System Aware Cyber Security NDIA Barry Horowitz University of Virginia February, 2013 1 Sponsor: DoD, through the Stevens Institute”s SE Research Center.

Slides:



Advertisements
Similar presentations
Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Advertisements

DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.
Distribution Statement A: Approved for Public Release; Distribution is unlimited. 1 Electronic Warfare Information Operations 29 MAR 2011 Val O’Brien.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
MotoHawk Training Model-Based Design of Embedded Systems.
Systems Engineering in a System of Systems Context
Azad Madni Professor Director, SAE Program Viterbi School of Engineering Platform-based Engineering: Rapid, Risk-mitigated Development.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
(Geneva, Switzerland, September 2014)
VPN Extension Requirements for Private Clouds draft-so-vepc-00.txt.
Presented to: MPAR Working Group By: William Benner, Weather Processors Team Manager (AJP-1820), FAA Technical Center Date: 19 March 2007 Federal Aviation.
WORKFLOWS IN CLOUD COMPUTING. CLOUD COMPUTING  Delivering applications or services in on-demand environment  Hundreds of thousands of users / applications.
TEST CASE DESIGN Prepared by: Fatih Kızkun. OUTLINE Introduction –Importance of Test –Essential Test Case Development A Variety of Test Methods –Risk.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Sanbolic Enabling the Always-On Enterprise Company Overview.
C4ISR via OA Mike Danjczek November, 2014 Copyright GTS 2014.
A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,
© Siemens AG, CT SE 1, Dr. A. Ulrich C O R P O R A T E T E C H N O L O G Y Research at Siemens CT SE Software & Engineering Development Techniques.
CSCE 548 Secure Software Development Risk-Based Security Testing.
Annual SERC Research Review, October 5-6, By Jennifer Bayuk Annual SERC Research Review October 5-6, 2011 University of Maryland Marriott Inn and.
CybAIRVision® Next generation of Cyber-attacks : “Air Operations cyber intrusion detection”
Systems and Information Engineering: Departmental Overview.
APC InfraStruxure TM Central Smart Plug-In for HP Operations Manager Manage Power, Cooling, Security, Environment, Rack Access and Physical Layer Infrastructure.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.
CSIAC is a DoD Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC) Presentation to: Insider Threat SOAR Workshop.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Panel Three - Small Businesses: Sustaining and Growing a Market Presence Open Interfaces and Market Penetration Protecting Intellectual Innovation and.
Presentation of projects’ ideas. 1. Madrid Network “A public-private network which aim is to contibute actively to position Madrid Region in the top.
The Architecture Lecture September 2006 Cem Kaner CSE 1001.
System-Aware Cyber Security Architecture Rick A. Jones October, 2011.
Active Security Ryan Hand, Michael Ton, Eric Keller.
Introduction Complex and large SW. SW crises Expensive HW. Custom SW. Batch execution Structured programming Product SW.
Secure Sensor Data/Information Management and Mining Bhavani Thuraisingham The University of Texas at Dallas October 2005.
© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.
Parallel and Distributed Simulation Introduction and Motivation.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
Lach1MAPLD 2005/241 Accessible Formal Verification for Safety-Critical FPGA Design John Lach, Scott Bingham, Carl Elks, Travis Lenhart Charles L. Brown.
Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks
CprE 458/558: Real-Time Systems
March 2004 At A Glance NASA’s GSFC GMSEC architecture provides a scalable, extensible ground and flight system approach for future missions. Benefits Simplifies.
23 July 2003 PM-ITTS TSMOTSMO Information Assessment Test Tool (IATT) for IO/IW Briefing by: Darrell L Quarles Program Director U.S. Army Threat Systems.
31 March 2009 MMI OntDev 1 Autonomous Mission Operations for Sensor Webs Al Underbrink, Sentar, Inc.
Cognitive Radio: Next Generation Communication System
Cybersecurity for Computer- Controlled Physical Systems System-Aware Cybersecurity Barry Horowitz University of Virginia September
Cybersecurity for UAS Systems System-Aware Cybersecurity Barry Horowitz University of Virginia November 2015.
© 2014 IBM Corporation Does your Cloud have a Silver Lining ? The adoption of Cloud in Grid Operations of Electric Distribution Utilities Kieran McLoughlin.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
Emerging and Evolving Cyber Threats Require Sophisticated Response and Protection Capabilities  Advanced Algorithms  Cyber Attack Detection and Machine.
DISTRIBUTION STATEMENT A -- Cleared for public release by OSR on 08 October SR case number #11-S-0041 applies. 13 th Annual NDIA SE Conf Oct 2010.
DISTRIBUTION STATEMENT A -- Cleared for public release by OSR on 08 October SR case number #11-S-0041 applies. 13 th Annual NDIA SE Conf Oct 2010.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.
Towards Secure and Dependable Software-Defined Networks Fernando M. V. Ramos LaSIGE/FCUL, University of Lisbon
ARTEMIS SRA 2016 Trust, Security, Robustness, and Dependability Dr. Daniel Watzenig ARTEMIS Spring Event, Vienna April 13, 2016.
SRA 2016 – Strategic Research Challenges Design Methods, Tools, Virtual Engineering Jürgen Niehaus, SafeTRANS.
Machine Reasoning and Learning Workshops III and IV Kickoff Wen Masters Office of Naval Research Code 311 (703)
11/03/2016.
CSCE 548 Secure Software Development Risk-Based Security Testing
SENSOR FUSION LAB RESEARCH ACTIVITIES PART II: SIGNAL/IMAGE PROCESSING AND NETWORKING Sensor Fusion Lab, Department of Electrical Engineering and.
Wenjing Lou Complex Networks and Security Research (CNSR) Lab
The University of Adelaide, School of Computer Science
Matteo Merialdo RHEA Group Innovative aspects in cyber range solutions.
Cybersecurity EXERCISE (CE) ATD Scenario questions
Cyber Security of SCADA Systems Remote Terminal Units (RTU)
Presentation transcript:

