Cyber-physical systems: a security problem

Slides:



Advertisements
Similar presentations
7 Effective Habits when using the Internet Philip O’Kane 1.
Advertisements

Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.
David Flournoy Bit9 Mid-Atlantic Regional Manager
Iron Mountain’s Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.
Cyber crime & Security Prepared by : Rughani Zarana.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Cyber Security Action against cyber crime. What is cyber security?  Cyber security standards are security standards which enable organizations to practice.
WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
1 Figure 1-6: Attacks and Defenses (Study Figure) Access Control  Access control is the body of strategies and practices that a company uses to prevent.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
Towards Secure and Dependable Software-Defined Networks Fernando M. V. Ramos LaSIGE/FCUL, University of Lisbon
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
Vigilante: End-to-End Containment of Internet Worms Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang and Paul Barham.
 What threat assessments are  What vulnerability assessments are  What exploit assessments are.
“How to Protect Yourself”
Sophos Intercept X Matt Cooke – Senior Product Marketing Manager.
Leverage the Cloud to Minimize the Impact of Ransomware
CISOs Guide To Communicating WNCRY.
Executive Director and Endowed Chair
Ilija Jovičić Sophos Consultant.
Development of an Embedded Platform for Secure CPS Services
MadeCR: Correlation-based Malware Detection for Cognitive Radio
Compliance with hardening standards
Cyber Physical Attack Detection
Cyber Security Awareness Workshop
OS Security.
Trends in Ransomware Distribution
Securing Information Systems
Cybersecurity Awareness
4 ways to stay safe online 1. Avoid viruses and phishing scams
A quick look into today’s APTs
Intercept X for Server Early Access Program Sophos Tester
Cyber Security Why You Should Care.
Cyber Security in Ports Business as Usual?
Malware, Phishing and Network Policies
Internet Security Threat Status
Gregory Morton COSC380 February 16, 2011
Intercept X Early Access Program Root Cause Analysis
Role for Electric Sector in Critical Infrastructure Protection R&D
Shifting from “Incident” to “Continuous” Response
Four Generations of Security Devices Putting IDS in Context
OS Security.
The Next Generation Cyber Security in the 4th Industrial Revolution
Secure once, run anywhere Simplify your security with Sophos
The information in this presentation is marked as:
NERC Cyber Security Standard
Ransomware in Web Apps OWASP Singapore.
Top Ten Cyber Security Hygiene Tips
MAT-SU BOROUGH 2018 Cyber Attack.
Security Overview: Honeypots
复杂网络可控性 研究进展 汪秉宏 2014 北京 网络科学论坛.
M.Eng. Alessandro Mancuso Supervisor: Dr. Piotr Żebrowski
Information Protection
Cyber Security For Civil Engineering
OS Security.
Information Protection
Cybersecurity Simplified: Ransomware
Presentation transcript:

Cyber-physical systems: a security problem Miguel Pupo Correia

Outline Insecurity in cyber systems Insecurity in cyber-physical systems Some research Conclusions

Insecurity in Cyber systems

May 12, 2017: WannaCry 2

How did it work? person at company opens an infected email (.zip attachment) opens attachment that infects the PC with WannaCry 2 malware infects other PCs exploiting vulnerability in Windows/SMB malware encrypts files, deletes backups, asks for ransom (ransomware)

Impact IT Systems Data $$$

Insecurity in Cyber-physical systems

Cyber-physical systems IT systems that interact with the physical world, using sensors and actuators Source: datasciencebe.com

Impact IT Systems Physical processes People / environment

Power generation/distribution Ukraine, Dec. 2016 – cyber-attack causes 1.5 hour outage across several regions Used Industroyer/CrashOverRide grid-sabotaging malware

Electricity generator DHS / CNN, Sept. 2007 Researchers who launched an experimental cyber attack caused a generator to self-destruct Attack can be do permanent damage

Pacemakers White Scope, June 2017 – Over 8,600 Vulnerabilities Found in Pacemakers researchers from security firm White Scope analyzed 7 pacemaker products from 4 different vendors

Some research

Replicating critical components CIS - CRUTIAL Information Switch CIS has N diverse replicas (3 in the figure) Intrusion-tolerant thanks to replication and voting Self-healing thanks to replica rejuvenation

Replicating critical components Replicas are rejuvenated, so % failed time is minimal % of failed time is zero unless the mift becomes less than 1 hour! Analysis made with stochastic models 4 servers minimum inter-failure time the prototype can rejuvenate all replicas in 10 minutes!

Trusted service in sensors/actuators T2Droid - TrustZone-based Trace analyser for anDroid Dynamic analysis of applications to detect malware Protected from malware by leveraging ARM TrustZone untrusted environment T2Droid

Trusted service in sensors/actuators T2Droid analyses the behavior of an apps by observing the calls it makes: API calls and syscalls i.MX53 USB armory

conclusion

Conclusion Cyber-physical systems are typically safety-critical Attacks may impact not only data/$$$, but humans / environment Threats are real; attacks are happening Two contributions CIS - CRUTIAL Information Switch T2Droid - TrustZone-based Trace analyser for anDroid

Thank you miguel. p. correia@tecnico. ulisboa. pt http://www. gsd This work was partially supported by national funds through Fundação para a Ciência e a Tecnologia (FCT) with reference UID/CEC/50021/2013 (INESC-ID)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.