cyber-physical security through information flow
TRANSCRIPT
![Page 1: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/1.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [1]
© Bruce McMillin May 2020
Cyber-Physical Security
Through Information Flow
Bruce McMillin
Professor and Interim Chair, Department of Computer Science
2018-2020 Distinguished Visitor
Missouri University of Science and Technology
325 Computer Science, 500 W. 15th St., Rolla, MO 65409
o/ (573) 341-6435 e/ [email protected]
![Page 2: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/2.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [2]
© Bruce McMillin May 2020
Cyber-Physical Security
Through Information Flow
Bruce McMillin
Professor and Interim Chair, Department of Computer Science
2018-2020 Distinguished Visitor
Missouri University of Science and Technology
325 Computer Science, 500 W. 15th St., Rolla, MO 65409
o/ (573) 341-6435 e/ [email protected]
![Page 3: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/3.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [3]
© Bruce McMillin May 2020
Where is Missouri S&T
9 9 Departments, 7500 Students in Engineering
![Page 4: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/4.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [4]
© Bruce McMillin May 2020
● Cyber-Physical Systems(CPS) are physical systemsthat are controlled andmonitored throughcomputer-based systems.
● Critical infrastructures of anation are CPS
○ Water treatment plant○ Smart grid○ Manufacturing plant○ Autonomous Vehicle○ Airspace Management
CPS
4
![Page 5: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/5.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [5]
© Bruce McMillin May 2020
A modern Cyber-Physical System
• Community
• Local Management
• Locally Sourced
![Page 6: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/6.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [6]
© Bruce McMillin May 2020
Modern Security Domains
• Community
• Local Management
• Secure
• Locally Sourced
• Privacy Preserving
![Page 7: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/7.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [7]
© Bruce McMillin May 2020
Non-Intrusive Load Monitoring
![Page 8: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/8.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [8]
© Bruce McMillin May 2020
Management and Governance
• Utility?
– NISTIR 7628
• Cloud?
– NERC CIP
– Timing
• Fog?
– IoT
– Locally Managed
– Locally Protected
![Page 9: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/9.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [9]
© Bruce McMillin May 2020
Cloud
Fog
https://electronicsofthings.com/expert-opinion/fog-computing-relevance-iot/https://www.etsy.com/listing/559016362/there-is-no-cloud-its-just-someone-else
https://www.wired.com/story/its-time-to-think-beyond-cloud-computing/
Mist
Dew
https://www.pubnub.com/blog/moving-the-cloud-to-the-edge-computing/
http://thewallpaper.co/dew-drops-high-definition-wallpaper-download-dew-drops-images-free-wallpaper-of-windows-desktop-images-high-resolution-1920x1080/
![Page 10: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/10.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [10]
© Bruce McMillin May 2020
Transactive Energy Management
More Critical need
Lesser need
Who needs Power?
Transfer Power
![Page 11: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/11.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [11]
© Bruce McMillin May 2020
•Peer-to-peer transactive energy
c cc
c cc
c
![Page 12: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/12.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [12]
© Bruce McMillin May 2020
Threats
• Physical
• Cyber
• Cyber-enabled Physical
• Physically-enabled Cyber Stealing Plant Secrets
![Page 13: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/13.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [13]
© Bruce McMillin May 2020
Firewalls
Figure Source, Manufacturers Automation, Inc.
![Page 14: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/14.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [14]
© Bruce McMillin May 2020
Seems Simple, What could go
wrong?
