{"title":"Session details: Keynote 2","authors":"A. Mathur","doi":"10.1145/3258580","DOIUrl":"https://doi.org/10.1145/3258580","url":null,"abstract":"","PeriodicalId":296635,"journal":{"name":"Proceedings of the 4th ACM Workshop on Cyber-Physical System Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114633069","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The IEC-60870-5-104 (IEC-104) protocol is commonly used in Supervisory Control and Data Acquisition (SCADA) networks to operate critical infrastructures, such as power stations. As the importance of SCADA security is growing, characterization and modeling of SCADA traffic for developing defense mechanisms based on the regularity of the polling mechanism used in SCADA systems has been studied, whereas the characterization of traffic caused by non-polling mechanisms, such as spontaneous events, has not yet been studied. This paper provides a first look at how the traffic flowing between SCADA components changes over time. It proposes a method built upon Probabilistic Suffix Tree (PST) to discover the underlying timing patterns of spontaneous events. In 11 out of 14 tested data sequences, we see evidence of existence of underlying patterns. Next, the prediction capability of the approach, useful for devising anomaly detection mechanisms, was studied. While some data patterns enable an 80% prediction possibility, more work is needed to tune the method for higher accuracy.
{"title":"Understanding IEC-60870-5-104 Traffic Patterns in SCADA Networks","authors":"Chih-Yuan Lin, S. Nadjm-Tehrani","doi":"10.1145/3198458.3198460","DOIUrl":"https://doi.org/10.1145/3198458.3198460","url":null,"abstract":"The IEC-60870-5-104 (IEC-104) protocol is commonly used in Supervisory Control and Data Acquisition (SCADA) networks to operate critical infrastructures, such as power stations. As the importance of SCADA security is growing, characterization and modeling of SCADA traffic for developing defense mechanisms based on the regularity of the polling mechanism used in SCADA systems has been studied, whereas the characterization of traffic caused by non-polling mechanisms, such as spontaneous events, has not yet been studied. This paper provides a first look at how the traffic flowing between SCADA components changes over time. It proposes a method built upon Probabilistic Suffix Tree (PST) to discover the underlying timing patterns of spontaneous events. In 11 out of 14 tested data sequences, we see evidence of existence of underlying patterns. Next, the prediction capability of the approach, useful for devising anomaly detection mechanisms, was studied. While some data patterns enable an 80% prediction possibility, more work is needed to tune the method for higher accuracy.","PeriodicalId":296635,"journal":{"name":"Proceedings of the 4th ACM Workshop on Cyber-Physical System Security","volume":"79 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131456372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Digital twins open up new possibilities in terms of monitoring, simulating, optimizing and predicting the state of cyber-physical systems (CPSs). Furthermore, we argue that a fully functional, virtual replica of a CPS can also play an important role in securing the system. In this work, we present a framework that allows users to create and execute digital twins, closely matching their physical counterparts. We focus on a novel approach to automatically generate the virtual environment from specification, taking advantage of engineering data exchange formats. From a security perspective, an identical (in terms of the system's specification), simulated environment can be freely explored and tested by security professionals, without risking negative impacts on live systems. Going a step further, security modules on top of the framework support security analysts in monitoring the current state of CPSs. We demonstrate the viability of the framework in a proof of concept, including the automated generation of digital twins and the monitoring of security and safety rules.
{"title":"Towards Security-Aware Virtual Environments for Digital Twins","authors":"Matthias Eckhart, Andreas Ekelhart","doi":"10.1145/3198458.3198464","DOIUrl":"https://doi.org/10.1145/3198458.3198464","url":null,"abstract":"Digital twins open up new possibilities in terms of monitoring, simulating, optimizing and predicting the state of cyber-physical systems (CPSs). Furthermore, we argue that a fully functional, virtual replica of a CPS can also play an important role in securing the system. In this work, we present a framework that allows users to create and execute digital twins, closely matching their physical counterparts. We focus on a novel approach to automatically generate the virtual environment from specification, taking advantage of engineering data exchange formats. From a security perspective, an identical (in terms of the system's specification), simulated environment can be freely explored and tested by security professionals, without risking negative impacts on live systems. Going a step further, security modules on top of the framework support security analysts in monitoring the current state of CPSs. We demonstrate the viability of the framework in a proof of concept, including the automated generation of digital twins and the monitoring of security and safety rules.","PeriodicalId":296635,"journal":{"name":"Proceedings of the 4th ACM Workshop on Cyber-Physical System Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116187295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Monteuuis, Aymen Boudguiga, Jun Zhang, H. Labiod, Alain Servel, P. Urien
Connected and automated vehicles aim to improve the comfort and the safety of the driver and passengers. To this end, car manufacturers continually improve actual standardized methods to ensure their customers safety, privacy, and vehicles security. However, these methods do not support fully autonomous vehicles, linkability and confusion threats. To address such gaps, we propose a systematic threat analysis and risk assessment framework, SARA, which comprises an improved threat model, a new attack method/asset map, the involvement of the attacker in the attack tree, and a new driving system observation metric. Finally, we demonstrate its feasibility in assessing risk with two use cases: Vehicle Tracking and Comfortable Emergency Brake Failure.
