D. Ulybyshev, Ibrahim Yilmaz, B. Northern, V. Kholodilo, Mike Rogers
Cyber-Physical Systems are widely used in critical infrastructures such as the power grids, water purification systems, nuclear plants, oil refinery and compressor plants, food manufacturing, etc. Anomalies in these systems can be a result of cybersecurity attacks, failed sensors or communication channels. Undetected anomalies may lead to process failure, cause financial damage and have significant impact on human lives. Thus, it is important to detect anomalies at early stages and to protect data in Cyber-Physical Systems. In this paper, we propose the novel on-the-fly NIST-compliant key generation scheme for a secure data container used to transfer and store sensor data. The data container delivers data from the low-level field sensors to high-level data analysis servers in a protected form. It provides data confidentiality and integrity, as well as data origin integrity, a fine-grained role-based and attribute-based access control. As a result, the anomaly detector runs on trustworthy data sets, protected from unauthorized adversarial modifications. Our solution can be easily integrated with many existing Cyber-Physical Systems and IT infrastructures since our secure data container supports RESTful API and is implemented in two modifications: (1) signed, watermarked and encrypted spreadsheet file; (2) signed and encrypted JSON file. In addition, we implemented several machine learning models based on a Random Forest, a k-Nearest Neighbors, a Support Vector Machine and a Neural Network algorithms for the detection of various anomalies and attacks in a gas pipeline system. We will demonstrate that our anomaly detection models achieve high detection rate with an average accuracy of 97.7% for two industrial data sets collected by the Mississippi State University's Critical Infrastructure Protection Center and Oak Ridge National Laboratories (ORNL)
{"title":"Trustworthy Data Analysis and Sensor Data Protection in Cyber-Physical Systems","authors":"D. Ulybyshev, Ibrahim Yilmaz, B. Northern, V. Kholodilo, Mike Rogers","doi":"10.1145/3445969.3450432","DOIUrl":"https://doi.org/10.1145/3445969.3450432","url":null,"abstract":"Cyber-Physical Systems are widely used in critical infrastructures such as the power grids, water purification systems, nuclear plants, oil refinery and compressor plants, food manufacturing, etc. Anomalies in these systems can be a result of cybersecurity attacks, failed sensors or communication channels. Undetected anomalies may lead to process failure, cause financial damage and have significant impact on human lives. Thus, it is important to detect anomalies at early stages and to protect data in Cyber-Physical Systems. In this paper, we propose the novel on-the-fly NIST-compliant key generation scheme for a secure data container used to transfer and store sensor data. The data container delivers data from the low-level field sensors to high-level data analysis servers in a protected form. It provides data confidentiality and integrity, as well as data origin integrity, a fine-grained role-based and attribute-based access control. As a result, the anomaly detector runs on trustworthy data sets, protected from unauthorized adversarial modifications. Our solution can be easily integrated with many existing Cyber-Physical Systems and IT infrastructures since our secure data container supports RESTful API and is implemented in two modifications: (1) signed, watermarked and encrypted spreadsheet file; (2) signed and encrypted JSON file. In addition, we implemented several machine learning models based on a Random Forest, a k-Nearest Neighbors, a Support Vector Machine and a Neural Network algorithms for the detection of various anomalies and attacks in a gas pipeline system. We will demonstrate that our anomaly detection models achieve high detection rate with an average accuracy of 97.7% for two industrial data sets collected by the Mississippi State University's Critical Infrastructure Protection Center and Oak Ridge National Laboratories (ORNL)","PeriodicalId":103324,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115150565","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Michael Grabatin, M. Steinke, Daniela Pöhn, Wolfgang Hommel
Passwords continue to dominate the authentication landscape, while One Time Passwords (OTPs) provided by apps are increasingly used as second factor. Even though several alternatives are developed, very few regard usability. Even fewer alternatives consider special conditions of authentication, like disabilities and other input restrictions, typical for healthcare workers. In this paper, we show shortcomings by the example of different stages within the care cycle. Generalized requirements are used to evaluate existing authentication mechanisms. These findings result in the design of a matrix showing different authentication methods and requirements. The matrix can be used to identify the best fitting authentication mechanisms based on the needs of the scenario. Not only the first factor can be identified, but the matrix also helps to select additional well-fitting authentication mechanism for a specific scenario. The designed matrix is practically underlined by applying it to the care cycle with different cyber-physical systems (CPS).
{"title":"A Matrix for Systematic Selection of Authentication Mechanisms in Challenging Healthcare related Environments","authors":"Michael Grabatin, M. Steinke, Daniela Pöhn, Wolfgang Hommel","doi":"10.1145/3445969.3450424","DOIUrl":"https://doi.org/10.1145/3445969.3450424","url":null,"abstract":"Passwords continue to dominate the authentication landscape, while One Time Passwords (OTPs) provided by apps are increasingly used as second factor. Even though several alternatives are developed, very few regard usability. Even fewer alternatives consider special conditions of authentication, like disabilities and other input restrictions, typical for healthcare workers. In this paper, we show shortcomings by the example of different stages within the care cycle. Generalized requirements are used to evaluate existing authentication mechanisms. These findings result in the design of a matrix showing different authentication methods and requirements. The matrix can be used to identify the best fitting authentication mechanisms based on the needs of the scenario. Not only the first factor can be identified, but the matrix also helps to select additional well-fitting authentication mechanism for a specific scenario. The designed matrix is practically underlined by applying it to the care cycle with different cyber-physical systems (CPS).","PeriodicalId":103324,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116172254","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Due to our dependency on electricity, it is vital to keep our power systems secure from cyber attacks. However, because power systems are being digitalized and the infrastructure is growing increasingly complicated, it is difficult to gain an overview and secure the entire system. An overview of the potential security vulnerabilities can be achieved with threat modeling. The Meta Attack Language (MAL) is a formalism that enables the development of threat modeling languages that can be used to automatically generate attack graphs and conduct simulations over them. In this article we present the MAL-based language SCL-Lang which has been created based on the System description Configuration Language (SCL) as defined in the IEC 61850 standard. With SCL-Lang one can create threat models of substations based on their SCL files and automatically find information regarding potential cyber attack paths in the substation automation system configuration. This enables structured cyber security analysis for evaluating various design scenarios before implementation.
{"title":"Generating Threat Models and Attack Graphs based on the IEC 61850 System Configuration description Language","authors":"E. Ling, M. Ekstedt","doi":"10.1145/3445969.3450421","DOIUrl":"https://doi.org/10.1145/3445969.3450421","url":null,"abstract":"Due to our dependency on electricity, it is vital to keep our power systems secure from cyber attacks. However, because power systems are being digitalized and the infrastructure is growing increasingly complicated, it is difficult to gain an overview and secure the entire system. An overview of the potential security vulnerabilities can be achieved with threat modeling. The Meta Attack Language (MAL) is a formalism that enables the development of threat modeling languages that can be used to automatically generate attack graphs and conduct simulations over them. In this article we present the MAL-based language SCL-Lang which has been created based on the System description Configuration Language (SCL) as defined in the IEC 61850 standard. With SCL-Lang one can create threat models of substations based on their SCL files and automatically find information regarding potential cyber attack paths in the substation automation system configuration. This enables structured cyber security analysis for evaluating various design scenarios before implementation.","PeriodicalId":103324,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130688146","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This tutorial provides a review of the state-of-the-art research and the applications of Artificial Intelligence and Machine Learning for malware analysis. We will provide an overview, background and results with respect to the three main malware analysis approaches: static malware analysis, dynamic malware analysis and online malware analysis. Further, we will provide a simplified hands-on tutorial of applying ML algorithm for dynamic malware analysis in cloud IaaS.
{"title":"Artificial Intelligence Assisted Malware Analysis","authors":"Mahmoud Abdelsalam, Maanak Gupta, Sudip Mittal","doi":"10.1145/3445969.3450433","DOIUrl":"https://doi.org/10.1145/3445969.3450433","url":null,"abstract":"This tutorial provides a review of the state-of-the-art research and the applications of Artificial Intelligence and Machine Learning for malware analysis. We will provide an overview, background and results with respect to the three main malware analysis approaches: static malware analysis, dynamic malware analysis and online malware analysis. Further, we will provide a simplified hands-on tutorial of applying ML algorithm for dynamic malware analysis in cloud IaaS.","PeriodicalId":103324,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129566643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As autonomous vehicles fill the roads and more manufacturers join the trend, the need for a unified communication protocol grows. Current paradigms in vehicle-to-vehicle communication are too slow to provide accurate and meaningful traffic data in a timely fashion, and it is difficult to trust that incoming data is correct without an authoritative server verifying the sender's identity. This paper introduces a protocol for peer-to-peer exchanges of positional data that determines the trust level of a particular message by comparing matching object data hashes. Similar in concept to non-interactive zero-knowledge proofs, the design retains the privacy and anonymity of senders and is relatively fast compared to certificate-based solutions under a reasonable traffic load. Our preliminary experiment shows promising results, with much faster runtimes compared to similar cryptographic solutions. Although the current implementation is still rough around the edges, the basic design can provide the groundwork for future paradigms in inter-vehicular communication without depending on expensive cryptographic operations performed on special or more powerful hardware. This opens doors for protocols that can be run on current vehicles without requiring the collective processing power of all vehicles to increase.