• Physical
• Cyber
• Cyber-enabled Physical
• Physically-enabled Cyber
![Page 15: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/15.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [15]
© Bruce McMillin May 2020
![Page 16: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/16.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [16]
© Bruce McMillin May 2020
![Page 17: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/17.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [17]
© Bruce McMillin May 2020
![Page 18: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/18.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [18]
© Bruce McMillin May 2020
![Page 19: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/19.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [19]
© Bruce McMillin May 2020
![Page 20: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/20.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [20]
© Bruce McMillin May 2020
![Page 21: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/21.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [21]
© Bruce McMillin May 2020
Data to market and other systemsEMS
Energy Management System
SCADASupervisory Control and Data
Acquisition
System Control Center
Sensor Actuators,
etc.,
Sensor Actuators,
etc.,
Sensor Actuators,
etc.,
RTU Remote Terminal
unit
RTU Remote Terminal
unit
RTU Remote Terminal
unit
Messages
SCADA System - from National Academies
• Centralized Supervisory Control And Data Acquisition (SCADA)
• Electric Utility Control
A
Business Network
![Page 22: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/22.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [22]
© Bruce McMillin May 2020June 1, 2004Computer Security: Art and Science
©2002-2004 Matt BishopSlide #6-22
Biba Model - 1975
• Integrity Levels:
• The higher the level, the more confidence
– That a program will execute correctly
– That data is accurate and/or reliable
• Note relationship between integrity and trustworthiness
• Important point: integrity levels are notsecurity levels
![Page 23: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/23.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [23]
© Bruce McMillin May 2020June 1, 2004Computer Security: Art and Science
©2002-2004 Matt BishopSlide #6-23
Problems
• Subjects’ integrity levels decrease as system runs– Soon no subject will be able to access objects at high
integrity levels
• Alternative: change object levels rather than subject levels– Soon all objects will be at the lowest integrity level
• Crux of problem is model prevents indirect modification– Because subject levels lowered when subject reads
from low-integrity object
![Page 24: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/24.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [24]
© Bruce McMillin May 2020
![Page 25: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/25.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [25]
© Bruce McMillin May 2020
BIBA Data to market and other systems
EMS Energy Management System
SCADASupervisory Control and Data
Acquisition
System Control Center
Sensor Actuators,
etc.,
Sensor Actuators,
etc.,
Sensor Actuators,
etc.,
RTU Remote Terminal
unit
RTU Remote Terminal
unit
RTU Remote Terminal
unit
A
B
Business Network
Messages
![Page 26: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/26.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [26]
© Bruce McMillin May 2020
Security? Bell-La Padula• Military Multi-Level Security Model
– No Read Up
– No Write Down
• Military Commander– Write to troops?– Downgrade
Top Secret
Secret
Confidential
Unclassified
No
Rea
d U
p
No
Write D
ow
n
![Page 27: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/27.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [27]
© Bruce McMillin May 2020
EMS Energy Management System
SCADASupervisory Control and Data
Acquisition
System Control Center
Sensor Actuators,
etc.,
Sensor Actuators,
etc.,
Sensor Actuators,
etc.,
RTU Remote Terminal
unit
RTU Remote Terminal
unit
RTU Remote Terminal
unit
BLPBusiness Network
1
2
3
4
5Messages
Actuation
Sensor Readings
Physical Readings
Control
Data to market and other systems
Data to market and other systems
Data to market and other systems
![Page 28: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/28.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [28]
© Bruce McMillin May 2020
BLP
Data to market and other systems
EMS Energy Management System
SCADASupervisory Control and Data
Acquisition
System Control Center
Sensor Actuators,
etc.,
Sensor Actuators,
etc.,
Sensor Actuators,
etc.,
RTU Remote Terminal
unit
RTU Remote Terminal
unit
RTU Remote Terminal
unit
B
A
Business Network
Messages
![Page 29: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/29.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [29]
© Bruce McMillin May 2020
Fog Energy Management
Transfer Power
![Page 30: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/30.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [30]
© Bruce McMillin May 2020
The overlapping security domains
in an IoT smart grid environment.
30
Deducible
Non-DeducibleNon-Deducible
![Page 31: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/31.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [31]
© Bruce McMillin May 2020
Information Present in the Physical Entity
31
![Page 32: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/32.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [32]
© Bruce McMillin May 2020
Information Flow Models
• A CPS performs physical actions that are observable
• Should keep these secret – loss of confidentiality/privacy
• Should not keep these secret – loss of integrity
• Some models
– Non-interference – Goguen and Messegeur 1982
• High-level events do not interfere with the low level outputs
– Non-inference – O’Halloran 1990
• Removing high-level events leaves a valid system trace
– Non-deducibility – Sutherland 1986
• Low-level observation is compatible with any of the high-level inputs.
![Page 33: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/33.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [33]
© Bruce McMillin May 2020
Information Present in the Physical Entity
(Non-interference view)
33
CommandCommand
Actions Blocked
Not a good model for CPS
![Page 34: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/34.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [34]
© Bruce McMillin May 2020
Information Flow Models
• A CPS performs physical actions that are observable
• Should keep these secret – loss of confidentiality/privacy
• Should not keep these secret – loss of integrity
• Some models
– Non-interference – Goguen and Messegeur 1982
• High-level events do not interfere with the low level outputs
– Non-inference – O-Halloran 1990
• Removing high-level events leaves a valid system trace
– Non-deducibility – Sutherland 1986
• Low-level observation is compatible with any of the high-level inputs.
![Page 35: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/35.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [35]
© Bruce McMillin May 2020
Information Present in the Physical Entity
(Non-inference view)
35
CommandPotentially a good model for CPS
![Page 36: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/36.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [36]
© Bruce McMillin May 2020
Information Flow Models
• A CPS performs physical actions that are observable
• Should keep these secret – loss of confidentiality/privacy
• Should not keep these secret – loss of integrity
• Some models
– Non-interference – Goguen and Messegeur 1982
• High-level events do not interfere with the low level outputs
– Non-inference – O-Halloran 1990
• Removing high-level events leaves a valid system trace
– Non-deducibility – Sutherland 1986
• Low-level observation is compatible with any of the high-level inputs.
