- Shopping Bag ( 0 items )
The worldwide reach of the Internet allows malicious cyber criminals to coordinate and launch attacks on both cyber and cyber-physical infrastructure from anywhere in the world. This purpose of this handbook is to introduce the theoretical foundations and practical solution techniques for securing critical cyber and physical infrastructures as well as their underlying computing and communication architectures and systems. Examples of such infrastructures include utility networks (e.g., electrical power grids), ...
The worldwide reach of the Internet allows malicious cyber criminals to coordinate and launch attacks on both cyber and cyber-physical infrastructure from anywhere in the world. This purpose of this handbook is to introduce the theoretical foundations and practical solution techniques for securing critical cyber and physical infrastructures as well as their underlying computing and communication architectures and systems. Examples of such infrastructures include utility networks (e.g., electrical power grids), ground transportation systems (automotives, roads, bridges and tunnels), airports and air traffic control systems, wired and wireless communication and sensor networks, systems for storing and distributing water and food supplies, medical and healthcare delivery systems, as well as financial, banking and commercial transaction assets. The handbook focus mostly on the scientific foundations and engineering techniques – while also addressing the proper integration of policies and access control mechanisms, for example, how human-developed policies can be properly enforced by an automated system.
*Addresses the technical challenges facing design of secure infrastructures by providing examples of problems and solutions from a wide variety of internal and external attack scenarios
*Includes contributions from leading researchers and practitioners in relevant application areas such as smart power grid, intelligent transportation systems, healthcare industry and so on.
*Loaded with examples of real world problems and pathways to solutions utilizing specific tools and techniques described in detail throughout
Mengran Xue, Sandip Roy, Yan Wan, Sajal K. Das
The purpose of this chapter is to (1) introduce notions of security for the physical dynamics of complex cyber-physical networks and (2) provide a tutorial on control-theoretic tools for network inference that are promising for evaluation of such dynamic notions of security.
Classically, computer scientists and infrastructure network engineers have conceptualized the modeling and resolution of threats and uncertainties in vastly different ways. In a very broad sense, computer scientists have extensively studied threat and uncertainty resolution from the perspective of securing information (e.g.,). That is, computing devices and computer networks are viewed as storing, processing, and transmitting valuable information; threats and uncertainties are seen as either modifying this information and its processing, or causing theft of the information for undesirable purposes. In contrast, infrastructure network engineers traditionally have approached threat and uncertainty modeling/resolution from a dynamical systems viewpoint (e.g.,). That is, their key focus has been on analyzing and guiding the temporal behaviors or actions or dynamics of network components, and, in consequence, threats and uncertainties are viewed as undesirably modifying the dynamics. Given this viewpoint, infrastructure network engineers typically view the resolution of threats and uncertainties as stability, performance, and robustness (or vulnerability) concerns rather than security ones.
As cyber and physical capabilities become increasingly intertwined and multifaceted, and the threats and uncertainties themselves become increasingly complicated, the notions of threat and uncertainty modeling/resolution that combine the computer science and infrastructure engineering perspectives are increasingly needed. For instance, both stakeholders and external players associated with electric power and transportation networks increasingly have available sophisticated cyber capabilities for surveillance, based on which they can deliberately obtain an information set on the network's dynamics and structure, and in turn enact self-serving alterations of the dynamics (e.g.,). Conversely, as algorithms for cyber and cyber-physical networks become increasingly complex and operate in harsher environments, the effects of uncertainties on the algorithms' dynamics are becoming increasingly relevant (e.g.,). Given the increasing blurring and meshing between cyber and physical notions of threat and uncertainty modeling/ resolution, we believe that new definitions that capture and combine notions of information violation and robustness/vulnerability of physical network dynamics are needed. In this chapter, we (1) develop a framework for studying the security and vulnerability of physical network dynamics in particular and (2) in turn provide a tutorial on network-theoretic tools that can be used to evaluate these dynamic notions of security.
