Handbook on Securing Cyber-Physical Critical Infrastructure [NOOK Book]

Overview

The worldwide reach of the Internet allows malicious cyber criminals to coordinate and launch attacks on both cyber and cyber-physical infrastructure from anywhere in the world. This purpose of this handbook is to introduce the theoretical foundations and practical solution techniques for securing critical cyber and physical infrastructures as well as their underlying computing and communication architectures and systems. Examples of such infrastructures include utility networks (e.g., electrical power grids), ...

See more details below
Handbook on Securing Cyber-Physical Critical Infrastructure

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$99.95
BN.com price

Overview

The worldwide reach of the Internet allows malicious cyber criminals to coordinate and launch attacks on both cyber and cyber-physical infrastructure from anywhere in the world. This purpose of this handbook is to introduce the theoretical foundations and practical solution techniques for securing critical cyber and physical infrastructures as well as their underlying computing and communication architectures and systems. Examples of such infrastructures include utility networks (e.g., electrical power grids), ground transportation systems (automotives, roads, bridges and tunnels), airports and air traffic control systems, wired and wireless communication and sensor networks, systems for storing and distributing water and food supplies, medical and healthcare delivery systems, as well as financial, banking and commercial transaction assets. The handbook focus mostly on the scientific foundations and engineering techniques – while also addressing the proper integration of policies and access control mechanisms, for example, how human-developed policies can be properly enforced by an automated system.



*Addresses the technical challenges facing design of secure infrastructures by providing examples of problems and solutions from a wide variety of internal and external attack scenarios

*Includes contributions from leading researchers and practitioners in relevant application areas such as smart power grid, intelligent transportation systems, healthcare industry and so on.

*Loaded with examples of real world problems and pathways to solutions utilizing specific tools and techniques described in detail throughout

Read More Show Less

Editorial Reviews

From the Publisher

"This impressive collection presents different viewpoints on the security of cyber-physical infrastructure. With more than 40 different contributors and 30 chapters organized in eight parts, the authors provide a unique introduction to the current state of the art in this field. The recent rise in both security awareness and the criticality of cyber-physical systems justifies the publishing of such a comprehensive book."--ComputingReviews.com, March 29, 2013

Read More Show Less

Product Details

  • ISBN-13: 9780124159105
  • Publisher: Elsevier Science
  • Publication date: 1/25/2012
  • Sold by: Barnes & Noble
  • Format: eBook
  • Pages: 848
  • File size: 12 MB
  • Note: This product may take a few minutes to download.

Meet the Author

Sajal K. Das is a University Distinguished Scholar Professor of Computer Science and Engineering and the Founding Director of the Center for Research in Wireless Mobility and Networking (CReWMaN) at the University of Texas at Arlington (UTA).

Krishna Kant is currently with George Mason University and on leave of absence from Intel
Corporation where he has worked since 1997. His current areas of research include robustness in the Internet, cloud computing security, and sustainable computing.

Nan Zhang is an Assistant Professor of Computer Science at the George Washington University, Washington, DC, USA. Prior to joining GWU, he was an assistant professor of Computer Science and Engineering at the University of Texas at Arlington from 2006 to 2008.
His current research interests span security and privacy issues in databases, data mining, and computer networks.

Read More Show Less

Read an Excerpt

HANDBOOK ON SECURING CYBER-PHYSICAL CRITICAL INFRASTRUCTURE

Foundations and Challenges
By SAJAL K. DAS KRISHNA KANT NAN ZHANG

Morgan Kaufmann

Copyright © 2012 Elsevier, Inc.
All right reserved.

ISBN: 978-0-12-415910-5


Chapter One

Security and Vulnerability of Cyber-Physical Infrastructure Networks: A Control-Theoretic Approach

Mengran Xue, Sandip Roy, Yan Wan, Sajal K. Das

1.1. INTRODUCTION

The purpose of this chapter is to (1) introduce notions of security for the physical dynamics of complex cyber-physical networks and (2) provide a tutorial on control-theoretic tools for network inference that are promising for evaluation of such dynamic notions of security.

