Download presentation
Presentation is loading. Please wait.
1
Cyber-physical systems: a security problem
Miguel Pupo Correia
2
Outline Insecurity in cyber systems
Insecurity in cyber-physical systems Some research Conclusions
3
Insecurity in Cyber systems
4
May 12, 2017: WannaCry 2
5
How did it work? person at company opens an infected (.zip attachment) opens attachment that infects the PC with WannaCry 2 malware infects other PCs exploiting vulnerability in Windows/SMB malware encrypts files, deletes backups, asks for ransom (ransomware)
6
Impact IT Systems Data $$$
7
Insecurity in Cyber-physical systems
8
Cyber-physical systems
IT systems that interact with the physical world, using sensors and actuators Source: datasciencebe.com
9
Impact IT Systems Physical processes People / environment
10
Power generation/distribution
Ukraine, Dec – cyber-attack causes 1.5 hour outage across several regions Used Industroyer/CrashOverRide grid-sabotaging malware
11
Electricity generator
DHS / CNN, Sept. 2007 Researchers who launched an experimental cyber attack caused a generator to self-destruct Attack can be do permanent damage
12
Pacemakers White Scope, June 2017 – Over 8,600 Vulnerabilities Found in Pacemakers researchers from security firm White Scope analyzed 7 pacemaker products from 4 different vendors
13
Some research
14
Replicating critical components
CIS - CRUTIAL Information Switch CIS has N diverse replicas (3 in the figure) Intrusion-tolerant thanks to replication and voting Self-healing thanks to replica rejuvenation
15
Replicating critical components
Replicas are rejuvenated, so % failed time is minimal % of failed time is zero unless the mift becomes less than 1 hour! Analysis made with stochastic models 4 servers minimum inter-failure time the prototype can rejuvenate all replicas in 10 minutes!
16
Trusted service in sensors/actuators
T2Droid - TrustZone-based Trace analyser for anDroid Dynamic analysis of applications to detect malware Protected from malware by leveraging ARM TrustZone untrusted environment T2Droid
17
Trusted service in sensors/actuators
T2Droid analyses the behavior of an apps by observing the calls it makes: API calls and syscalls i.MX53 USB armory
18
conclusion
19
Conclusion Cyber-physical systems are typically safety-critical
Attacks may impact not only data/$$$, but humans / environment Threats are real; attacks are happening Two contributions CIS - CRUTIAL Information Switch T2Droid - TrustZone-based Trace analyser for anDroid
20
Thank you miguel. p. correia@tecnico. ulisboa. pt http://www. gsd
This work was partially supported by national funds through Fundação para a Ciência e a Tecnologia (FCT) with reference UID/CEC/50021/2013 (INESC-ID)
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.