A stealth monitoring mechanism for cyber-physical systems

Detalhes bibliográficos
Autor(a) principal: Graveto, Vitor
Data de Publicação: 2018
Outros Autores: Rosa, Luis, Cruz, Tiago José dos Santos Martins da, Simões, Paulo
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10316/84963
https://doi.org/10.1016/j.ijcip.2018.10.006
Resumo: Supervisory Control and Data Acquisition (SCADA) systems, which are often used in several types of Essential Systems and Critical Infrastructures, depend on control devices such as Programmable Logic Controllers, Remote Terminal Units and Intelligent Electronic Devices. Such devices, which are deployed at the edge of the SCADA infrastructure, directly interface with the physical processes under control. They are often based on embedded systems with limited capabilities and exposed to significant security and safety-related risks, as demonstrated by past incidents such as Stuxnet. However, despite the recognized relevance of those edge devices, they usually lack monitoring mechanisms able to detect device anomalies and/or cyber-physical threats. In this paper we propose a novel approach for stealth monitoring of those control devices, for purposes of security and safety management. This approach builds on cost-effective probes, which we designate as Shadow Security Units (SSU), directly attached to the monitored control devices. This privileged positioning enables the direct and fine-grained observation of both physical inputs/outputs (i.e. the physical processes under control) and network communication flows -- allowing the exploitation of various novel monitoring approaches able to address sophisticated security threats not noticeable otherwise. Moreover, the SSU approach is not limited to SCADA scenarios, being also applicable to similar domains such as the Internet of Things (IoT), Avionics and Self-Driving systems.
id RCAP_4f1db353a91b130f8c19e428841c06ef
oai_identifier_str oai:estudogeral.uc.pt:10316/84963
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling A stealth monitoring mechanism for cyber-physical systemsSafety and security monitoringAnomaly detectionSCADAIndustrial Automation and Control SystemsSupervisory Control and Data Acquisition (SCADA) systems, which are often used in several types of Essential Systems and Critical Infrastructures, depend on control devices such as Programmable Logic Controllers, Remote Terminal Units and Intelligent Electronic Devices. Such devices, which are deployed at the edge of the SCADA infrastructure, directly interface with the physical processes under control. They are often based on embedded systems with limited capabilities and exposed to significant security and safety-related risks, as demonstrated by past incidents such as Stuxnet. However, despite the recognized relevance of those edge devices, they usually lack monitoring mechanisms able to detect device anomalies and/or cyber-physical threats. In this paper we propose a novel approach for stealth monitoring of those control devices, for purposes of security and safety management. This approach builds on cost-effective probes, which we designate as Shadow Security Units (SSU), directly attached to the monitored control devices. This privileged positioning enables the direct and fine-grained observation of both physical inputs/outputs (i.e. the physical processes under control) and network communication flows -- allowing the exploitation of various novel monitoring approaches able to address sophisticated security threats not noticeable otherwise. Moreover, the SSU approach is not limited to SCADA scenarios, being also applicable to similar domains such as the Internet of Things (IoT), Avionics and Self-Driving systems.European Commission H2020 ; 700581 - ATENA - Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructuresElsevier2018-10-22info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttp://hdl.handle.net/10316/84963http://hdl.handle.net/10316/84963https://doi.org/10.1016/j.ijcip.2018.10.006eng1874-5482Graveto, VitorRosa, LuisCruz, Tiago José dos Santos Martins daSimões, Pauloinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2020-02-11T13:37:29Zoai:estudogeral.uc.pt:10316/84963Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T21:06:27.027303Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv A stealth monitoring mechanism for cyber-physical systems
title A stealth monitoring mechanism for cyber-physical systems
spellingShingle A stealth monitoring mechanism for cyber-physical systems
Graveto, Vitor
Safety and security monitoring
Anomaly detection
SCADA
Industrial Automation and Control Systems
title_short A stealth monitoring mechanism for cyber-physical systems
title_full A stealth monitoring mechanism for cyber-physical systems
title_fullStr A stealth monitoring mechanism for cyber-physical systems
title_full_unstemmed A stealth monitoring mechanism for cyber-physical systems
title_sort A stealth monitoring mechanism for cyber-physical systems
author Graveto, Vitor
author_facet Graveto, Vitor
Rosa, Luis
Cruz, Tiago José dos Santos Martins da
Simões, Paulo
author_role author
author2 Rosa, Luis
Cruz, Tiago José dos Santos Martins da
Simões, Paulo
author2_role author
author
author
dc.contributor.author.fl_str_mv Graveto, Vitor
Rosa, Luis
Cruz, Tiago José dos Santos Martins da
Simões, Paulo
dc.subject.por.fl_str_mv Safety and security monitoring
Anomaly detection
SCADA
Industrial Automation and Control Systems
topic Safety and security monitoring
Anomaly detection
SCADA
Industrial Automation and Control Systems
description Supervisory Control and Data Acquisition (SCADA) systems, which are often used in several types of Essential Systems and Critical Infrastructures, depend on control devices such as Programmable Logic Controllers, Remote Terminal Units and Intelligent Electronic Devices. Such devices, which are deployed at the edge of the SCADA infrastructure, directly interface with the physical processes under control. They are often based on embedded systems with limited capabilities and exposed to significant security and safety-related risks, as demonstrated by past incidents such as Stuxnet. However, despite the recognized relevance of those edge devices, they usually lack monitoring mechanisms able to detect device anomalies and/or cyber-physical threats. In this paper we propose a novel approach for stealth monitoring of those control devices, for purposes of security and safety management. This approach builds on cost-effective probes, which we designate as Shadow Security Units (SSU), directly attached to the monitored control devices. This privileged positioning enables the direct and fine-grained observation of both physical inputs/outputs (i.e. the physical processes under control) and network communication flows -- allowing the exploitation of various novel monitoring approaches able to address sophisticated security threats not noticeable otherwise. Moreover, the SSU approach is not limited to SCADA scenarios, being also applicable to similar domains such as the Internet of Things (IoT), Avionics and Self-Driving systems.
publishDate 2018
dc.date.none.fl_str_mv 2018-10-22
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10316/84963
http://hdl.handle.net/10316/84963
https://doi.org/10.1016/j.ijcip.2018.10.006
url http://hdl.handle.net/10316/84963
https://doi.org/10.1016/j.ijcip.2018.10.006
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 1874-5482
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.publisher.none.fl_str_mv Elsevier
publisher.none.fl_str_mv Elsevier
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799133956519493632

Registros relacionados