Classically, computer scientists and infrastructure network engineers have conceptualized the modeling and resolution of threats and uncertainties in vastly different ways. In a very broad sense, computer scientists have extensively studied threat and uncertainty resolution from the perspective of securing information (e.g.,). That is, computing devices and computer networks are viewed as storing, processing, and transmitting valuable information; threats and uncertainties are seen as either modifying this information and its processing, or causing theft of the information for undesirable purposes. In contrast, infrastructure network engineers traditionally have approached threat and uncertainty modeling/resolution from a dynamical systems viewpoint (e.g.,). That is, their key focus has been on analyzing and guiding the temporal behaviors or actions or dynamics of network components, and, in consequence, threats and uncertainties are viewed as undesirably modifying the dynamics. Given this viewpoint, infrastructure network engineers typically view the resolution of threats and uncertainties as stability, performance, and robustness (or vulnerability) concerns rather than security ones.

As cyber and physical capabilities become increasingly intertwined and multifaceted, and the threats and uncertainties themselves become increasingly complicated, the notions of threat and uncertainty modeling/resolution that combine the computer science and infrastructure engineering perspectives are increasingly needed. For instance, both stakeholders and external players associated with electric power and transportation networks increasingly have available sophisticated cyber capabilities for surveillance, based on which they can deliberately obtain an information set on the network's dynamics and structure, and in turn enact self-serving alterations of the dynamics (e.g.,). Conversely, as algorithms for cyber and cyber-physical networks become increasingly complex and operate in harsher environments, the effects of uncertainties on the algorithms' dynamics are becoming increasingly relevant (e.g.,). Given the increasing blurring and meshing between cyber and physical notions of threat and uncertainty modeling/ resolution, we believe that new definitions that capture and combine notions of information violation and robustness/vulnerability of physical network dynamics are needed. In this chapter, we (1) develop a framework for studying the security and vulnerability of physical network dynamics in particular and (2) in turn provide a tutorial on network-theoretic tools that can be used to evaluate these dynamic notions of security.

The first core aim of this chapter is to motivate and develop a framework for studying the security and vulnerability of network dynamics (Section 1.2). Precisely, we will motivate and define dynamic network security as a measure of estimability of network dynamics and structure from sensed measurements of some network responses, and in complement define network vulnerability in terms of potential disruption to the dynamics due to either physical modification or information violation in the network. To obtain these definitions, we will progress in several steps. To provide a concrete context for modeling threats and uncertainties in physical network dynamics, we will introduce a canonical yet fairly broadly applicable linear dynamical network model (Section 1.2.1). This dynamical model, defined on an underlying graph, is structured to capture complex (and possibly stochastic) network dynamics, complex processes generating uncertainties in these networks, and network sensing capabilities. Next, we will introduce several definitions for dynamical network security (and degree of security), as concepts of estimability/unestimability for the network model (Section 1.2.2). These definitions are structured to permit graph-theoretic characterizations for inference of the physical dynamics by an adversary operating at one or multiple network components. In complement, we will define notions of vulnerability to capture the possible impact of cyber or physical adversaries on the physical network dynamics (Section 1.2.3). These definitions of vulnerability, while tied to traditional notions of robustness/ vulnerability in systems, take the further step of making the role of the network structure in vulnerability explicit. Third, we discuss how such definitions can be applied to capture the complex interrelationship between security and vulnerability, and between adversaries and system designers, that are common in modern cyberphysical networks (Section 1.2.4). Finally, with the tutorial purpose of the book in mind, we will discuss an example scenario where inference of dynamical information in networks is of concern, and carefully specify the notions of security and vulnerability in this scenario (Section 1.2.5). The example is focused on strategic management of transportation networks operating under weather uncertainty.

