Options
Security of cyber-physical systems: process-aware approach
Citation Link: https://doi.org/10.15480/882.4913
Publikationstyp
Doctoral Thesis
Date Issued
2023
Sprache
English
Author(s)
Advisor
Gollmann, Dieter
Referee
Title Granting Institution
Technische Universität Hamburg
Place of Title Granting Institution
Hamburg
Examination Date
2023-02-10
Institut
TORE-DOI
Citation
Technische Universität Hamburg (2023)
Cyber-physical systems (CPS) consist of IT or cyber systems "embedded'' in applications in the physical world. They combine sensors, actuators, control units, operator consoles, and communication networks. Some of these systems are critical because they are part of an infrastructure critical for society. Critical infrastructure protection had become a high profile topic in the last decade, partly because the use of the Internet and commodity hardware and software have exposed the industry to security threats from which it has historically been isolated, and partly because the potential impact of attacks on critical infrastructures can no longer be ignored.
Cyber attacks on physical systems are called cyber-physical attacks. The implications of this class of attacks, namely the ability to inflict physical damage, is the main difference that puts them apart from conventional cyber attacks. In this thesis we show that the security concepts from the IT domain are not sufficient to describe the security needs of cyber-physical systems nor are the defenses effective against cyber-physical attacks. We therefore propose to treat the cyber part of a cyber-physical system as a control system and focus on the interfaces between physical space and cyberspace from the attacker perspective. We argue that in the CPS domain defence-in-depth has to be extended to the level of the physical process itself.
This thesis consists of four parts.
In the first part we address the challenge of lacking realistic large-scale test beds for studying cyber attacks and their effects on physical processes. We present two models of continuous processes, Tennessee Eastman and Vinyl Acetate Monomer, which we enhanced and instrumented with capabilities to conduct cyber-physical security research (Chapter 3).
In the second part, using an example of DoS attacks on sensor and actuator signals, we demonstrate that canonical IT security measures for communication infrastructure are insufficient to defend against attacks which take advantage of control system properties (Chapter 4)
In the third part we introduce a data security property called veracity or trustworthiness. We illustrate that data veracity is not a property guaranteed by any of the familiar IT infrastructure security services and propose a physical process-aware method to detect and locate non-veracious process data in near-real time (Chapter 5).
Lastly, based on the knowledge gained, we propose a model of the cyber-physical attack life cycle and illustrate its applicability on the example of designing persistent economic damage scenario in a Vinyl Acetate Monomer chemical plant (Chapter 6).
We conclude the thesis with the encouragement to further develop process-aware cyber security mechanisms that do not solely rely on IT security approaches. Directions for future research are outlined in the conclusions.
Cyber attacks on physical systems are called cyber-physical attacks. The implications of this class of attacks, namely the ability to inflict physical damage, is the main difference that puts them apart from conventional cyber attacks. In this thesis we show that the security concepts from the IT domain are not sufficient to describe the security needs of cyber-physical systems nor are the defenses effective against cyber-physical attacks. We therefore propose to treat the cyber part of a cyber-physical system as a control system and focus on the interfaces between physical space and cyberspace from the attacker perspective. We argue that in the CPS domain defence-in-depth has to be extended to the level of the physical process itself.
This thesis consists of four parts.
In the first part we address the challenge of lacking realistic large-scale test beds for studying cyber attacks and their effects on physical processes. We present two models of continuous processes, Tennessee Eastman and Vinyl Acetate Monomer, which we enhanced and instrumented with capabilities to conduct cyber-physical security research (Chapter 3).
In the second part, using an example of DoS attacks on sensor and actuator signals, we demonstrate that canonical IT security measures for communication infrastructure are insufficient to defend against attacks which take advantage of control system properties (Chapter 4)
In the third part we introduce a data security property called veracity or trustworthiness. We illustrate that data veracity is not a property guaranteed by any of the familiar IT infrastructure security services and propose a physical process-aware method to detect and locate non-veracious process data in near-real time (Chapter 5).
Lastly, based on the knowledge gained, we propose a model of the cyber-physical attack life cycle and illustrate its applicability on the example of designing persistent economic damage scenario in a Vinyl Acetate Monomer chemical plant (Chapter 6).
We conclude the thesis with the encouragement to further develop process-aware cyber security mechanisms that do not solely rely on IT security approaches. Directions for future research are outlined in the conclusions.
DDC Class
004: Informatik
530: Physik
Loading...
Name
Doktorarbeit_MarinaKrotofil_TUHH_2023.pdf
Size
89.85 MB
Format
Adobe PDF