![Page 37: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/37.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [37]
© Bruce McMillin May 2020
Information Present in the Physical Entity
(Non-deducibility view)
37
CommandA good model for CPS
![Page 38: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/38.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [38]
© Bruce McMillin May 2020
The overlapping security domains
in a CPS environment.
38
Deducible
Non-DeducibleNon-Deducible
![Page 39: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/39.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [39]
© Bruce McMillin May 2020
Non-deducibility
• Non-deducibility
– Good?
- Bad?
Secure Domain
Open Domain
Open Domain
Inside DomainNon-deducibility is a bidirectional model.
![Page 40: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/40.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [40]
© Bruce McMillin May 2020
The Challenge
• Prevent the bad guys from seeing
confidential/private information.
• Make sure the good guys can deduce that
an attack is happening from the bad guys
• In a CPS
• With the same model
![Page 41: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/41.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [41]
© Bruce McMillin May 2020
Multiple Domain Nondeducibility
On any given world, the valuation functions, Vix (w) , will return the value
of the corresponding state variable x as seen by an entity in a partition, i.
![Page 42: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/42.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [42]
© Bruce McMillin May 2020
Multiple Domains of Stuxnet
![Page 43: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/43.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [43]
© Bruce McMillin May 2020
Stuxnet Attack
I1,0, B1I1,0T1,0
I2,1, B2I2,1T2,1
![Page 44: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/44.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [44]
© Bruce McMillin May 2020
Stuxnet Attack
I1,0, B1I1,0T1,0
I2,1, B2I2,1T2,1
I4,3, ~B4I4,3~T4,3
I4,0, B4I4,0T4,0
Alert,Mismatch
![Page 45: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/45.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [45]
© Bruce McMillin May 2020
Tank
Monitoring Station
Filtration Units
Secure Water Treatment Testbed (SWaT)
![Page 46: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/46.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [47]
© Bruce McMillin May 2020
Process 1: Raw Water
Purpose is to supply water to other processes of SWaT
![Page 47: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/47.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [49]
© Bruce McMillin May 2020
Working of MSDND
ValveRAW
WATER TANK
PUMP
LIT101 P101
PROCESS 1
Flow Sensor
Flow Sensor
SD0 SD1SD2 SD3 SD4
SD5 PLC 1
LIT – Level Indication Transmitter, FIT – Flow Indication Transmitter, MV101 – Motorized Valves and P - Pump
MV101FIT101 FIT101
![Page 48: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/48.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [50]
© Bruce McMillin May 2020
Working of MSDND (Cont.)
TankT101
LIT101
PLC1Operator
PUMP
FIT102
MV101
FIT101
VIRUS
SD0
SD3
SD4
SD5
SD2
SD1
SD6
I6,2 ∼lB6I6,2 ∼lT6,2 ∼l
I5,6lB5I5,6lT5,6l
![Page 49: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/49.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [51]
© Bruce McMillin May 2020
> Since B5I5,6 l ∧ T5,6 l → B5 l, the PLC believes the lie told in all cases. Therefore, unknown to entities in SD2, V2l (w) and V2∼l (w) cannot be evaluated. Therefore l is MSDND secure from SD2.
> MSDND(ES) = ∃ w ∈ W →[(Sl⊕ S∼l )] ∧ [w |= (∄V SD5∼l (w)
∧ ∄V SD5l (w))]
> This is BAD for the plant as the threat goes undetected
Working of MSDND (Cont.)
![Page 50: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/50.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [52]
© Bruce McMillin May 2020
Working of MSDND (Cont.)
TankT101
LIT101
PLC1Operator
PUMP
FIT102
MV101
FIT101
VIRUS
SD0
SD8
SD3
SD4
SD5
SD2
SD1
SD6
I6,2 ∼lB3I6,2 ∼lT6,2 ∼l
I5,6lB5I5,6lT5,6l
Total Water = (Water Inflow – Water Outflow) *
Const
I7,8lB5I7,8lT7,8l
![Page 51: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/51.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [53]
© Bruce McMillin May 2020
• Now when we take the ‘and’ operation for both the normal working and when an invariant is considered, we can conclude that the system is working normally
• Sinvariant ∧ Sl = S∗; System is working normally if and if only this is true
• MSDND(ES) = ∃ w ∈ W →[(S∗⊕ S∼l )] ∧ [w |= (∄V SD5∼l
(w) ∧ ∃VSD5l (w))]
Working of MSDND (Cont.)
