The increasing penetration of cyber systems into smart grids has resulted in these grids being more vulnerable to cyber physical attacks. The central challenge of higher order cyber-physical contingency analysis is the exponential blow-up of the attack surface due to a large number of attack vectors. This gives rise to computational challenges in devising efficient attack mitigation strategies. However, a system operator can leverage private information about the underlying network to maintain a strategic advantage over an adversary equipped with superior computational capability and situational awareness. In this work, we examine the following scenario: A malicious entity intrudes the cyber-layermore »
CYBER-PHYSICAL SECURITY OF AIR TRAFFIC SURVEILLANCE SYSTEMS
Cyber-physical system security is a significant concern in the critical infrastructure.
Strong interdependencies between cyber and physical components
render cyber-physical systems highly susceptible to integrity
attacks such as injecting malicious data and projecting fake sensor measurements.
Traditional security models partition cyber-physical systems
into just two domains – high and low. This absolute partitioning is
not well suited to cyber-physical systems because they comprise multiple
overlapping partitions. Information flow properties, which model
how inputs to a system affect its outputs across security partitions,
are important considerations in cyber-physical systems. Information
flows support traceability analysis that helps detect vulnerabilities and
anomalous sources, contributing to the implementation of mitigation
measures.
This chapter describes an automated model with graph-based information
flow traversal for identifying information flow paths in the
Automatic Dependent Surveillance-Broadcast (ADS-B) system used in
civilian aviation, and subsequently partitioning the flows into security
domains. The results help identify ADS-B system vulnerabilities to
failures and attacks, and determine potential mitigation measures.
- Award ID(s):
- 1837472
- Publication Date:
- NSF-PAR ID:
- 10189011
- Journal Name:
- Critical Infrastructure Protection XIV
- Page Range or eLocation-ID:
- 207-226
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Security of machine learning is increasingly becoming a major concern due to the ubiquitous deployment of deep learning in many security-sensitive domains. Many prior studies have shown external attacks such as adversarial examples that tamper the integrity of DNNs using maliciously crafted inputs. However, the security implication of internal threats (i.e., hardware vulnerabilities) to DNN models has not yet been well understood. In this paper, we demonstrate the first hardware-based attack on quantized deep neural networks–DeepHammer–that deterministically induces bit flips in model weights to compromise DNN inference by exploiting the rowhammer vulnerability. DeepHammer performs an aggressive bit search in themore »
-
Cyber-physical systems are vulnerable to a variety of cyber, physical and cyber-physical attacks. The security of cyber-physical systems can be enhanced beyond what can be achieved through firewalls and trusted components by building trust from observed and/or expected behaviors. These behaviors can be encoded as invariants. Information flows that do not satisfy the invariants are used to identify and isolate malfunctioning devices and cyber intrusions. However, the distributed architectures of cyber-physical systems often contain multiple access points that are physically and/or digitally linked. Thus, invariants may be difficult to determine and/or computationally prohibitive to check in real time. Researchers havemore »
-
Access control and information flow are the two building blocks in the design of secure software. Of the two, access control seems ubiquitous, being widely used in operating systems, databases, firewalls, servers, web applications, and so on. The successes of information flow seem less obvious, and its benefits and potential underappreciated. Yet, when it comes to defending against malicious code, access control based defenses have proved susceptible to evasion, or they end up being so restrictive as to interfere with legitimate use. In this talk, I will argue that defenses based on information flow can be more discerning, as theymore »
-
Privilege separation is an effective technique to improve software security. However, past partitioning systems do not allow programmers to make quantitative tradeoffs between security and performance. In this paper, we describe our toolchain called PM. It can automatically find the optimal boundary in program partitioning. This is achieved by solving an integer-programming model that optimizes for a user-chosen metric while satisfying the remaining security and performance constraints on other metrics. We choose security metrics to reason about how well computed partitions enforce information flow control to: (1) protect the program from low-integrity inputs or (2) prevent leakage of program secrets.more »