TY - GEN
T1 - Attacks against process control systems
T2 - 6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011
AU - Cárdenas, Alvaro A.
AU - Amin, Saurabh
AU - Lin, Zong Syun
AU - Huang, Yu-Lun
AU - Huang, Chi Yen
AU - Sastry, Shankar
PY - 2011/5/20
Y1 - 2011/5/20
N2 - In the last years there has been an increasing interest in the security of process control and SCADA systems. Furthermore, recent computer attacks such as the Stuxnet worm, have shown there are parties with the motivation and resources to effectively attack control systems. While previous work has proposed new security mechanisms for control systems, few of them have explored new and fundamentally different research problems for securing control systems when compared to securing traditional information technology (IT) systems. In particular, the sophistication of new malware attacking control systems-malware including zero-days attacks, rootkits created for control systems, and software signed by trusted certificate authorities-has shown that it is very difficult to prevent and detect these attacks based solely on IT system information. In this paper we show how, by incorporating knowledge of the physical system under control, we are able to detect computer attacks that change the behavior of the targeted control system. By using knowledge of the physical system we are able to focus on the final objective of the attack, and not on the particular mechanisms of how vulnerabilities are exploited, and how the attack is hidden. We analyze the security and safety of our mechanisms by exploring the effects of stealthy attacks, and by ensuring that automatic attack-response mechanisms will not drive the system to an unsafe state. A secondary goal of this paper is to initiate the discussion between control and security practitioners-two areas that have had little interaction in the past. We believe that control engineers can leverage security engineering to design-based on a combination of their best practices-control algorithms that go beyond safety and fault tolerance, and include considerations to survive targeted attacks.
AB - In the last years there has been an increasing interest in the security of process control and SCADA systems. Furthermore, recent computer attacks such as the Stuxnet worm, have shown there are parties with the motivation and resources to effectively attack control systems. While previous work has proposed new security mechanisms for control systems, few of them have explored new and fundamentally different research problems for securing control systems when compared to securing traditional information technology (IT) systems. In particular, the sophistication of new malware attacking control systems-malware including zero-days attacks, rootkits created for control systems, and software signed by trusted certificate authorities-has shown that it is very difficult to prevent and detect these attacks based solely on IT system information. In this paper we show how, by incorporating knowledge of the physical system under control, we are able to detect computer attacks that change the behavior of the targeted control system. By using knowledge of the physical system we are able to focus on the final objective of the attack, and not on the particular mechanisms of how vulnerabilities are exploited, and how the attack is hidden. We analyze the security and safety of our mechanisms by exploring the effects of stealthy attacks, and by ensuring that automatic attack-response mechanisms will not drive the system to an unsafe state. A secondary goal of this paper is to initiate the discussion between control and security practitioners-two areas that have had little interaction in the past. We believe that control engineers can leverage security engineering to design-based on a combination of their best practices-control algorithms that go beyond safety and fault tolerance, and include considerations to survive targeted attacks.
KW - Control systems
KW - Critical infrastructure protection
KW - Cyber-physical systems
KW - Ids
KW - Scada
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=79956009493&partnerID=8YFLogxK
U2 - 10.1145/1966913.1966959
DO - 10.1145/1966913.1966959
M3 - Conference contribution
AN - SCOPUS:79956009493
SN - 9781450305648
T3 - Proceedings of the 6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011
SP - 355
EP - 366
BT - Proceedings of the 6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011
Y2 - 22 March 2011 through 24 March 2011
ER -