Battista, Ermanno (2015) Design a Secure Cyber-Physical Systems How Models and Security Adaptation Techniques can address CPS's challenges. [Tesi di dottorato]

[img]
Preview
Text
Battista_Ermanno.pdf

Download (5MB) | Preview
[error in script] [error in script]
Item Type: Tesi di dottorato
Lingua: English
Title: Design a Secure Cyber-Physical Systems How Models and Security Adaptation Techniques can address CPS's challenges
Creators:
CreatorsEmail
Battista, Ermannoermanno.battista@unina.it
Date: 30 March 2015
Institution: Università degli Studi di Napoli Federico II
Department: Ingegneria Elettrica e delle Tecnologie dell'Informazione
Scuola di dottorato: Ingegneria dell'informazione
Dottorato: Ingegneria informatica ed automatica
Ciclo di dottorato: 27
Coordinatore del Corso di dottorato:
nomeemail
Garofalo, Francogrf.fnc@gmail.com
Tutor:
nomeemail
Mazzocca, NicolaUNSPECIFIED
Casola, ValentinaUNSPECIFIED
Date: 30 March 2015
Uncontrolled Keywords: CPS; MTD; Security;
Settori scientifico-disciplinari del MIUR: Area 09 - Ingegneria industriale e dell'informazione > ING-INF/05 - Sistemi di elaborazione delle informazioni
Date Deposited: 26 Apr 2015 16:43
Last Modified: 25 Sep 2015 08:20
URI: http://www.fedoa.unina.it/id/eprint/10294
DOI: 10.6092/UNINA/FEDOA/10294

Abstract

Given the pervasiveness and extremely critical nature of activities performed by cyber-physical systems (CPSs), a better integration of security into the core architecture of the system is required in order to design and deploy survivable and secure infrastructures. The major challenges of modeling, designing and securing CPSs arise from the intrinsic heterogeneity, the geographical scale and the uncertainty regarding sensors readings, status and trustworthiness. These fundamental system properties of CPSs require to address security in ways more closely tied to the physical application and through a design that supports the inclusion of security within the application architecture. This thesis addresses challenges in both design and security of cyber-physical systems and its contribution is threefold. First, it proposes compositional and multiformalism modeling approaches for the design and validation of large scale monitoring infrastructures. The proposed approach is intended to integrate and model the interaction between different embedded nodes and between the environment and embedded nodes. The main limitation of state of art solution to modeling and simulating monitoring infrastructure, arise from their specificity: they are able to give a number of details on a particular aspect. Most of them are specifically intended to model a system part: such as network simulators, software simulators and hardware platform simulators. On the other hand, compositional and multiformalism modeling approaches allow the adoption of the best suiting modeling formalism at different levels of system abstraction and provide a concrete scalable mean to perform early performance evaluation and what-if analysis to ease the design process. They have been adopted in this thesis with regard to CPS's monitoring infrastructure modeling and simulation. Second, it proposes two ways to advance the software and hardware security for CPSs monitoring infrastructures. Todays approaches to secure the monitoring infrastructure are based on lightweight hardening techniques, in order not to stress the limited resources of wireless sensor nodes and this may limit their strength. Moreover, security seems to be approached as a feature that is not considered from the early stages of design and consequently is not intrinsically integrated within the embedded nodes architecture. On the other hand, this thesis proposes mechanisms for software and hardware security that are closely tied to the embedded architecture. As regards the software security, in this thesis efforts have been done to make security Adaptation Techniques (AT) applicable for embedded sensor nodes. Mechanisms based on AT consider security in a proactive way; the system is modified over time in order to reduce vulnerability exposure and disrupt attackers reconnaissance efforts. To make it possible to exploit the advantages of AT at the monitor infrastructure level, a novel node's software reconfiguration framework is presented. The feasibility of the proposed mechanism is shown for battery-supplied wireless sensor nodes through the demonstration of how to alter the network topology, exploit software diversity and react to threats. As regards the advances to the hardware security of the monitoring infrastructure, the thesis presents a special purpose hardware architecture specifically intended to address CPSs' physical security challenges through the adoption of TPM-based (Trusted Platform Module) architectures. An architecture based on FPGA is proposed and it is shown how it can provide secure primitives to asses the hardware and software integrity, as well as offering cryptographic operation. Finally, the thesis focuses on improving the processing infrastructure security. Efforts aimed at protecting CPSs should not only focus on the monitoring infrastructure even if it seems the weakest point. The processing infrastructure is generally composed of several networked systems. In this field a number of state of art solution are applicable. This thesis investigates the adoption of novel security adaptation techniques in order to overcame the limitation of static hardening techniques that are generally applied to networked systems. The focus will be on disrupting attacks that are intended to identify the CPS processing infrastructure's network architecture. The thesis will address this challenge by looking at security from a control prospective. Again it will exploit adaptation techniques but with the final goal of disrupting reconnaissance attack targeting CPS's back-end infrastructures. The thesis proposes a graph-based algorithmic solution to manipulate attacker's view of processing systems. This formalization is then used to design a deception based defense to defeating operating system and services fingerprinting. Experimental results show that the proposed approach can efficiently and effectively deceive attackers.

Actions (login required)

View Item View Item