Repository logo
 

CPS security testbed: requirement analysis, prototype design and protection framework

Abstract

Testbeds are a practical way to perform security exercises on cyber physical systems (CPS) to understand vulnerabilities and the progression/impact of cyber-attacks. However, it is challenging to replicate a large CPS, such as nuclear power plant or an electrical power grid, within the confines of a laboratory that would allow security experiments to be carried out. Thus, software-based simulations are getting increasingly popular as opposed to hardware-in-the-loop based simulations for CPS that form a critical infrastructure. Unfortunately, a software-based CPS testbed oriented towards security-centric experiments requires a careful re-examination of requirements and architectural design different from a CPS testbed for non-security related experiments. On a security-focused testbed there is a need to run real attack scripts for red-teaming/blue-teaming exercises, which are, in the strictest sense of the term, malicious in nature. Thus, there is a need to protect the testbed itself from these attack experiments that have the potential to go awry. The overall effect of an exploit on the whole system or vulnerabilities at communication channels needs to be particularly explored while building a simulator for a security-centric CPS. Besides, when multiple experiments are conducted on the same testbed, there is a need to maintain isolation among these experiments so that no experiment can accidentally or maliciously compromise others and affect the fidelity of those results. Specific security experiment-related supports are essential when designing such a testbed but integrating a software-based simulator within the testbed to provide necessary experiment support is challenging. In this thesis, we make three contributions. First, we present the design of an ideal testbed based on a set of requirements and supports that we have identified, focusing specifically on security experiment as the primary use case. Next, following these requirements analysis, we integrate a software-based simulator (Generic Pressurized Water Reactor) into a testbed design by modifying the implementation architecture to allow the execution of attack experiments on different networking architectures and protocols. Finally, we describe a novel security architecture and framework to ensure the protection of security-related experiments on a CPS testbed.

Description

Rights Access

Subject

cyber physical system
framework
testbed
experiments
access control
security

Citation

Associated Publications