A stealth monitoring mechanism for cyber-physical systems
| Main Author: | |
|---|---|
| Publication Date: | 2018 |
| Other Authors: | , , |
| Format: | Article |
| Language: | eng |
| Source: | Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| Download full: | https://hdl.handle.net/10316/84963 https://doi.org/10.1016/j.ijcip.2018.10.006 |
Summary: | Supervisory Control and Data Acquisition (SCADA) systems, which are often used in several types of Essential Systems and Critical Infrastructures, depend on control devices such as Programmable Logic Controllers, Remote Terminal Units and Intelligent Electronic Devices. Such devices, which are deployed at the edge of the SCADA infrastructure, directly interface with the physical processes under control. They are often based on embedded systems with limited capabilities and exposed to significant security and safety-related risks, as demonstrated by past incidents such as Stuxnet. However, despite the recognized relevance of those edge devices, they usually lack monitoring mechanisms able to detect device anomalies and/or cyber-physical threats. In this paper we propose a novel approach for stealth monitoring of those control devices, for purposes of security and safety management. This approach builds on cost-effective probes, which we designate as Shadow Security Units (SSU), directly attached to the monitored control devices. This privileged positioning enables the direct and fine-grained observation of both physical inputs/outputs (i.e. the physical processes under control) and network communication flows -- allowing the exploitation of various novel monitoring approaches able to address sophisticated security threats not noticeable otherwise. Moreover, the SSU approach is not limited to SCADA scenarios, being also applicable to similar domains such as the Internet of Things (IoT), Avionics and Self-Driving systems. |
| id |
RCAP_4f1db353a91b130f8c19e428841c06ef |
|---|---|
| oai_identifier_str |
oai:estudogeral.uc.pt:10316/84963 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository_id_str |
https://opendoar.ac.uk/repository/7160 |
| spelling |
A stealth monitoring mechanism for cyber-physical systemsSafety and security monitoringAnomaly detectionSCADAIndustrial Automation and Control SystemsSupervisory Control and Data Acquisition (SCADA) systems, which are often used in several types of Essential Systems and Critical Infrastructures, depend on control devices such as Programmable Logic Controllers, Remote Terminal Units and Intelligent Electronic Devices. Such devices, which are deployed at the edge of the SCADA infrastructure, directly interface with the physical processes under control. They are often based on embedded systems with limited capabilities and exposed to significant security and safety-related risks, as demonstrated by past incidents such as Stuxnet. However, despite the recognized relevance of those edge devices, they usually lack monitoring mechanisms able to detect device anomalies and/or cyber-physical threats. In this paper we propose a novel approach for stealth monitoring of those control devices, for purposes of security and safety management. This approach builds on cost-effective probes, which we designate as Shadow Security Units (SSU), directly attached to the monitored control devices. This privileged positioning enables the direct and fine-grained observation of both physical inputs/outputs (i.e. the physical processes under control) and network communication flows -- allowing the exploitation of various novel monitoring approaches able to address sophisticated security threats not noticeable otherwise. Moreover, the SSU approach is not limited to SCADA scenarios, being also applicable to similar domains such as the Internet of Things (IoT), Avionics and Self-Driving systems.European Commission H2020 ; 700581 - ATENA - Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructuresElsevier2018-10-22info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttps://hdl.handle.net/10316/84963https://hdl.handle.net/10316/84963https://doi.org/10.1016/j.ijcip.2018.10.006eng1874-5482Graveto, VitorRosa, LuisCruz, Tiago José dos Santos Martins daSimões, Pauloinfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2020-02-11T13:37:29Zoai:estudogeral.uc.pt:10316/84963Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-29T05:32:00.696604Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse |
| dc.title.none.fl_str_mv |
A stealth monitoring mechanism for cyber-physical systems |
| title |
A stealth monitoring mechanism for cyber-physical systems |
| spellingShingle |
A stealth monitoring mechanism for cyber-physical systems Graveto, Vitor Safety and security monitoring Anomaly detection SCADA Industrial Automation and Control Systems |
| title_short |
A stealth monitoring mechanism for cyber-physical systems |
| title_full |
A stealth monitoring mechanism for cyber-physical systems |
| title_fullStr |
A stealth monitoring mechanism for cyber-physical systems |
| title_full_unstemmed |
A stealth monitoring mechanism for cyber-physical systems |
| title_sort |
A stealth monitoring mechanism for cyber-physical systems |
| author |
Graveto, Vitor |
| author_facet |
Graveto, Vitor Rosa, Luis Cruz, Tiago José dos Santos Martins da Simões, Paulo |
| author_role |
author |
| author2 |
Rosa, Luis Cruz, Tiago José dos Santos Martins da Simões, Paulo |
| author2_role |
author author author |
| dc.contributor.author.fl_str_mv |
Graveto, Vitor Rosa, Luis Cruz, Tiago José dos Santos Martins da Simões, Paulo |
| dc.subject.por.fl_str_mv |
Safety and security monitoring Anomaly detection SCADA Industrial Automation and Control Systems |
| topic |
Safety and security monitoring Anomaly detection SCADA Industrial Automation and Control Systems |
| description |
Supervisory Control and Data Acquisition (SCADA) systems, which are often used in several types of Essential Systems and Critical Infrastructures, depend on control devices such as Programmable Logic Controllers, Remote Terminal Units and Intelligent Electronic Devices. Such devices, which are deployed at the edge of the SCADA infrastructure, directly interface with the physical processes under control. They are often based on embedded systems with limited capabilities and exposed to significant security and safety-related risks, as demonstrated by past incidents such as Stuxnet. However, despite the recognized relevance of those edge devices, they usually lack monitoring mechanisms able to detect device anomalies and/or cyber-physical threats. In this paper we propose a novel approach for stealth monitoring of those control devices, for purposes of security and safety management. This approach builds on cost-effective probes, which we designate as Shadow Security Units (SSU), directly attached to the monitored control devices. This privileged positioning enables the direct and fine-grained observation of both physical inputs/outputs (i.e. the physical processes under control) and network communication flows -- allowing the exploitation of various novel monitoring approaches able to address sophisticated security threats not noticeable otherwise. Moreover, the SSU approach is not limited to SCADA scenarios, being also applicable to similar domains such as the Internet of Things (IoT), Avionics and Self-Driving systems. |
| publishDate |
2018 |
| dc.date.none.fl_str_mv |
2018-10-22 |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
https://hdl.handle.net/10316/84963 https://hdl.handle.net/10316/84963 https://doi.org/10.1016/j.ijcip.2018.10.006 |
| url |
https://hdl.handle.net/10316/84963 https://doi.org/10.1016/j.ijcip.2018.10.006 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
1874-5482 |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.publisher.none.fl_str_mv |
Elsevier |
| publisher.none.fl_str_mv |
Elsevier |
| dc.source.none.fl_str_mv |
reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia instacron:RCAAP |
| instname_str |
FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| collection |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository.name.fl_str_mv |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| repository.mail.fl_str_mv |
info@rcaap.pt |
| _version_ |
1833602386368659456 |