The Science of Security Virtual Organization was established to provide a focal point for security science related work and to facilitate the creation of a collaborative community to advance security science. The SoS VO provides a wide range of information, networking, and collaboration capabilities, and the newsletter was developed to showcase research programs of interest to the Science of Security Community (SoS). The SoS VO encourages members to contribute material related to Science of Security, and we are pleased to present the contribution of SoS member Saman Zonouz, Assistant Professor, Electrical and Computer Engineering Department, Rutgers University.
Cyber-Physical Systems Security
Cyber-Physical systems generally are systems where computers control physical entities. They exist in areas as diverse as automobiles, manufacturing, energy, transportation, chemistry, and computer appliances. In this bibliography, the primary focus of published research is in smart grid technologies--the use of cyber-physical systems to coordinate the generation, transmission, and use of electrical power and its sources. Because of its strategic importance and the consequences of intrusion, smart grid is of particular importance to the Science of Security.
"A Trusted Safety Verifier for Process Controller Code", McLaughlin, Stephen; Zonouz, Saman; Pohly, Devin; and McDaniel, Patrick, Networks and Distributed Systems Symposium (NDSS) 2014 Attackers can leverage security vulnerabilities in control systems to make physical processes behave unsafely. Currently, the safe behavior of a control system relies on a Trusted Computing Base (TCB) of commodity machines, firewalls, networks, and embedded systems. These large TCBs, often containing known vulnerabilities, expose many attack vectors which can impact process safety. In this paper, we present the Trusted Safety Verifier (TSV), a minimal TCB for the verification of safety-critical code executed on programmable controllers. No controller code is allowed to be executed before it passes physical safety checks by TSV. If a safety violation is found, TSV provides a demonstrative test case to system operators. TSV works by first translating assembly-level controller code into an intermediate language, ILIL. ILIL allows us to check code containing more instructions and features than previous controller code safety verification techniques. TSV efficiently mixes symbolic execution and model checking by transforming an ILIL program into a novel temporal execution graph that lumps together safety equivalent controller states. We implemented TSV on a Raspberry Pi computer as a bump-in-the-wire that intercepts all controller bound code. Our evaluation shows that it can test a variety of programs for common safety properties in an average of less than three minutes, and under six minutes in the worst case—a small one-time addition to the process engineering life cycle. (ID#:14-3329)
URL: http://www.internetsociety.org/doc/trusted-safety-verifier-process-controller-code
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.