In the past, the design of cyber physical systems (CPS) required a model based engineering approach -- a design methodology consisting of physics based mathematical modeling of the physical system, and a control theoretic modeling of the control system put together in a formal or semi-formal framework. The designers would start from an abstract model, and refine it down to an implementation model in several steps, either formally or informally. The implementation model is then validated for functional correctness, and satisfaction of performance, real-time schedulability goals. Functional Safety, robustness to input assumptions, reliability under fault assumptions, and resilience to unknown adversities were considered as important design goals for safety-critical CPS.
With the increased use of networked distributed control of large and geographically distributed critical infrastructures such as smart grid and the exposure to cyber-attacks ushered in by the IP-convergence phenomenon -- designers must now consider cyber-security and cyber defense as first class design objectives. However, in order to do so, designers have to don a dual personality -- while designing for robustness, reliability, functional safety -- a model driven engineering approach would work -- for designing for cyber-security and defense, the designer has to enter the mindset of a malicious attacker. For instance, one has to consider the various observations or sampling points of the system (e.g. sensors to read or sample the physical environment), and think how an attacker might compromise the unobservability of those points without authentication, and what knowledge of the system dynamics or the control mechanism of the system might be actually reconstructed by the attacker. One also has to consider the actuation points of the system, and ponder the least number of such actuation points the attacker has to take over in order to disrupt the dynamics of the system enough to create considerable damage. One has to envision how to obfuscate the dynamics of the system even when certain sensing or actuation points are compromised. Also, it is known that a large percentage of attacks are induced by insider or a collusion of internal and external agents.
Thus perimeter defense alone cannot defend the system. In such cases, the symptoms of an ongoing attack in the dynamics of the system itself has to be discerned continually. This approach to viewing the system from an adversarial position requires us to topple the design paradigm over its head, and we will need to build models from data, and not just generate data from models. The designer has to observe a system in action – even through partial observations, and construct a model close enough to the real system model – and then use the partial access to create damages to the because the approximate model allows her to do so. Almost like a schizophrenic duality, the engineer also has to wear the designers hat, and consider a game in which the observations are obfuscated enough to render it impossible for an attacker to build any useful model to induce clever attacks. The designer has to worry if she can construct from unobfuscated observations a dynamics quickly enough so that the difference between the expected dynamics and the real dynamics can trigger alarms to alert the system administrators.
In this talk, while discussing this view of system design, we will also talk about VSCADA -- a virtual distributed SCADA lab we created for modeling SCADA systems for critical infrastructures, and how to use such a virtual lab completely implemented in simulation -- to achieve the cyber security and cyber defense objectives of critical infrastructures -- through attack injections, attack detection, and experiments on new defense mechanisms. We will also discuss the real SCADA test bed we are building at our center for cyber security of critical infrastructures at IIT Kanpur.
Cyber-physical security models and metrics
Smart grid resilience metrics
Resilient cyber-physical control
Software defined networks (SDN) for enhanced smart power system security
Cognitive communication systems for resilient energy systems
Cyber-physical co-simulation for security and resilience assessment
Smart grid communication protocols security analysis
Cyber-physical resilience for energy systems with a high penetration of renewable sources
System planning and design for secure energy systems
Role of storage and distributed generation in system resilience
Microgrids and resilience
Smart grid optimization for improved survivability and robustness
Cloud-based smart grid analytics
Big data for improved situational awareness for enhanced security and resilience
Reshaping system dynamics for resiliency to attack
Secure load and renewable energy forecasting, modeling and monitoring
Energy system state estimation for enhanced resilience
12月04日
2016
会议日期
初稿截稿日期
终稿截稿日期
注册截止日期
留言