![Page 52: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/52.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [54]
© Bruce McMillin May 2020
• When an invariant fails, the tile with that invariant turns red
Working of MSDND (Cont.)
![Page 53: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/53.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [55]
© Bruce McMillin May 2020
• Conclusion (Cont.)Process Comp Summary Suggestions
Process 1 4 Invariants Developed : 4Invariants Matching : 4Vulnerabilities remaining : 0
Invariants for FIT and LIT should be modified to better capture multipoint attacks
Process 2 11 Invariants Developed : 7Invariants Matching : 0Vulnerabilities remaining : 6
Chemical processes should be further analyzed for getting more reliable invariants. Chemical dosing pumps and level indication should be modified.
Process 3 9 Invariants Developed : 4Invariants Matching : 3Vulnerabilities remaining : 2
Several attacks can be performed on motorized valves for damaging pumps and draining water. Install PIT near UF Unit to generate invariant for DPIT
Process 4 7 Invariants Developed : 3Invariants Matching : 3Vulnerabilities remaining : 1
Dichlorination Unit and NaHSO3 dosings effects chemical properties of water, using this, better invariants should be made as it effects RO Unit
![Page 54: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/54.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [56]
© Bruce McMillin May 2020
Process Comp Summary Suggestions
Process 5 16 Invariants Developed : 7Invariants Matching : 0Vulnerabilities remaining : 9
Many MSDND Secure paths are identified, invariants should be developed to break the MSDND security
Process 6 7 Invariants Developed : 2Invariants Matching : 0Vulnerabilities remaining : 5
Level switches should be replaced with level indicators, and more FIT’s should be installed for getting invariant
![Page 55: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/55.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [57]
© Bruce McMillin May 2020
Another Typical Result
Power System Testbed in Singapore• Solar• Batteries• Generators• Loads
![Page 56: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/56.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [58]
© Bruce McMillin May 2020
WHAT TO DO WITH THIS INFORMATION?
![Page 57: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/57.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [59]
© Bruce McMillin May 2020
What to do with this information?
• Measure System Security Resilience
– Using the uniform information flow model
• Improve Design
– Mitigate MSDND paths
• Mitigate Attacks through Engineered Knowledge to Break MSDND
– Active defense against • Cyber Enabled Physical
• Physically Enabled Cyber
This is Hard to Do
![Page 58: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/58.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [60]
© Bruce McMillin May 2020
Goals • Automated Security
Domain Construction• Semantic Bridges and
Oracle Owls• Design-Centric
• Port Hamiltonian Systems
• State Estimation • Algebraic, Spatio-
temporal & Real-Time Dynamic State Estimation
• Data Science • Learn behavior with
ground truth
How to provide a functioning CPS without relying on assumptions of trust, but instead developing trust among components?
• Experimentation on real infrastructures• Power, Water, Manufacturing, Transportation
![Page 59: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/59.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [61]
© Bruce McMillin May 2020
Findings
Data Centric
Design CentricDiverge
Association Rule Mining, Generalized Linear Modeling
?
Subtle Theft, Slow Drift
![Page 60: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/60.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [62]
© Bruce McMillin May 2020
Traditional View –Castle/Maginot Line/BLP
– High level vs low level– Firewalls, Defense in Depth– Does not address cyber-
physical nor insider attacks
Modern Environment– Multiple security domains– High/low, Insider vs Outsider
has changed ▪ We are INSIDE the system
– How do we secure the cyber-physical?
![Page 61: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/61.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [63]
© Bruce McMillin May 2020
Ethics in these systems
Trolley Problem
![Page 62: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/62.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [64]
© Bruce McMillin May 2020
Will people use this?
• Privacy
– Norway vs. USA
• Resilience
– Cyber threats
• Fog?
– Ethical Issues
Your Thoughts?
![Page 63: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/63.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [65]
© Bruce McMillin May 2020
A Professional Society
• Local Seminars
• Get-together
• Quality
– Accreditation
– Peer Review
– Standards
![Page 64: Cyber-Physical Security Through Information Flow](https://reader034.vdocuments.mx/reader034/viewer/2022052110/6288621a0fed160125058ba6/html5/thumbnails/64.jpg)
Ian Ferguson ([email protected]) College of Engineering and Computing: ABET Visit, Oct. 2014 Slide [66]
© Bruce McMillin May 2020
Cyber-Physical Security
Through Information Flow
Bruce McMillin
Professor and Interim Chair, Department of Computer Science
2018-2020 Distinguished Visitor
Missouri University of Science and Technology
325 Computer Science, 500 W. 15th St., Rolla, MO 65409
o/ (573) 341-6435 e/ [email protected]