The second core aim of our development is to introduce a family of promising new control-theoretic methods for (1) inference (estimation) of network dynamics including characterization of estimator performance, and (2) perturbation and control of networks that together allow evaluation of dynamical network security measures (Section 1.3). In fact, systems and control engineers have extensively studied estimation of system states (dynamics) and structures, over a period of almost 70 years. Very recently, a focus on estimation of network dynamics has specifically emerged (e.g.,). These recent works can broadly be described as having three purposes: (1) construction of estimators for the multifaceted and highly stochastic dynamics that are characteristic of modern networks; (2) establishing relationship of the estimator structure to the graph topology of the network; and (3) characterization of the estimator performance in terms of the graph topology. As these studies of network inference have emerged, it has also become clear that tools for physical network partitioning from dynamical responses are necessary to inform inference design. We believe that these network estimation or inference techniques, and related network partitioning methods, are very germane to the study of dynamical network security. Specifically, they can provide explicit graph-theoretic characterizations of security measures and associated estimators, and hence permit design of network dynamics that are secure. Here, we overview these promising tools for network estimation and estimator characterization and summarize their application in characterizing network security (Section 1.3.1). Next, we overview new ideas on perturbation and control of network dynamics that are needed for characterization of network vulnerability (Section 1.3.2). Like estimation, perturbation/ control of dynamical systems and even networks has been very extensively studied. However, to develop useful characterizations of the notions of vulnerability that we have proposed, we critically need methods that relate dynamics and control to the network's topological structure; we overview an interesting body of recent literature in this direction. Finally, we argue that the study of network inference and its application is very much a work in progress and describe several challenges that need to be addressed to achieve a comprehensive treatment (Section 1.3.3). Throughout this development, we expose the critical role played by the network's topological structure in the estimability of the network dynamics and structure, and hence in dynamical network security.

1.2. DEFINITIONS FOR SECURITY AND VULNERABILITY OF NETWORK DYNAMICS

The purpose of this section is to introduce notions of security and vulnerability in cyber-physical systems that are concerned with the observation and modification of a network's physical dynamics by an adversary. Fundamentally, we define security as the amount of information about state dynamics and model parameters contained in local measurements made by an adversary in a cyber-physical network, and define vulnerability in terms of the possible impact on network-wide dynamics of local actuations/modifications made by an adversary.

Our work is largely motivated by growing concerns about threats and uncertainties impacting the physical world of large-scale cyber-physical infrastructures. More formally, we are primarily concerned with infrastructure or physical networks, whose primary purpose is the completion of a physical task rather than only information transfer. Classically, the state dynamics of such physical-infrastructure networks have been viewed as being governed by the underlying laws of interaction (e.g., physics or population dynamics rules), which yield differential equation models defined on a graph for the dynamics. Historically, natural disturbances (e.g., weather phenomena) and unexpected operational failures have been considered the primary causes of failure for such networks, and hence the robustness or vulnerability of the networks to such natural adversaries has been fairly thoroughly studied. As these infrastructure networks are becoming increasingly tied with cyber capabilities and are operating in ever more complex environments, the possibility for deliberate attacks from sentient adversaries is also increasing. The behaviors of sentient adversaries in cyber systems (which may be either internal components or external agents of the network) as well as the possible responses by system designers have been extensively studied. However, analogous concepts of security have not been systematically developed for adversarial behavior in the physical world.

We contend that a careful formulation of adversarial behavior in the physical world must be drawn on both the concepts of security developed for cyber systems, and a full understanding of the differential equation dynamics of the physical world. Here, we argue that control-theoretic notions regarding the estimation and actuation of network dynamics provide a natural mean for defining security of physical dynamics. Based on this viewpoint, we define concepts of security and vulnerability for physical network dynamics that encompass the behaviors of both natural and sentient adversaries as well as the responses of system designers to mitigate attacks. Precisely, we develop definitions of security associated with three aspects of adversarial behavior and response: (1) We define notions of security for physical network dynamics that describe a sentient adversary's ability to compute or infer important global statistics of the network dynamics or structure, by processing local, noisy observations of the dynamics. (2) We define notions of vulnerability for physical network dynamics, which quantify the amount of disruption to the dynamics that can be caused by either a natural or a sentient adversary through localized actuation. (3) We briefly discuss integrative notions regarding threats and threat responses for physical network dynamics. Specifically, we consider the need for adversaries to sequentially infer and then disrupt network dynamics, and hence consider the interplay between security and vulnerability. We also argue that the system designer's effort to identify, predict, and respond to actuations by adversaries (whether natural or sentient) can be viewed as dual notions of security/vulnerability.

