Integrated Simulation and Emulation Platform for Cyber-Physical System Security Experimentation Wei Yan, Yuan Xue, Xiaowei Li, Jiannian Weng, Timothy Busch,

Slides:

Advertisements

Similar presentations

TRUST for SCADA: A Simulation-based Experimental Platform

Advertisements

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.

1 GENI: Global Environment for Network Innovations Jennifer Rexford Princeton University

Attacks on Three Tank System Three Tank System Testing Model-Based Security Features Experimental Platform for Model-Based Design of Embedded Systems Matt.

1 GENI: Global Environment for Network Innovations Jennifer Rexford On behalf of Allison Mankin (NSF)

A Model-Driven Framework for Architectural Evaluation of Mobile Software Systems George Edwards Dr. Nenad Medvidovic Center.

Anthony Trinh and Rich Zieminski Department of Computer Science, Columbia University { akt2105, rez2107

CASE Tools CIS 376 Bruce R. Maxim UM-Dearborn. Prerequisites to Software Tool Use Collection of useful tools that help in every step of building a product.

1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.

MOBIES Project Progress Report Engine Throttle Controller Design Using Multiple Models of Computation Edward Lee Haiyang Zheng with thanks to Ptolemy Group.

Draft-li-rtgwg-cc-igp-arch-00IETF 88 RTGWG1 An Architecture of Central Controlled Interior Gateway Protocol (IGP) draft-li-rtgwg-cc-igp-arch-00 Zhenbin.

Annarita Giani, UC Berkeley Bruno Sinopoli & Aakash Shah, Carnegie Mellon University Gabor Karsai & Jon Wiley, Vanderbilt University TRUST 2008 Autumn.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Tcipg.org 1 An Alert Buffer Overflow Attack in DNP3 Controlled SCADA Systems Objectives/Problem Investigate a simple but effective attack to block legitimated.

TRUST, Autumn 2010 Conference, November 10-11, 2010 Simulation of Network Attacks on SCADA Systems Rohan Chabukswar, Bruno Sinopoli, Gabor Karsai, Annarita.

Control Over WirelessHART Network S. Han, X. Zhu, Al Mok University of Texas at Austin M. Nixon, T. Blevins, D. Chen Emerson Process Management.

Redes Inalámbricas Máster Ingeniería de Computadores 2008/2009 Tema 7.- CASTADIVA PROJECT Performance Evaluation of a MANET architecture.

1 GAIA VoIP traffic generator and analyzer Presentation by Amrut Bang Ashish Deshpande Vijay Gabale Santosh Patil Sponsored by GS Lab Pvt. Ltd Pune Institute.

Multiple Autonomous Ground/Air Robot Coordination Exploration of AI techniques for implementing incremental learning. Development of a robot controller.

This work was supported by the TRUST Center (NSF award number CCF ) Background Assurance of system stability is of paramount importance in every.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

HPC use in Testing Ad Hoc Wireless Sensor Networks

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

Yuan Xue Vanderbilt University

This work was supported by the TRUST Center (NSF award number CCF ) Introduction Since public utilities must rely on the internet, they are vulnerable.

Co-design Environment for Secure Embedded Systems Matt Eby, Janos L. Mathe, Jan Werner, Gabor Karsai, Sandeep Neema, Janos Sztipanovits, Yuan Xue Institute.

BLU-ICE and the Distributed Control System Constraints for Software Development Strategies Timothy M. McPhillips Stanford Synchrotron Radiation Laboratory.

A Web-based Distributed Simulation System Christopher Taewan Ryu Computer Science Department California State University, Fullerton.

National Science Foundation Directorate for Computer & Information Science & Engineering (CISE) Trustworthy Computing and Transition to Practice Secure.

Polymorphous Computing Architectures Run-time Environment And Design Application for Polymorphous Technology Verification & Validation (READAPT V&V) Lockheed.

