACK 2: CONTROL SYSTEM & OPERATOR DISPLAY ATTACK ATTACK 3: SENSOR SYSTEM ATTACK

  11. ATTACKS 1 & 2 OPERATOR DISPLAY ATTACK/ COORDINATED CONTROL SYSTEM & OPERATOR DISPLAY ATTACK

  12. The Problem Being Addressed • Highly automated physical system • Operator monitoring function, including criteria for human over-ride of the automation • Critical system states for both operator observation and feedback control – consider as least trusted from cyber security viewpoint • Other measured system states – consider as more trusted from cyber security viewpoint • CYBER ATTACK: Create a problematic outcome by disrupting human display data and/or critical feedback control data.

  13. Cyber Attack: Damaging Turbine and Hiding its Effects Main No Operator Control Corrective Action Control Room Sensor Inputs Sensors * Incorrect Real Time Controller Status Health Reactor Vendor 1 Status Turbine Trip Control Controller Station Turbine I&C * Turbine Safety Measurements Damaging Actuation • Speed, Load, and Pressure Incorrect Real **Controller Status Measurements Time Turbine • Hardware and System Health Status Status • Software Execution Features • I/O Status

  14. Simplified Block Diagram for Inference-Based Data Integrity Detection System Less Critical/ More Trusted Measured States (Other Than Operator & Feedback Control Protected States Sensors System Feedback Control States System Operator Observed States System Controller Critical Data Integrity Data State Alerts Integrity Estimator Estimates of Checker Operator Observed States

  15. EXAMPLE

  16. Regulating a Linear Physical System (1)

  17. Regulating a Linear Physical System (2) • System measurements are represented by: • y (k) = C x (k) + v (k) • Where y (k) is a m vector of measurements at time interval k • C is a mxn measurement matrix • v (k) is an m vector representing measurement noise

  18. A Simulation Model for Regulating the States of the System • To facilitate evaluating the data consistency cyber security design pattern: – Simulate a linear system controller to sustain the states of a system at designated levels – Optimal Regulator Solution (LQG) utilized for simulation • White Gaussian noise • Separation Theorem • Kalman Filter for state estimation • Ricatti Equation-based controller for feedback control – Controller feed back law based upon variances of input noise, measurement noise and the A,B and C matrices of the system dynamics model

  19. Example State Equations and Noise Assumptions A = [ 1, 1. -.02, -.01 .01, 1, -.01, 0 .2, .01, 1, 1 -.01, .02, -.01, 1 ]; K1 = 0.25; process noise variances for each of the states B = [ 0 , 1 , 0 , 0 ]; Operator Observed (less K2 = 0.25; sensor noise trusted): variances for each of the C = [ 1, 0, 0, 0 ]; measurements Related States (unobserved by operator, more trusted): C2 = [ 0 1 0 0; 0 0 1 0; 0 0 0 1 ]

  20. Simulated System Operation for Regulation of a State Component at 500

  21. Simulated Normal Operation True Monitored State Operator Observed State Inferred Monitored State Δ in Operator and Inferred States

  22. Simulated Normal Operation True Monitored State Operator Observed State Inferred Monitored State Δ in Operator and Inferred States

  23. REPLAY ATTACK TO CAUSE ERRONEOUS OPERATOR ACTION

  24. Simulated Replay Attack Operator Observed State True Monitored State Trusted Observed System Inferred Monitored State Δ in Operator and Inferred States

  25. Simulated Replay Attack Operator Observed State True Monitored State Trusted Observed System Inferred Monitored State Δ in Operator and Inferred States

  26. ATTACK TO ADJUST REGULATOR OBJECTIVES AND MASK THE PHYSICAL CHANGE THROUGH REPLAY ATTACK ON OPERATOR DISPLAYS

  27. Simulated System Output Based Upon Controller Attack

  28. Simulated Regulator Attack True Monitored State Operator Observed State Δ in Operator and Inferred States Inferred Monitored State

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

System Aware Cyber Security Barry M. Horowitz, PI University of Virginia November, 2012 System

System Aware Cyber Security Barry M. Horowitz, PI University of Virginia November, 2012 System

System Aware Cyber Security Barry M. Horowitz, PI University of Virginia November, 2012 System Aware Cyber Security Operates at the system application-layer , For security inside of the network and perimeter protection provided for the

164 views • 3 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
Synergy: Collaborative: Security and Privacy-Aware Cyber-Physical Systems (NSF CNS-1505799 and

Synergy: Collaborative: Security and Privacy-Aware Cyber-Physical Systems (NSF CNS-1505799 and

Synergy: Collaborative: Security and Privacy-Aware Cyber-Physical Systems (NSF CNS-1505799 and the Intel-NSF Partnership for Cyber- Physical Systems Security and Privacy) Insup Lee (PI) PRECISE Center School of Engineering and Applied Science

1.11k views • 34 slides
90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO HUMAN ERROR ERROR CYBER AWARE CYBER AWARE NEXT-GEN SECURITY AWARENESS TRAINING Cyber Crime Is Now A Cyber Crime Is Now A Business Opportunity