The remainder of this section is organized as follows. We begin by briefly reviewing the types of models (defined on graphs) that are used to represent dynamics of physical-infrastructure networks, to provide a framework for our security definitions (Section 1.2.1). We then motivate and present control-theoretic definitions for each of the three aspects of adversarial behavior described above (Sections 1.2.2–1.2.4). Finally, we introduce the security problems in several example physical networks, thus motivating the developed framework (Section 1.2.5).

(Continues...)



Excerpted from HANDBOOK ON SECURING CYBER-PHYSICAL CRITICAL INFRASTRUCTURE by SAJAL K. DAS KRISHNA KANT NAN ZHANG Copyright © 2012 by Elsevier, Inc.. Excerpted by permission of Morgan Kaufmann. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Introduction: Securing Cyber-Physical Infrastructures--An Overview Part 1: Theoretical Foundations of Security Chapter 1: Security and Vulnerability of Cyber-Physical Infrastructure Networks:  A Control-Theoretic Approach Chapter 2: Game Theory for Infrastructure Security – The Power of Intent-Based Adversary Models Chapter 3: An Analytical Framework for Cyber-Physical Networks Chapter 4: Evolution of Widely Spreading Worms and Countermeasures : Epidemic Theory and Application Part 2: Security for Wireless Mobile Networks Chapter 5: Mobile Wireless Network Security Chapter 6: Robust Wireless Infrastructure against Jamming Attacks Chapter 7: Security for Mobile Ad Hoc Networks Chapter 8: Defending against Identity-Based Attacks in Wireless Networks Part 3: Security for Sensor Networks Chapter 9: Efficient and Distributed Access Control for Sensor Networks Chapter 10: Defending against Physical Attacks in Wireless Sensor Networks Chapter 11: Node Compromise Detection in Wireless Sensor Networks Part 4: Platform Security Chapter 12: Hardware and Security: Vulnerabilities and Solutions Chapter 13: Languages and Security: Safer Software Through Language and Compiler Techniques Part 5: Cloud Computing and Data Security Chapter 14: Protecting Data in Outsourcing Scenarios Chapter 15: Data Security in Cloud Computing Chapter 16: Secure Mobile Cloud Computing Chapter 17: Relation Privacy Preservation in  Online Social Networks Part 6: Event Monitoring and Situation Awareness Chapter 18: Distributed Network and System Monitoring for Securing Cyber-Physical Infrastructure Chapter 19: Discovering and Tracking Patterns of Interest in Security Sensor Streams Chapter 20: Pervasive Sensing and Monitoring for Situational Awareness Chapter 21: Sense and Response Systems for Crisis Management Part 7. Policy Issues in Security Management Chapter 22: Managing and Securing Critical Infrastructure -- A Semantic Policy and Trust-Driven Approach Chapter 23: Policies, Access Control, and Formal Methods Chapter 24: Formal Analysis of Policy based Security Con?gurations in Enterprise Networks Part 8: Security Issues in Real-World Systems Chapter 25: Security and Privacy in the Smart Grid Chapter 26: Cyber-physical Security of Automotive Information Technology Chapter 27: Security and Privacy for Mobile Healthcare (m-Health) Systems Chapter 28: Security and Robustness in the Internet Infrastructure Chapter 29: Emergency Vehicular Networks Chapter 30: Security Issues in VoIP Telecommunication Networks

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)