Sample Presentation Headline REPRESENTATIVE SUBHEAD TO SUPPORT SUBJECT Presenter’s Name Presenter’s Title Presentation Date DeterLab A Tool for Cybersecurity.

TRUST : Team for Research in Ubiquitous Secure Technology National Science Foundation Site Visit February 24-26, 2009 │Berkeley, California Health Infrastructures.

This poster has been developed with support from the CATIIS project Program doctoral interregional și transnațional de excelență în domeniile “Calculatoare.

23 July 2003 PM-ITTS TSMOTSMO Information Assessment Test Tool (IATT) for IO/IW Briefing by: Darrell L Quarles Program Director U.S. Army Threat Systems.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

A Software Framework for Distributed Services Michael M. McKerns and Michael A.G. Aivazis California Institute of Technology, Pasadena, CA Introduction.

ICN Baseline Scenarios draft-pentikousis-icn-scenarios-04 K. Pentikousis (Ed.), B. Ohlman, D. Corujo, G. Boggia, G. Tyson, E. Davies, P. Mahadevan, S.

Performance Validation of Mobile IP Wireless Networks Presented by Syed Shahzad Ali Advisor Dr. Ravi Pendse.

Network design Topic 6 Testing and documentation.

1 Wide Area Network Emulation on the Millennium Bhaskaran Raman Yan Chen Weidong Cui Randy Katz {bhaskar, yanchen, wdc, Millennium.

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

Integrating Security Modeling in Embedded System Design Jan Werner, Matt Eby, Janos Mathe, Gabor Karsai, Yuan Xue, Janos Sztipanovits Institute for Software.

Software Engineering Chapter: Computer Aided Software Engineering 1 Chapter : Computer Aided Software Engineering.

(MRC) 2 These slides are not approved for public release Resilient high-dimensional datacenter 1 Control Plane: Controllers and Switches.

THE IMPACT OF OSPF ROUTING ON MILITARY MANETS BY ROCCO LUPOI UNDER THE GUIDANCE OF DR. GRANT WIGLEY THESIS - BACHELOR OF COMPUTER SCIENCE (HONOURS) - LHIS.

Goals The DNP3 protocol is widely used in electrical power systems as a means of communicating observed sensor state information back to a control center.

Use Network Simulator (NS) to setup test topologies on DETER testbed. Run experiments varying the gain and stability to determine control signal effectiveness.

4+1 View Model of Software Architecture

CPS Integration - Jia Bai Effective interaction -> understand the interaction between the control system and the communication network Secured communication.

Integration Science Of Networked System Introduction ARO Site Visit Yuan Xue EECS/ISIS Vanderbilt University.

Yuan Xue Vanderbilt University WISE 2010 Assessing Security of Cyber-Physical Systems.

Institute for Software Integrated Systems Vanderbilt University A Model-based Framework for Compositional Design of Cyber-Physical Systems Xenofon Koutsoukos.

Institute for Software Integrated Systems Vanderbilt University Virtual Prototyping Test Bed for CPS Janos Sztipanovits Institute for Software Integrated.

February 11, 2016 Center for Hybrid and Embedded Software Systems Organization Faculty Edward A. Lee, EECS Alberto Sangiovanni-Vincentelli,

MicroGrid Update & A Synthetic Grid Resource Generator Xin Liu, Yang-suk Kee, Andrew Chien Department of Computer Science and Engineering Center for Networked.

ARTEMIS SRA 2016 Trust, Security, Robustness, and Dependability Dr. Daniel Watzenig ARTEMIS Spring Event, Vienna April 13, 2016.

1 Scalability and Accuracy in a Large-Scale Network Emulator Nov. 12, 2003 Byung-Gon Chun.

Testbed for Medical Cyber-Physical Systems

Integrating Security Modeling in Embedded System Design

Dimitri Papadimitriou (ALB)

Retargetable Model-Based Code Generation in Ptolemy II

Resources and Schedule

Matteo Merialdo RHEA Group Innovative aspects in cyber range solutions.

