• Corpus ID: 220250108

Software Enabled Security Architecture for Counteracting Attacks in Control Systems

@article{Tupakula2020SoftwareES,
  title={Software Enabled Security Architecture for Counteracting Attacks in Control Systems},
  author={Udaya Kiran Tupakula and Vijay Varadharajan and Kallol Krishna Karmakar},
  journal={ArXiv},
  year={2020},
  volume={abs/2006.15272}
}
Increasingly Industrial Control Systems (ICS) systems are being connected to the Internet to minimise the operational costs and provide additional flexibility. These control systems such as the ones used in power grids, manufacturing and utilities operate continually and have long lifespans measured in decades rather than years as in the case of IT systems. Such industrial control systems require uninterrupted and safe operation. However, they can be vulnerable to a variety of attacks, as… 

Figures and Tables from this paper

References

SHOWING 1-10 OF 23 REFERENCES
CoRT: A Communication Robustness Testbed for Industrial Control System Components
TLDR
The testbed and measurement methods for communication robustness test research of ICS components makes it difficult to assess component security during its runtime, but this is possible in a research testbed where tests could be done and analyzed in a safe environment.
Identifying Security-Critical Cyber-Physical Components in Industrial Control Systems
TLDR
A novel ICS security metric based on AND/OR graphs that represent cyber-physical dependencies among network components that is able to efficiently identify sets of critical cyber- physical components, with minimal cost for an attacker, such that if compromised, the system would enter into a non-operational state.
Uncovering Vulnerable Industrial Control Systems from the Internet Core
TLDR
This paper uncovers unprotected inter-domain ICS traffic at two central Internet vantage points, an IXP and an ISP, and provides an in-depth view on Internet-wide ICS communication.
DELTA: A Security Assessment Framework for Software-Defined Networks
TLDR
The case for automating and standardizing the vulnerability identification process in SDNs is made, and a security assessment framework, DELTA, is developed that reinstantiates published SDN attacks in diverse test environments and enhanced with a protocol-aware fuzzing module to automatically discover new vulnerabilities.
Rosemary: A Robust, Secure, and High-performance Network Operating System
TLDR
ROSEMARY is presented, which implements a network application containment and resilience strategy based around the notion of spawning applications independently within a micro-NOS, and it is found that with the integration of two optimization features, ROSEMARY offers a competitive performance advantage over the majority of other controllers.
Critical Information Infrastructures Monitoring Based on Software-Defined Networks
TLDR
Not only can the methodology and capabilities of IDS and IPS be used in the SDN, but based on the analysis of the data obtained, the network can be centrally reprogrammed to repel malicious attacks and restore functionality, which can make CII significantly more resistant to various failures, failures and malicious attacks.
Secure Software-Defined Networking Based on Blockchain
TLDR
This paper designs a monolithic security mechanism for SDN based on Blockchain that decentralizes the control plane to overcome the single-point failure while maintaining a network-wide view and guarantees the authenticity, traceability, and accountability of application flows, and hence secures the programmable configuration.
Secure Software-Defined Networking Based on Blockchain
TLDR
This paper designs a monolithic security mechanism for SDN based on Blockchain that decentralizes the control plane to overcome single-point failure while maintaining a network-wide view and guarantees the authenticity, traceability, and accountability of application flows, and hence secures the programmable configuration.
Byzantine-resilient secure software-defined networks with multiple controllers
TLDR
A secure SDN structure, in which each device is managed by multiple controllers rather than a single one as in a traditional manner is presented, which can resist Byzantine attacks on controllers and the communication links between controllers and SDN switches.
A security enforcement kernel for OpenFlow networks
TLDR
This work introduces FortNOX, a software extension that provides role-based authorization and security constraint enforcement for the NOX OpenFlow controller that enables NOX to check flow rule contradictions in real time, and implements a novel analysis algorithm that is robust even in cases where an adversarial OF application attempts to strategically insert flow rules that would otherwise circumvent flow rules imposed by OF security applications.
...
...