Cyber-physical system security for networked industrial processes

Cyber-physical systems (CPSs) are integrations of networks, computation and physical processes, where embedded computing devices continually sense, monitor, and control the physical processes through networks. Networked industrial processes combining internet, real-time computer control systems and industrial processes together are typical CPSs. With the increasingly frequent cyber-attack, security issues have gradually become key problems for CPSs. In this paper, a cyber-physical system security protection approach for networked industrial processes, i.e., industrial CPSs, is proposed. In this approach, attacks are handled layer by layer from general information technology (IT) security protection, to active protection, then to intrusion tolerance and physical security protection. The intrusion tolerance implemented in real-time control systems is the most critical layer because the real time control system directly affects the physical layer. This novel intrusion tolerance scheme with a closed loop defense framework takes into account the special requirements of industrial CPSs. To illustrate the effectiveness of the CPS security protection approach, a networked water level control system is described as a case study in the architecture analysis and design language (AADL) environment. Simulation results show that 3 types of injected attacks can be quickly defended by using the proposed protection approach.

[1]  Tianyou Chai,et al.  Selective ensemble extreme learning machine modeling of effluent quality in wastewater treatment plants , 2012, Int. J. Autom. Comput..

[2]  S. Shankar Sastry,et al.  Understanding the physical and economic consequences of attacks on control systems , 2009, Int. J. Crit. Infrastructure Prot..

[3]  Shuang-Hua Yang Internet-based Control Systems: Design and Applications , 2011 .

[4]  Shuang-Hua Yang Safety and Security Checking , 2011 .

[5]  Ling Shi,et al.  Optimal Denial-of-Service attack scheduling against linear quadratic Gaussian control , 2014, 2014 American Control Conference.

[7]  Andrew Derbyshire IEC 61511?functional safety in the process industry: the prominence of validation and verification in the lifecycle of a safety instrumented system , 2015 .

[8]  Steve Goddard,et al.  Cyber-physical systems in industrial process control , 2008, SIGBED.

[9]  Naixue Xiong,et al.  Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications , 2014, Inf. Sci..

[10]  Alvaro A. Cárdenas,et al.  Resilience of Process Control Systems to Cyber-Physical Attacks , 2013, NordSec.

[11]  Chunjie Zhou,et al.  Self-organization of reconfigurable protocol stack for networked control systems , 2011, Int. J. Autom. Comput..

[12]  Umut Altinisik,et al.  A new fault tolerant control approach for the three-tank system using data mining , 2012, Comput. Electr. Eng..

[13]  Laurent Pautet,et al.  From the prototype to the final embedded system using the Ocarina AADL tool suite , 2008, TECS.

[14]  Shuang-Hua Yang,et al.  Secure remote access to home automation networks , 2013, IET Inf. Secur..

[15]  Nancy G. Leveson,et al.  An integrated approach to safety and security based on systems theory , 2014, CACM.

[16]  Edward A. Lee Cyber Physical Systems: Design Challenges , 2008, 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC).

[17]  Ichiro Koshijima,et al.  Safety securing approach against cyber-attacks for process control system , 2013, Comput. Chem. Eng..

[18]  Meiyuan Zhao,et al.  Challenges and Opportunities for Securing Intelligent Transportation System , 2013, IEEE Journal on Emerging and Selected Topics in Circuits and Systems.

[19]  Quanyan Zhu,et al.  A hierarchical security architecture for cyber-physical systems , 2011, 2011 4th International Symposium on Resilient Control Systems.

[20]  Barbara Kordy,et al.  Attack-defense trees , 2014, J. Log. Comput..

[21]  Naixue Xiong,et al.  SC-OA: A Secure and Efficient Scheme for Origin Authentication of Interdomain Routing in Cloud Computing Networks , 2011, 2011 IEEE International Parallel & Distributed Processing Symposium.

[22]  Xiao Qin,et al.  Real-time scheduling with quality of security constraints , 2006, Int. J. High Perform. Comput. Netw..

[23]  Ravi S. Sandhu Good-Enough Security: Toward a Pragmatic Business-Driven Discipline , 2003, IEEE Internet Comput..

[24]  Sha Fu,et al.  The information security risk assessment based on AHP and fuzzy comprehensive evaluation , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[25]  Naixue Xiong,et al.  A Bare-Metal and Asymmetric Partitioning Approach to Client Virtualization , 2014, IEEE Transactions on Services Computing.

[26]  Marco R. Spruit,et al.  Designing a Secure Cloud Architecture: The SeCA Model , 2012, Int. J. Inf. Secur. Priv..

[27]  Béla Genge,et al.  Physical process resilience-aware network design for SCADA systems , 2014, Comput. Electr. Eng..

[28]  Ling Shi,et al.  Optimal DoS attack policy against remote state estimation , 2013, 52nd IEEE Conference on Decision and Control.

[29]  Mo-Yuen Chow,et al.  Modeling and Optimizing the Performance-Security Tradeoff on D-NCS Using the Coevolutionary Paradigm , 2013, IEEE Transactions on Industrial Informatics.

[30]  Yu-Yan Zhang,et al.  Sensor/Actuator Faults Detection for Networked Control Systems via Predictive Control , 2013, Int. J. Autom. Comput..

[31]  Cristina Alcaraz,et al.  Smart control of operational threats in control substations , 2013, Comput. Secur..

[32]  Naixue Xiong,et al.  An adaptive and predictive approach for autonomic multirate multicast networks , 2011, TAAS.

[33]  Jules White,et al.  Cyber-physical security challenges in manufacturing systems , 2014 .

[34]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.