550 views • 25 slides
Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman

Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman

Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio October 16, 2013 SafeConfig 2013: IEEE 6th

227 views • 18 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations Christopher S. Yoo

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations Christopher S. Yoo

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations Christopher S. Yoo University of Pennsylvania July 12, 2018 Overview of Research Tort and products liability for CPS Privacy and cybersecurity regulation NHTSA

472 views • 25 slides
Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System

Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System

Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System Dr. Igor Nai Fovino Head of the Research Department Global Cyber Security Center The Global Cyber Security Center, is an International not-for-profit

615 views • 33 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Leveraging Physical Models for Attacking and Defending PLCs Luis Garcia 4N6 Cyber Security &

Leveraging Physical Models for Attacking and Defending PLCs Luis Garcia 4N6 Cyber Security &

Leveraging Physical Models for Attacking and Defending PLCs Luis Garcia 4N6 Cyber Security & Forensics Research Lab ECE Department Rutgers University Outline Background Harvey: Model-Aware Rootkit System Model

934 views • 71 slides
Cyber-Physical System Security Alia Long Advanced Research in Cyber Systems (ARCS) Los Alamos

Cyber-Physical System Security Alia Long Advanced Research in Cyber Systems (ARCS) Los Alamos

Cyber-Physical System Security Alia Long Advanced Research in Cyber Systems (ARCS) Los Alamos National Laboratory LA-UR-17-27644 Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA A Cyber-Physical Model

837 views • 7 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
ASPASIA Project Presentation ASPASIA Project Presentation AGCFG4 and NexSAT9 Meeting Brussels, 13

ASPASIA Project Presentation ASPASIA Project Presentation AGCFG4 and NexSAT9 Meeting Brussels, 13

Aeronautical Surveillance & Planning by Advanced Satellite-Implemented Applications ASPASIA Project Presentation ASPASIA Project Presentation AGCFG4 and NexSAT9 Meeting Brussels, 13 th and 14 th September 2007 Antonio Paradell, Atos Origin

801 views • 42 slides
using insights from Systems Thinking Richard Hummelbrunner Independent evaluator Graz, Austria

using insights from Systems Thinking Richard Hummelbrunner Independent evaluator Graz, Austria

Monitoring and evaluating complex interventions using insights from Systems Thinking Richard Hummelbrunner Independent evaluator Graz, Austria 1 Challenges of increasing complexity for M&E Interventions become more complex (=

426 views • 13 slides
Volvo Group presentation Driving prosperity through transport solutions OUR MISSION Driving

Volvo Group presentation Driving prosperity through transport solutions OUR MISSION Driving

Volvo Group presentation Driving prosperity through transport solutions OUR MISSION Driving prosperity through transport solutions Modern logistics is a prerequisite for our economic welfare: transport helps combat poverty. Transport is not

537 views • 37 slides
Presentation Technology: A Comparison for Courtroom Use by Suann Ingle An earlier version of this

Presentation Technology: A Comparison for Courtroom Use by Suann Ingle An earlier version of this

1 Presentation Technology: A Comparison for Courtroom Use by Suann Ingle An earlier version of this article appeared in the Spring 2001 issue of Network , the American Bar Associations newsletter for the Business Law Section of its Committee

542 views • 6 slides
Community College System of NH, GOFERR Presentation, April 29, 2020: COVID Impacts, Relief Needs

Community College System of NH, GOFERR Presentation, April 29, 2020: COVID Impacts, Relief Needs

Community College System of NH, GOFERR Presentation, April 29, 2020: COVID Impacts, Relief Needs for Program Completion and Workforce Training Impact of COVID-19 on our Students and Colleges National estimates are that half of community college

270 views • 9 slides
CASCADIA HIGH SPEED RAIL September 2018 Business Prospectus Table of Contents Letter from the

CASCADIA HIGH SPEED RAIL September 2018 Business Prospectus Table of Contents Letter from the

Brad Perkins CEO/CHSR Cascadia High Speed Rail Corridor: Business Prospectus CASCADIA HIGH SPEED RAIL September 2018 Business Prospectus Table of Contents Letter from the Chief Executive Officer 1 Section 1 Background 2 Section 2 The

594 views • 41 slides
2015 Summary Climate change is a threat in the U.S. -- We are already feeling the dangerous and

2015 Summary Climate change is a threat in the U.S. -- We are already feeling the dangerous and

2015 Summary Climate change is a threat in the U.S. -- We are already feeling the dangerous and costly effects of a changing climate affecting peoples lives, family budgets, and businesses bottom lines EPA is taking three actions that

694 views • 41 slides
2 Amateur Photography http://sevennine.net/archives/2009/10/01/torontos-skyline-at-night/ 3

2 Amateur Photography http://sevennine.net/archives/2009/10/01/torontos-skyline-at-night/ 3

Syn thetic Full System Traffic Models Capturing Cache Coherence Behaviour Mario Badr | Natalie Enright Jerger 2 Amateur Photography http://sevennine.net/archives/2009/10/01/torontos-skyline-at-night/ 3 Photography 101

931 views • 57 slides

More recommend