System Aware Cyber Security NDIA Barry Horowitz University of Virginia February, Sponsor: DoD, through the Stevens Institute”s SE Research Center

System Aware Cyber Security Research is in its 3 rd Year Today‘s discussion focused on: Classes of Solutions (Design Patterns) Initial Prototype Implementation for an Autonomous Surveillance System 2

Broad Objective Reversing cyber security asymmetry from favoring our adversaries (small investment in straight forward cyber exploits upsetting major system capabilities), to favoring the US (small investments for protecting the most critical system functions using System Aware cyber security solutions that require very complex and high cost exploits to defeat) 3

Broad Objective Reversing cyber security asymmetry from favoring our adversaries (small investment in straight forward cyber exploits upsetting major system capabilities), to favoring the US (small investments for protecting the most critical system functions using System Aware cyber security solutions that require very complex and high cost exploits to defeat) Focus on Defense Against Exploits that Impact System Performance (e.g., Data Corruption, Functional Degradation, System Latencies) 4

System Aware Cyber Security Operates at the system application-layer, For security inside of the network and perimeter protection provided for the whole system Directly protects the most critical system functions Solutions are embedded within the protected functions Addresses supply chain and insider threats Includes physical systems as well as information systems Solution-space consists of reusable design patterns, reducing unnecessary duplications of design and evaluation efforts Design Patterns can be implemented in a super secure programmable Sentinel (S3) 5

System-Aware Cyber Security Architecture System-Aware Cyber Security Architectures combine design techniques from 3 communities – Cyber Security – Fault-Tolerant Systems – Automatic Control Systems The System-Aware solution designers need to come from the communities related to system design and system engineering, providing a new orientation to complement the established approaches of the information assurance community

A Set of Techniques Utilized in System-Aware Security Cyber Security *Data Provenance *Moving Target ( Virtual Control for Hopping) *Forensics Automatic Control *Physical Control for Configuration Hopping (Moving Target, Restoral) *State Estimation Techniques (Data Integrity) *System Identification (Data Integrity, Restoral) Fault-Tolerance *Diverse Redundancy (DoS, Automated Restoral) *Redundant Component Voting (Data Integrity, Restoral)

A Set of Techniques Utilized in System-Aware Security Cyber Security *Data Provenance *Moving Target ( Virtual Control for Hopping) *Forensics Automatic Control *Physical Control for Configuration Hopping (Moving Target, Restoral) *State Estimation (Data Integrity) *System Identification (Tactical Forensics, Restoral) Fault-Tolerance *Diverse Redundancy (DoS, Automated Restoral) *Redundant Component Voting (Data Integrity, Restoral) This combination of solutions requires adversaries to: Understand the details of how the targeted systems actually work

A Set of Techniques Utilized in System-Aware Security Cyber Security *Data Provenance *Moving Target ( Virtual Control for Hopping) *Forensics Automatic Control *Physical Control for Configuration Hopping (Moving Target, Restoral) *State Estimation (Data Integrity) *System Identification (Tactical Forensics, Restoral) Fault-Tolerance *Diverse Redundancy (DoS, Automated Restoral) *Redundant Component Voting (Data Integrity, Restoral) This combination of solutions requires adversaries to: Understand the details of how the targeted systems actually work Develop synchronized, distributed exploits consistent with how the attacked system actually works

A Set of Techniques Utilized in System-Aware Security Cyber Security *Data Provenance *Moving Target ( Virtual Control for Hopping) *Forensics Automatic Control *Physical Control for Configuration Hopping (Moving Target, Restoral) *State Estimation (Data Integrity) *System Identification (Tactical Forensics, Restoral) Fault-Tolerance *Diverse Redundancy (DoS, Automated Restoral) *Redundant Component Voting (Data Integrity, Restoral) This combination of solutions requires adversaries to: Understand the details of how the targeted systems actually work Develop synchronized, distributed exploits consistent with how the attacked system actually works Corrupt multiple supply chains

Integration of Fault Tolerance, Automatic Control and Information Assurance What’s Different for each technology community – Fault Tolerance Asymmetric attacks vs random failures Synchronized dependent attacks on system components vs random coupling of independent failures Time varying, situation-related, attacks vs random intermittent failures Need to adjust detection criteria based upon pre-mission intelligence and other a priori information regarding attack – Automatic Control High rates of system reconfiguration (configuration hopping) Roles of the operator – Information Assurance System Aware solutions Collateral, system-specific, performance impacts of embedded security solutions Plus: – Require secure implementation of solutions

Design Patterns Being Prototyped Diverse Redundancy for post-attack restoration Diverse Redundancy + Verifiable Voting for trans-attack attack deflection Physical Configuration Hopping for moving target defense Virtual Configuration Hopping for moving target defense Data Consistency Checking for data integrity and operator display protection Parameter Assurance for parameter controlled SW functions System Restoration using diverse redundancy 12

Design Patterns Being Prototyped Diverse Redundancy for post-attack restoration Diverse Redundancy + Verifiable Voting for trans-attack attack deflection Physical Configuration Hopping for moving target defense Virtual Configuration Hopping for moving target defense Data Consistency Checking for data integrity and operator display protection Parameter Assurance for parameter controlled system functions System Restoration using diverse redundancy As new applications are addressed, new design patterns will emerge, leading to an expanding library for reuse

CASE 1: SHIP CONTROL SYSTEM FOR PHYSICAL PLANT “A System-Aware Cyber Security Method for Shipboard Control Systems”- Accepted for 2012 IEEE Homeland Security Conference Guy L. Babineau Northrop Grumman Naval & Marine Systems Division Rick A. Jones and Barry Horowitz University of Virginia Department of Systems and Information Engineering 14

Block Diagram Illustrating the Current System Architecture 15

System-Aware Security Solution 16

17

18

CASE 2: DYNAMIC SYSTEM MODELS AND STATE ESTIMATION TECHNOLOGY FOR DATA INTEGRITY AND OPERATOR DISPLAY ATTACKS Barry M. Horowitz, Katherine Pierce, Application of Diversely Redundant Designs, Dynamic System Models and State Estimation Technology to the Cyber Security of Physical Systems, Systems Engineering, Volume 16, No. 3,

The Problem Being Addressed Highly automated physical system Operator monitoring function, including criteria for human over-ride of the automation Critical system states for both operator observation and feedback control – consider as least trusted from cyber security viewpoint Other measured system states – consider as more trusted from cyber security viewpoint CYBER ATTACK: Create a problematic outcome by disrupting human display data and/or critical feedback control data. 20

Protected Physical System System Operator Information Consistency Checking Information Consistency Checking Cyber Attack Alerts and Responses State Estimator 1 Diversely Redundant State Estimator 2 Applicable Subsystems and Users Simplified Block Diagram for Inference-Based Data Integrity Detection System 21

Simulated System Output Based Upon Controller Attack 22

Simulated Regulator Attack True Monitored State Operator Observed State Inferred Monitored State Δ in Operator and Inferred States 23

Case 3: Parameter Assurance 24

Parameters in Systems Parameters control how systems function – for instance: – Detection Thresholds For example, target detection for Active sensors (Radar), Passive sensors (SIGINT), impacting missed detection/false alarm performance – Decision Thresholds Tactical: Satellite time-to-collision decision time, impacting timing for taking action; obstacle avoidance threshold before taking action Strategic: Mission Planning System mission timing parameters – Flight control boundary values For example, artificial bounds on accelerations, altitude – Navigation Waypoints – Tracking algorithm parameters determine sensitivity and latencies for position/velocity estimates relative to timing of accelerations – Communication system mode parameters, impacting QOS 25

Parameters in Systems Parameters control how systems function – for instance: – Detection Thresholds For example, target detection for Active sensors (Radar), Passive sensors (SIGINT), impacting missed detection/false alarm performance – Decision Thresholds Tactical: Satellite time-to-collision decision time, impacting timing for taking action; obstacle avoidance threshold before taking action Strategic: Mission Planning System mission timing parameters – Flight control boundary values For example, artificial bounds on accelerations, altitude – Navigation Waypoints – Tracking algorithm parameters determine sensitivity and latencies for position/velocity estimates relative to timing of accelerations – Communication system mode parameters, impacting QOS Parameter tables provide an organized means for changing parameters and a high leverage opportunity for exploits 26