{"title":"A Data-based Protocol for One-way Trust in Inter-vehicular Communication","authors":"Stephen Ly, Yuan Cheng","doi":"10.1145/3445969.3450430","DOIUrl":"https://doi.org/10.1145/3445969.3450430","url":null,"abstract":"As autonomous vehicles fill the roads and more manufacturers join the trend, the need for a unified communication protocol grows. Current paradigms in vehicle-to-vehicle communication are too slow to provide accurate and meaningful traffic data in a timely fashion, and it is difficult to trust that incoming data is correct without an authoritative server verifying the sender's identity. This paper introduces a protocol for peer-to-peer exchanges of positional data that determines the trust level of a particular message by comparing matching object data hashes. Similar in concept to non-interactive zero-knowledge proofs, the design retains the privacy and anonymity of senders and is relatively fast compared to certificate-based solutions under a reasonable traffic load. Our preliminary experiment shows promising results, with much faster runtimes compared to similar cryptographic solutions. Although the current implementation is still rough around the edges, the basic design can provide the groundwork for future paradigms in inter-vehicular communication without depending on expensive cryptographic operations performed on special or more powerful hardware. This opens doors for protocols that can be run on current vehicles without requiring the collective processing power of all vehicles to increase.","PeriodicalId":103324,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132182528","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Loïc France, M. Mushtaq, Florent Bruguier, D. Novo, P. Benoit
Modern computer memories have been shown to have reliability issues. The main memory is the target of a security attack called Rowhammer, which causes bit flips in adjacent victim cells of aggressor rows. Multiple mitigation techniques have been proposed to counter this issue, but they all come at a non-negligible cost of performance and/or silicon surface. Some techniques rely on a detection mechanism using row access counters to trigger automatic defenses. In this paper, we propose a tool to build a system-specific detection mechanism using gem5 to simulate the system and Machine Learning to detect the attack by analyzing hardware event traces. The detection mechanism built with our tool shows high accuracy (over 99.5%) and low latency (maximum 474µs to classify when running offline in software) to detect an attack before completion.
{"title":"Vulnerability Assessment of the Rowhammer Attack Using Machine Learning and the gem5 Simulator - Work in Progress","authors":"Loïc France, M. Mushtaq, Florent Bruguier, D. Novo, P. Benoit","doi":"10.1145/3445969.3450425","DOIUrl":"https://doi.org/10.1145/3445969.3450425","url":null,"abstract":"Modern computer memories have been shown to have reliability issues. The main memory is the target of a security attack called Rowhammer, which causes bit flips in adjacent victim cells of aggressor rows. Multiple mitigation techniques have been proposed to counter this issue, but they all come at a non-negligible cost of performance and/or silicon surface. Some techniques rely on a detection mechanism using row access counters to trigger automatic defenses. In this paper, we propose a tool to build a system-specific detection mechanism using gem5 to simulate the system and Machine Learning to detect the attack by analyzing hardware event traces. The detection mechanism built with our tool shows high accuracy (over 99.5%) and low latency (maximum 474µs to classify when running offline in software) to detect an attack before completion.","PeriodicalId":103324,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","volume":"5 9","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113973560","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In Cloud Computing, the cloud serves as a central data hub for the Industrial Internet of Things' (IIoT) data and is deployed in diverse application fields, e.g., Smart Grid or Smart Manufacturing. Therefore, the aggregated and contextualized data is bundled in a central data hub, bringing tremendous cybersecurity advantages. Given the threat landscape in IIoT systems, especially SMEs (small and medium-sized enterprises) need to be prepared regarding their cybersecurity, react quickly, and strengthen their overall cybersecurity. For instance, with the application of machine learning algorithms, security-related data can be analyzed predictively in order to be able to ward off a potential attack at an early stage. Since modern reference architectures for IIoT systems, such as RAMI 4.0 or IIRA, consider cybersecurity approaches on a high level and SMEs lack financial funds and knowledge, this paper conceptualizes a security analytics service used as a security add-on to these reference architectures. Thus, this paper conceptualizes a flexible security analytics service that implements security capabilities with flexible analytical techniques that fit specific SMEs' needs. The security analytics service is also evaluated with a real-world use case.
{"title":"A Flexible Security Analytics Service for the Industrial IoT","authors":"Philip Empl, G. Pernul","doi":"10.1145/3445969.3450427","DOIUrl":"https://doi.org/10.1145/3445969.3450427","url":null,"abstract":"In Cloud Computing, the cloud serves as a central data hub for the Industrial Internet of Things' (IIoT) data and is deployed in diverse application fields, e.g., Smart Grid or Smart Manufacturing. Therefore, the aggregated and contextualized data is bundled in a central data hub, bringing tremendous cybersecurity advantages. Given the threat landscape in IIoT systems, especially SMEs (small and medium-sized enterprises) need to be prepared regarding their cybersecurity, react quickly, and strengthen their overall cybersecurity. For instance, with the application of machine learning algorithms, security-related data can be analyzed predictively in order to be able to ward off a potential attack at an early stage. Since modern reference architectures for IIoT systems, such as RAMI 4.0 or IIRA, consider cybersecurity approaches on a high level and SMEs lack financial funds and knowledge, this paper conceptualizes a security analytics service used as a security add-on to these reference architectures. Thus, this paper conceptualizes a flexible security analytics service that implements security capabilities with flexible analytical techniques that fit specific SMEs' needs. The security analytics service is also evaluated with a real-world use case.","PeriodicalId":103324,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127821002","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 3: Tutorial","authors":"Mahmoud Abdelsalam","doi":"10.1145/3460497","DOIUrl":"https://doi.org/10.1145/3460497","url":null,"abstract":"","PeriodicalId":103324,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122933755","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 1: AI for CPS Security","authors":"Heena Rathore","doi":"10.1145/3460495","DOIUrl":"https://doi.org/10.1145/3460495","url":null,"abstract":"","PeriodicalId":103324,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128576490","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: