Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber-physical systems: a security problem

Published byMaximilian Fisher Modified over 7 years ago

Similar presentations

Presentation on theme: "Cyber-physical systems: a security problem"— Presentation transcript:

1 Cyber-physical systems: a security problem
Miguel Pupo Correia

2 Outline Insecurity in cyber systems
Insecurity in cyber-physical systems Some research Conclusions

3 Insecurity in Cyber systems

4 May 12, 2017: WannaCry 2

5 How did it work? person at company opens an infected (.zip attachment) opens attachment that infects the PC with WannaCry 2 malware infects other PCs exploiting vulnerability in Windows/SMB malware encrypts files, deletes backups, asks for ransom (ransomware)

6 Impact IT Systems Data $$$

7 Insecurity in Cyber-physical systems

8 Cyber-physical systems
IT systems that interact with the physical world, using sensors and actuators Source: datasciencebe.com

9 Impact IT Systems Physical processes People / environment

10 Power generation/distribution
Ukraine, Dec – cyber-attack causes 1.5 hour outage across several regions Used Industroyer/CrashOverRide grid-sabotaging malware

11 Electricity generator
DHS / CNN, Sept. 2007 Researchers who launched an experimental cyber attack caused a generator to self-destruct Attack can be do permanent damage

12 Pacemakers White Scope, June 2017 – Over 8,600 Vulnerabilities Found in Pacemakers researchers from security firm White Scope analyzed 7 pacemaker products from 4 different vendors

13 Some research

14 Replicating critical components
CIS - CRUTIAL Information Switch CIS has N diverse replicas (3 in the figure) Intrusion-tolerant thanks to replication and voting Self-healing thanks to replica rejuvenation

15 Replicating critical components
Replicas are rejuvenated, so % failed time is minimal % of failed time is zero unless the mift becomes less than 1 hour! Analysis made with stochastic models 4 servers minimum inter-failure time the prototype can rejuvenate all replicas in 10 minutes!

16 Trusted service in sensors/actuators
T2Droid - TrustZone-based Trace analyser for anDroid Dynamic analysis of applications to detect malware Protected from malware by leveraging ARM TrustZone untrusted environment T2Droid

17 Trusted service in sensors/actuators
T2Droid analyses the behavior of an apps by observing the calls it makes: API calls and syscalls i.MX53 USB armory

18 conclusion

19 Conclusion Cyber-physical systems are typically safety-critical
Attacks may impact not only data/$$$, but humans / environment Threats are real; attacks are happening Two contributions CIS - CRUTIAL Information Switch T2Droid - TrustZone-based Trace analyser for anDroid

20 Thank you miguel. p. correia@tecnico. ulisboa. pt http://www. gsd
This work was partially supported by national funds through Fundação para a Ciência e a Tecnologia (FCT) with reference UID/CEC/50021/2013 (INESC-ID)

Download ppt "Cyber-physical systems: a security problem"

Similar presentations

7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.

Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
Iron Mountain’s Email Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.

Iron Mountain’s Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.

Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.

Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.
Cyber crime & Security Prepared by : Rughani Zarana.

Cyber crime & Security Prepared by : Rughani Zarana.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Cyber Security Action against cyber crime. What is cyber security?  Cyber security standards are security standards which enable organizations to practice.

Cyber Security Action against cyber crime. What is cyber security?  Cyber security standards are security standards which enable organizations to practice.
WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.

WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.
Intrusion Detection Systems. 1980-Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
1 Figure 1-6: Attacks and Defenses (Study Figure) Access Control  Access control is the body of strategies and practices that a company uses to prevent.

1 Figure 1-6: Attacks and Defenses (Study Figure) Access Control  Access control is the body of strategies and practices that a company uses to prevent.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.

©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.

Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.

Similar presentations

Ads by Google