Parameter Assurance Design Pattern Parameter change detection – Case 1: Exploit changes values in a parameter table - Monitor parameter tables and operator actions to determine if an automated change occurred – Case 2: Embedded exploit over-rides table parameter values as part of its execution - Monitor computer-derived decisions and data that led to the derived decisions to estimate the corresponding parameter that caused the result, and compare to parameter table value Parameter restoration (complex process/simplified explanation) – Reverse parameter value – Inhibit responsive change-back – Inform appropriate operator(s) 27

Sentinel Concept for Monitoring Critical System Functions 28

Example: Autonomous Surveillance Platform Protection 29

Sentinel with Low Scale, More Securable SW and HW Our research to-date indicates that: – Monitoring functions require limited processing capacity and small computer programs – Voting requires limited processing and small computer programs – The timing and synchronization factors for monitoring and control functions are not demanding – The functions of a Sentinel can be distributed across many small, diverse redundant machines 30

Sentinel with Low Scale, More Securable SW and HW Our research to-date indicates that: – Monitoring functions require limited processing capacity and small computer programs – Voting requires limited processing and small computer programs – The timing and synchronization factors for monitoring and control functions are not demanding – The functions of a Sentinel can be distributed across many small, diverse redundant machines The securing of the Sentinel can use security techniques that may not be practical for large system application, but can potentially be suitable for a low-scale application as represented by the System-Aware Sentinel 31

Example: Autonomous Surveillance Platform Protection Config. hopping Diverse redundancy Port Hopping Dedicated voting processing SW power utilization fingerprint SW CPU and memory usage fingerprint For Security Control Only Spread Spectrum Waveform Low Data Rate 32

Super Secure Sentinel (S3) Design Concept 33

High Level Architectural Overview System to be Protected Sentinel Providing System-Aware Security Internal Measurements Outputs Internal Controls 34

Sentinel Data Flow 35 Switchable Diversely Redundant Components Switchable Diversely Redundant Components

Possible Sentinel HW/SW Architectures Footprint sensitive programmable family of HW with support SW for different types of programmable features: – Virtual hopping, – Physical hopping, – SW signature analysis, – Diverse redundancy (HW and SW) IaaS-based Sentinel (Sentinel as a Service) for systems which are not seriously constrained by footprint limits, using private Cloud technology for agility and flexibility – Virtual hopping (within a Cloud-based Sentinel) – Diversity for critical Cloud components (e.g., diverse Hypervisors) – Hopping across geographically dispersed Private Clouds Certified Sentinels 36

Integrating System-of-Systems Security 37 Perimeter Monitor(s) System 1 Sentinel Network Monitor(s) System 2 Sentinel System 3 Sentinel System “n” Sentinel

Going Forward UVA/GTRI are developing the operational prototype – For emulation this year – For field testing next year UVA is refining & adding to our concepts and evaluations for Operator in the loop part of the System-Aware Cyber Security approach Architecture decision support tools for selecting cost-effective System Aware solutions Need new application cases resulting in new Design Patterns – Command and Control systems – Big Data Systems Expand efforts on the S3 Sentinel and alternate implementation approaches, including private Cloud-based approaches Need to get industry engaged, to: – Pursue applications – Create design patterns and implementations – Integrate their Systems Groups and their IA Groups for System-Aware Security applications 38

Publications B. M. Horowtiz and K. M. Pierce, The integration of diversely redundant designs, dynamic system models, and state estimation technology to the cyber security of physical systems, Systems Engineering, Volume 16, No. 3 (2013) R. A. Jones and B. M. Horowitz, A system-aware cyber security architecture, Systems Engineering, Volume 15, No. 2 (2012), J. L. Bayuk and B. M. Horowitz, An architectural systems engineering methodology for addressing cyber security, Systems Engineering 14 (2011), G. L. Babineau, R. A. Jones, and B. M. Horowitz, A system-aware cyber security method for shipboard control systems, 2012 IEEE International Conference on Technologies for Homeland Security (HST), 2012 R.A. Jones, T.V. Nguyen, and B.M. Horowitz, System-Aware security for nuclear power systems, 2011 IEEE International Conference on Technologies for Homeland Security (HST), 2011, pp R. A. Jones and B. M. Horowitz, System-Aware cyber security, itng, 2011 Eighth International Conference on Information Technology: New Generations, 2011, pp

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.