Comparison to existing state of security experimentation

Agenda The current Windows XP and Windows XP Desktop situation

Presentation transcript:

Integrated Simulation and Emulation Platform for Cyber-Physical System Security Experimentation Wei Yan, Yuan Xue, Xiaowei Li, Jiannian Weng, Timothy Busch, Janos Sztipanovits Vanderbilt University HiCoNS 2012

Security Issues of CPS Trustworthiness of software and hardware for cyber- physical systems is an essential concern. Existing systems are built without sufficiently formalized and analyzed properties and guarantees. –Such inadequacies in the system design phase can lead to catastrophic consequences in operations. As CPS become more complex it becomes more challenging to formally analyze the performance, stability, safety and security properties of their behaviors. There is a pressing need to evaluate both cyber- and physical systems together and holistically

Security Assessment Tool and Experiment Environment Evaluation of CPS security requires a sophisticated modeling and simulation, experiment infrastructure that allows for the concurrent modeling, simulation and evaluation of –the CPS system architecture (advanced system-of-systems modeling) –Running environment (scenario modeling and generation) –Attack scenario (threat modeling and generation) This requires the integration at two levels –Run-time: integration of multiple tools/environment Simulation, emulation, real testbed so that they can interact in a coordinated way –Modeling: model integration Rapid configuration/deployment

Current Solutions ToolTypeCapacityLimitation Truetime in Matlab/Simulink, Modelica, Ptolemy Control system modeling and simulation environment Model complex control algorithms Limited support for network simulation Ns-2, OMNet++Network simulation environment Packet-level simulation of network protocol stack Limited in control system modeling and design PiccSIM, ModelSim, NCSWT[HSCC’12] Integrated modeling and simulation environment of both control and network systems Model control system dynamics and simulate network behavior simultaneously Lack of realistic network accuracy and operating system level details.

Our Approach: iSEE Integrating network emulation environment with control system simulation environment –Greater realism and accuracy with truthful protocol implementation and real network traffic delivery –Providing a computing platform where prototypes of software components can be deployed

Our Approach: iSEE Two major components –The modeling environment for system specification and experiment configuration. System model of CPS Security experiment scenario configuration –Run-time environment that supports experiment execution: Network emulation platform: DETERlab: large number of tools available for emulate network attacks

iSEE Overall Framework Topology Model Network Interaction Model Modeling Environment Model Interpreter Run-Time Environment TCL script Configuration/Control Environment Host Assignmen t DETERlab Emulation Environment NCSWT Simulation Environment … Tap Client EmuGateway Federate RTI Simulink Federate Tap Client Tap Serve r Federates Involving network communication … Network File System Network Application Code Deployment Model

Network Deployment Model Meta-Model Model

Network Interaction Model Meta-Model Model

Network Topology Model Meta-Model Model

iSEE Run-time Environment RTI Matlab/ Simulink Federate Emulation Gateway Federate Time Synchronization Data Communication Emulation Host Time Synchronization Data Communication Simulation Environment Emulation Environment

iSEE Implementation Architecture EmuGateway Federate Emulation Host for Plant Emulation Host for Controller Simulation Environment Emulation Environment RTI HostMap NodeName: HostIP TapClient RecvCommand SendImage Time Converter HostMap Task buffer TapClient SendCommand RecvImage Time Converter HostMap Task buffer TCP UDP UAV Federate ControlStation Federate TapServer Interaction Handler

Experiment Setup

Accuracy: comparison with NCSWT NCSWT iSEE Reference

NCS WindTunnel [HSCC 2012] Code/demo:

Impact of Security Attacks 10%20%30% Plots of UAV trajectory for various packet loss rate

Summary and Demo iSEE: an integrated simulation and emulation platform for cyber-physical system security experimentation For more info: Acknowledgments U.S. Army Research Office and Lockheed Martin (W911NF ) NSF TRUST Science and Technology Center (CCF ) National Science Foundation (NSF) Grants OCI Air Force Research Lab