The first core aim of this chapter is to motivate and develop a framework for studying the security and vulnerability of network dynamics (Section 1.2). Precisely, we will motivate and define dynamic network security as a measure of estimability of network dynamics and structure from sensed measurements of some network responses, and in complement define network vulnerability in terms of potential disruption to the dynamics due to either physical modification or information violation in the network. To obtain these definitions, we will progress in several steps. To provide a concrete context for modeling threats and uncertainties in physical network dynamics, we will introduce a canonical yet fairly broadly applicable linear dynamical network model (Section 1.2.1). This dynamical model, defined on an underlying graph, is structured to capture complex (and possibly stochastic) network dynamics, complex processes generating uncertainties in these networks, and network sensing capabilities. Next, we will introduce several definitions for dynamical network security (and degree of security), as concepts of estimability/unestimability for the network model (Section 1.2.2). These definitions are structured to permit graph-theoretic characterizations for inference of the physical dynamics by an adversary operating at one or multiple network components. In complement, we will define notions of vulnerability to capture the possible impact of cyber or physical adversaries on the physical network dynamics (Section 1.2.3). These definitions of vulnerability, while tied to traditional notions of robustness/ vulnerability in systems, take the further step of making the role of the network structure in vulnerability explicit. Third, we discuss how such definitions can be applied to capture the complex interrelationship between security and vulnerability, and between adversaries and system designers, that are common in modern cyberphysical networks (Section 1.2.4). Finally, with the tutorial purpose of the book in mind, we will discuss an example scenario where inference of dynamical information in networks is of concern, and carefully specify the notions of security and vulnerability in this scenario (Section 1.2.5). The example is focused on strategic management of transportation networks operating under weather uncertainty.
The second core aim of our development is to introduce a family of promising new control-theoretic methods for (1) inference (estimation) of network dynamics including characterization of estimator performance, and (2) perturbation and control of networks that together allow evaluation of dynamical network security measures (Section 1.3). In fact, systems and control engineers have extensively studied estimation of system states (dynamics) and structures, over a period of almost 70 years. Very recently, a focus on estimation of network dynamics has specifically emerged (e.g.,). These recent works can broadly be described as having three purposes: (1) construction of estimators for the multifaceted and highly stochastic dynamics that are characteristic of modern networks; (2) establishing relationship of the estimator structure to the graph topology of the network; and (3) characterization of the estimator performance in terms of the graph topology. As these studies of network inference have emerged, it has also become clear that tools for physical network partitioning from dynamical responses are necessary to inform inference design. We believe that these network estimation or inference techniques, and related network partitioning methods, are very germane to the study of dynamical network security. Specifically, they can provide explicit graph-theoretic characterizations of security measures and associated estimators, and hence permit design of network dynamics that are secure. Here, we overview these promising tools for network estimation and estimator characterization and summarize their application in characterizing network security (Section 1.3.1). Next, we overview new ideas on perturbation and control of network dynamics that are needed for characterization of network vulnerability (Section 1.3.2). Like estimation, perturbation/ control of dynamical systems and even networks has been very extensively studied. However, to develop useful characterizations of the notions of vulnerability that we have proposed, we critically need methods that relate dynamics and control to the network's topological structure; we overview an interesting body of recent literature in this direction. Finally, we argue that the study of network inference and its application is very much a work in progress and describe several challenges that need to be addressed to achieve a comprehensive treatment (Section 1.3.3). Throughout this development, we expose the critical role played by the network's topological structure in the estimability of the network dynamics and structure, and hence in dynamical network security.
1.2. DEFINITIONS FOR SECURITY AND VULNERABILITY OF NETWORK DYNAMICS
The purpose of this section is to introduce notions of security and vulnerability in cyber-physical systems that are concerned with the observation and modification of a network's physical dynamics by an adversary. Fundamentally, we define security as the amount of information about state dynamics and model parameters contained in local measurements made by an adversary in a cyber-physical network, and define vulnerability in terms of the possible impact on network-wide dynamics of local actuations/modifications made by an adversary.
Our work is largely motivated by growing concerns about threats and uncertainties impacting the physical world of large-scale cyber-physical infrastructures. More formally, we are primarily concerned with infrastructure or physical networks, whose primary purpose is the completion of a physical task rather than only information transfer. Classically, the state dynamics of such physical-infrastructure networks have been viewed as being governed by the underlying laws of interaction (e.g., physics or population dynamics rules), which yield differential equation models defined on a graph for the dynamics. Historically, natural disturbances (e.g., weather phenomena) and unexpected operational failures have been considered the primary causes of failure for such networks, and hence the robustness or vulnerability of the networks to such natural adversaries has been fairly thoroughly studied. As these infrastructure networks are becoming increasingly tied with cyber capabilities and are operating in ever more complex environments, the possibility for deliberate attacks from sentient adversaries is also increasing. The behaviors of sentient adversaries in cyber systems (which may be either internal components or external agents of the network) as well as the possible responses by system designers have been extensively studied. However, analogous concepts of security have not been systematically developed for adversarial behavior in the physical world.
