Securing Industrial Control Systems through Autonomous Hardening

The secure and reliable operation of industrial control systems is becoming more and more challenging due to the increasing size, complexity, and heterogeneity of such systems. A constant change of requirements and responsibilities results in an increased frequency of configuration and topological changes, which renders a manual verification of system security infeasible. Thus, there is a need for automatic mechanisms that allows a system to uphold a desired level of security autonomously. In this paper, we present a framework that enables a system to harden itself periodically, i.e., the framework ensures that each device complies to a security baseline tailored to the device's functionality and capability. The evaluation of our implementation shows that the framework effectively and efficiently corrects any deviations from the desired state at each networked device and thereby guarantees that the overall system remains compliant to pre-defined security policies. Moreover, the scalability tests conducted in a cloud infrastructure indicate that the framework is suitable for fairly large networks, with hundreds of individual devices, which makes it suitable for a wide range of practical control systems.

[1]  Daniel A. Menascé,et al.  On the Use of Performance Models to Design Self-Managing Computer Systems , 2003, Int. CMG Conference.

[2]  Yechiam Yemini,et al.  NESTOR: an architecture for network self-management and organization , 2000, IEEE Journal on Selected Areas in Communications.

[3]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[4]  Vasant Honavar,et al.  Intelligent agents for intrusion detection , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[5]  Günter Karjoth,et al.  Access control with IBM Tivoli access manager , 2003, TSEC.

[6]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[7]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[8]  Daniel A. Menascé,et al.  Policy-Based Enforcement of Database Security Configuration through Autonomic Capabilities , 2008, Fourth International Conference on Autonomic and Autonomous Systems (ICAS'08).

[9]  Eugene H. Spafford,et al.  Intrusion detection using autonomous agents , 2000, Comput. Networks.

[10]  Leslie Lamport,et al.  The part-time parliament , 1998, TOCS.

[11]  J. F. McClary,et al.  NADIR: An automated system for detecting network intrusion and misuse , 1993, Comput. Secur..

[12]  Paul Murray,et al.  SmartFrog: Configuration and Automatic Ignition of Distributed Applications , 2003 .

[13]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.