Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber-physical systems: a security problem

Similar presentations


Presentation on theme: "Cyber-physical systems: a security problem"— Presentation transcript:

1 Cyber-physical systems: a security problem
Miguel Pupo Correia

2 Outline Insecurity in cyber systems
Insecurity in cyber-physical systems Some research Conclusions

3 Insecurity in Cyber systems

4 May 12, 2017: WannaCry 2

5 How did it work? person at company opens an infected (.zip attachment) opens attachment that infects the PC with WannaCry 2 malware infects other PCs exploiting vulnerability in Windows/SMB malware encrypts files, deletes backups, asks for ransom (ransomware)

6 Impact IT Systems Data $$$

7 Insecurity in Cyber-physical systems

8 Cyber-physical systems
IT systems that interact with the physical world, using sensors and actuators Source: datasciencebe.com

9 Impact IT Systems Physical processes People / environment

10 Power generation/distribution
Ukraine, Dec – cyber-attack causes 1.5 hour outage across several regions Used Industroyer/CrashOverRide grid-sabotaging malware

11 Electricity generator
DHS / CNN, Sept. 2007 Researchers who launched an experimental cyber attack caused a generator to self-destruct Attack can be do permanent damage

12 Pacemakers White Scope, June 2017 – Over 8,600 Vulnerabilities Found in Pacemakers researchers from security firm White Scope analyzed 7 pacemaker products from 4 different vendors

13 Some research

14 Replicating critical components
CIS - CRUTIAL Information Switch CIS has N diverse replicas (3 in the figure) Intrusion-tolerant thanks to replication and voting Self-healing thanks to replica rejuvenation

15 Replicating critical components
Replicas are rejuvenated, so % failed time is minimal % of failed time is zero unless the mift becomes less than 1 hour! Analysis made with stochastic models 4 servers minimum inter-failure time the prototype can rejuvenate all replicas in 10 minutes!

16 Trusted service in sensors/actuators
T2Droid - TrustZone-based Trace analyser for anDroid Dynamic analysis of applications to detect malware Protected from malware by leveraging ARM TrustZone untrusted environment T2Droid

17 Trusted service in sensors/actuators
T2Droid analyses the behavior of an apps by observing the calls it makes: API calls and syscalls i.MX53 USB armory

18 conclusion

19 Conclusion Cyber-physical systems are typically safety-critical
Attacks may impact not only data/$$$, but humans / environment Threats are real; attacks are happening Two contributions CIS - CRUTIAL Information Switch T2Droid - TrustZone-based Trace analyser for anDroid

20 Thank you miguel. p. correia@tecnico. ulisboa. pt http://www. gsd
This work was partially supported by national funds through Fundação para a Ciência e a Tecnologia (FCT) with reference UID/CEC/50021/2013 (INESC-ID)


Download ppt "Cyber-physical systems: a security problem"

Similar presentations


Ads by Google