We contend that a careful formulation of adversarial behavior in the physical world must be drawn on both the concepts of security developed for cyber systems, and a full understanding of the differential equation dynamics of the physical world. Here, we argue that control-theoretic notions regarding the estimation and actuation of network dynamics provide a natural mean for defining security of physical dynamics. Based on this viewpoint, we define concepts of security and vulnerability for physical network dynamics that encompass the behaviors of both natural and sentient adversaries as well as the responses of system designers to mitigate attacks. Precisely, we develop definitions of security associated with three aspects of adversarial behavior and response: (1) We define notions of security for physical network dynamics that describe a sentient adversary's ability to compute or infer important global statistics of the network dynamics or structure, by processing local, noisy observations of the dynamics. (2) We define notions of vulnerability for physical network dynamics, which quantify the amount of disruption to the dynamics that can be caused by either a natural or a sentient adversary through localized actuation. (3) We briefly discuss integrative notions regarding threats and threat responses for physical network dynamics. Specifically, we consider the need for adversaries to sequentially infer and then disrupt network dynamics, and hence consider the interplay between security and vulnerability. We also argue that the system designer's effort to identify, predict, and respond to actuations by adversaries (whether natural or sentient) can be viewed as dual notions of security/vulnerability.
The remainder of this section is organized as follows. We begin by briefly reviewing the types of models (defined on graphs) that are used to represent dynamics of physical-infrastructure networks, to provide a framework for our security definitions (Section 1.2.1). We then motivate and present control-theoretic definitions for each of the three aspects of adversarial behavior described above (Sections 1.2.2–1.2.4). Finally, we introduce the security problems in several example physical networks, thus motivating the developed framework (Section 1.2.5).
Excerpted from HANDBOOK ON SECURING CYBER-PHYSICAL CRITICAL INFRASTRUCTURE by SAJAL K. DAS KRISHNA KANT NAN ZHANG Copyright © 2012 by Elsevier, Inc.. Excerpted by permission of Morgan Kaufmann. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Introduction: Securing Cyber-Physical Infrastructures--An Overview Part 1: Theoretical Foundations of Security Chapter 1: Security and Vulnerability of Cyber-Physical Infrastructure Networks: A Control-Theoretic Approach Chapter 2: Game Theory for Infrastructure Security – The Power of Intent-Based Adversary Models Chapter 3: An Analytical Framework for Cyber-Physical Networks Chapter 4: Evolution of Widely Spreading Worms and Countermeasures : Epidemic Theory and Application Part 2: Security for Wireless Mobile Networks Chapter 5: Mobile Wireless Network Security Chapter 6: Robust Wireless Infrastructure against Jamming Attacks Chapter 7: Security for Mobile Ad Hoc Networks Chapter 8: Defending against Identity-Based Attacks in Wireless Networks Part 3: Security for Sensor Networks Chapter 9: Efficient and Distributed Access Control for Sensor Networks Chapter 10: Defending against Physical Attacks in Wireless Sensor Networks Chapter 11: Node Compromise Detection in Wireless Sensor Networks Part 4: Platform Security Chapter 12: Hardware and Security: Vulnerabilities and Solutions Chapter 13: Languages and Security: Safer Software Through Language and Compiler Techniques Part 5: Cloud Computing and Data Security Chapter 14: Protecting Data in Outsourcing Scenarios Chapter 15: Data Security in Cloud Computing Chapter 16: Secure Mobile Cloud Computing Chapter 17: Relation Privacy Preservation in Online Social Networks Part 6: Event Monitoring and Situation Awareness Chapter 18: Distributed Network and System Monitoring for Securing Cyber-Physical Infrastructure Chapter 19: Discovering and Tracking Patterns of Interest in Security Sensor Streams Chapter 20: Pervasive Sensing and Monitoring for Situational Awareness Chapter 21: Sense and Response Systems for Crisis Management Part 7. Policy Issues in Security Management Chapter 22: Managing and Securing Critical Infrastructure -- A Semantic Policy and Trust-Driven Approach Chapter 23: Policies, Access Control, and Formal Methods Chapter 24: Formal Analysis of Policy based Security Con?gurations in Enterprise Networks Part 8: Security Issues in Real-World Systems Chapter 25: Security and Privacy in the Smart Grid Chapter 26: Cyber-physical Security of Automotive Information Technology Chapter 27: Security and Privacy for Mobile Healthcare (m-Health) Systems Chapter 28: Security and Robustness in the Internet Infrastructure Chapter 29: Emergency Vehicular Networks Chapter 30: Security Issues in VoIP Telecommunication Networks