{"title":"SARA: Security Automotive Risk Analysis Method","authors":"J. Monteuuis, Aymen Boudguiga, Jun Zhang, H. Labiod, Alain Servel, P. Urien","doi":"10.1145/3198458.3198465","DOIUrl":"https://doi.org/10.1145/3198458.3198465","url":null,"abstract":"Connected and automated vehicles aim to improve the comfort and the safety of the driver and passengers. To this end, car manufacturers continually improve actual standardized methods to ensure their customers safety, privacy, and vehicles security. However, these methods do not support fully autonomous vehicles, linkability and confusion threats. To address such gaps, we propose a systematic threat analysis and risk assessment framework, SARA, which comprises an improved threat model, a new attack method/asset map, the involvement of the attacker in the attack tree, and a new driving system observation metric. Finally, we demonstrate its feasibility in assessing risk with two use cases: Vehicle Tracking and Comfortable Emergency Brake Failure.","PeriodicalId":296635,"journal":{"name":"Proceedings of the 4th ACM Workshop on Cyber-Physical System Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123381925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The nature of Cyber-physical systems (CPS) is to integrate physical environments with computing capabilities, building a "channel" between the physical and the cyber world, with a continuous exchange of data and commands. From this inherent behaviour, observing data/behaviour on one side might lead to leakage of information about the status of the other side. This could be leveraged for both benign and malicious purposes. In this talk, we focus on this issue, discussing some of the core approaches and representative scenarios.
{"title":"Leaky CPS: Inferring Cyber Information from Physical Properties (and the other way around)","authors":"M. Conti","doi":"10.1145/3198458.3198468","DOIUrl":"https://doi.org/10.1145/3198458.3198468","url":null,"abstract":"The nature of Cyber-physical systems (CPS) is to integrate physical environments with computing capabilities, building a \"channel\" between the physical and the cyber world, with a continuous exchange of data and commands. From this inherent behaviour, observing data/behaviour on one side might lead to leakage of information about the status of the other side. This could be leveraged for both benign and malicious purposes. In this talk, we focus on this issue, discussing some of the core approaches and representative scenarios.","PeriodicalId":296635,"journal":{"name":"Proceedings of the 4th ACM Workshop on Cyber-Physical System Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116741214","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
It is our great pleasure to welcome you to CPSS 2017, the third ACM Cyber-Physical System Security Workshop, co-located with ACM AsiaCCS 2017 and held in Abu Dhabi, UAE on 2 April 2017. � �The call for papers attracted 35 submissions from 23 countries: Algeria, Australia, Austria, Belgium, Canada, China, Croatia, Denmark, France, Germany, Greece, India, Israel, Korea, Kuwait, Netherlands, New Zealand, Portugal, Singapore, Sweden, UAE, UK and USA. These papers were evaluated on the basis of their significance, novelty, technical quality and practical impact. The review process was double-blinded. The program committee members have put in a significant effort in paper evaluation, and most of the papers received 4 reviews. Finally we accepted 10 papers for presentation at the workshop, with an acceptance rate of 29%. As announced in the CFP, there will be a best paper award, to encourage more high quality submissions to CPSS. The winner will be revealed at the closing session of the workshop, and also listed at the CPSS home page http://jianying.space/cpss/. � �Besides the 10 technical presentations, there are also 2 keynote speeches. These valuable and insightful talks will guide us to a better understanding of CPS security challenges and opportunities. �"On the Disappearing Boundary between Digital, Physical, and Social Spaces -- Who, what, where and when" by Prof. Bashar Nuseibeh (Lero, Ireland & The Open University, UK) �"Security of the Autonomous Ship" by Prof. Sokratis Katsikas (NTNU, Norway)
{"title":"Proceedings of the 4th ACM Workshop on Cyber-Physical System Security","authors":"Jianying Zhou, Douglas Jones","doi":"10.1145/3198458","DOIUrl":"https://doi.org/10.1145/3198458","url":null,"abstract":"It is our great pleasure to welcome you to CPSS 2017, the third ACM Cyber-Physical System Security Workshop, co-located with ACM AsiaCCS 2017 and held in Abu Dhabi, UAE on 2 April 2017. \u0000 \u0000The call for papers attracted 35 submissions from 23 countries: Algeria, Australia, Austria, Belgium, Canada, China, Croatia, Denmark, France, Germany, Greece, India, Israel, Korea, Kuwait, Netherlands, New Zealand, Portugal, Singapore, Sweden, UAE, UK and USA. These papers were evaluated on the basis of their significance, novelty, technical quality and practical impact. The review process was double-blinded. The program committee members have put in a significant effort in paper evaluation, and most of the papers received 4 reviews. Finally we accepted 10 papers for presentation at the workshop, with an acceptance rate of 29%. As announced in the CFP, there will be a best paper award, to encourage more high quality submissions to CPSS. The winner will be revealed at the closing session of the workshop, and also listed at the CPSS home page http://jianying.space/cpss/. \u0000 \u0000Besides the 10 technical presentations, there are also 2 keynote speeches. These valuable and insightful talks will guide us to a better understanding of CPS security challenges and opportunities. \u0000\"On the Disappearing Boundary between Digital, Physical, and Social Spaces -- Who, what, where and when\" by Prof. Bashar Nuseibeh (Lero, Ireland & The Open University, UK) \u0000\"Security of the Autonomous Ship\" by Prof. Sokratis Katsikas (NTNU, Norway)","PeriodicalId":296635,"journal":{"name":"Proceedings of the 4th ACM Workshop on Cyber-Physical System Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125800355","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: