Industrial Control Systems Security via Runtime Enforcement

IF 3 4区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS ACM Transactions on Privacy and Security Pub Date : 2022-11-09 DOI:https://dl.acm.org/doi/10.1145/3546579
Ruggero Lanotte, Massimo Merro, Andrei Munteanu
{"title":"Industrial Control Systems Security via Runtime Enforcement","authors":"Ruggero Lanotte, Massimo Merro, Andrei Munteanu","doi":"https://dl.acm.org/doi/10.1145/3546579","DOIUrl":null,"url":null,"abstract":"<p>With the advent of <i>Industry 4.0</i>, industrial facilities and critical infrastructures are transforming into an ecosystem of heterogeneous physical and cyber components, such as <i>programmable logic controllers</i>, increasingly interconnected and therefore exposed to <i>cyber-physical attacks</i>, i.e., security breaches in cyberspace that may adversely affect the physical processes underlying <i>industrial control systems</i>.</p><p>In this article, we propose a <i>formal approach</i> based on <i>runtime enforcement</i> to ensure specification compliance in networks of controllers, possibly compromised by <i>colluding malware</i> that may locally tamper with actuator commands, sensor readings, and inter-controller communications. Our approach relies on an ad-hoc sub-class of Ligatti et al.’s <i>edit automata</i> to enforce controllers represented in Hennessy and Regan’s <i>Timed Process Language</i>. We define a synthesis algorithm that, given an alphabet 𝒫 of observable actions and a timed correctness property <i>e</i>, returns a monitor that enforces the property <i>e</i> during the execution of any (potentially corrupted) controller with alphabet 𝒫, and complying with the property <i>e</i>. Our monitors do <i>mitigation</i> by correcting and suppressing incorrect actions of corrupted controllers and by generating actions in full autonomy when the controller under scrutiny is not able to do so in a correct manner. Besides classical requirements, such as <i>transparency</i> and <i>soundness</i>, the proposed enforcement enjoys <i>deadlock- and diverge-freedom</i> of monitored controllers, together with <i>scalability</i> when dealing with networks of controllers. Finally, we test the proposed enforcement mechanism on a non-trivial case study, taken from the context of industrial water treatment systems, in which the controllers are injected with different malware with different malicious goals.</p>","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"23 1","pages":""},"PeriodicalIF":3.0000,"publicationDate":"2022-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Privacy and Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/https://dl.acm.org/doi/10.1145/3546579","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

With the advent of Industry 4.0, industrial facilities and critical infrastructures are transforming into an ecosystem of heterogeneous physical and cyber components, such as programmable logic controllers, increasingly interconnected and therefore exposed to cyber-physical attacks, i.e., security breaches in cyberspace that may adversely affect the physical processes underlying industrial control systems.

In this article, we propose a formal approach based on runtime enforcement to ensure specification compliance in networks of controllers, possibly compromised by colluding malware that may locally tamper with actuator commands, sensor readings, and inter-controller communications. Our approach relies on an ad-hoc sub-class of Ligatti et al.’s edit automata to enforce controllers represented in Hennessy and Regan’s Timed Process Language. We define a synthesis algorithm that, given an alphabet 𝒫 of observable actions and a timed correctness property e, returns a monitor that enforces the property e during the execution of any (potentially corrupted) controller with alphabet 𝒫, and complying with the property e. Our monitors do mitigation by correcting and suppressing incorrect actions of corrupted controllers and by generating actions in full autonomy when the controller under scrutiny is not able to do so in a correct manner. Besides classical requirements, such as transparency and soundness, the proposed enforcement enjoys deadlock- and diverge-freedom of monitored controllers, together with scalability when dealing with networks of controllers. Finally, we test the proposed enforcement mechanism on a non-trivial case study, taken from the context of industrial water treatment systems, in which the controllers are injected with different malware with different malicious goals.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
通过运行时强制实现工业控制系统的安全性
随着工业4.0的到来,工业设施和关键基础设施正在转变为一个由异构物理和网络组件组成的生态系统,如可编程逻辑控制器,它们之间的互联程度越来越高,因此容易受到网络物理攻击,即网络空间中的安全漏洞,可能会对工业控制系统底层的物理过程产生不利影响。在本文中,我们提出了一种基于运行时强制的正式方法,以确保控制器网络中的规范遵从性,可能会受到串通恶意软件的损害,这些恶意软件可能会在本地篡改执行器命令、传感器读数和控制器间通信。我们的方法依赖于Ligatti等人的编辑自动机的一个特别子类来强制使用Hennessy和Regan的定时过程语言表示的控制器。我们定义了一个综合算法,给定可观察动作的字母集合集合和时间正确性属性e,返回一个监视器,该监视器在执行任何具有字母集合集合集合集合的(可能损坏的)控制器期间强制执行属性e,并遵守属性e。我们的监视器通过纠正和抑制损坏控制器的不正确动作以及在被检查的控制器无法以正确的方式生成完全自主的动作来进行缓解。除了透明和健全等经典要求外,所提出的强制执行还具有被监视控制器的死锁和发散自由,以及处理控制器网络时的可扩展性。最后,我们在一个重要的案例研究中测试了所提出的执行机制,该案例研究取自工业水处理系统的背景,其中控制器被注入了具有不同恶意目标的不同恶意软件。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
ACM Transactions on Privacy and Security
ACM Transactions on Privacy and Security Computer Science-General Computer Science
CiteScore
5.20
自引率
0.00%
发文量
52
期刊介绍: ACM Transactions on Privacy and Security (TOPS) (formerly known as TISSEC) publishes high-quality research results in the fields of information and system security and privacy. Studies addressing all aspects of these fields are welcomed, ranging from technologies, to systems and applications, to the crafting of policies.
期刊最新文献
ZPredict: ML-Based IPID Side-channel Measurements ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control Model Security Analysis of the Consumer Remote SIM Provisioning Protocol X-squatter: AI Multilingual Generation of Cross-Language Sound-squatting Toward Robust ASR System against Audio Adversarial Examples using Agitated Logit
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1