Towards a Unifying Security Framework for Cyber- Physical Systems

Transcription

1 Towards a Unifying Security Framework for Cyber- Physical Systems Quanyan Zhu and Tamer Başar Coordinated Science Laboratory Department of Electrical and Computer Engineering University of Illinois at Urbana- Champaign {zhu31, basar1}@illinois.edu Workshop on FoundaPon of Dependable and Secure Cyber- Physical Systems CPS Week, Chicago, April 2011

2 Overview: Layered Architecture and Modularized Design Human Management Layer Supervisory Layer Flow control, PoA and PoI, data fusion, patching problem, pricing, etc. Cyber Network Layer CommunicaPon Layer IDS/IPS configurapon and defense mechanism, CODIPAS learning algorithms, jamming, eavesdropping, data injecpon, secure distributed roupng, reliability, stealthy a\ack, etc Physical Control Layer Physical Layer H- infinity robust control, adappve control, fault- tolerant control

3 Cross- Layer Design Management Layer Human Supervisory Layer Network Layer Cyber CommunicaPon Layer Control Layer Physical Physical Layer

4 Security Issues in Cyber- Physical Systems IntegraPon of IT infrastructure with industrial control systems has put a closed network of systems in the publicly accessible network: Cost and performance benefits, Vulnerable to security risks and threats. ConvenPonal IT solupons to security can not be directly applied. Security objecpves Security architecture Quality- of- service requirement Reliability and robustness in an isolated control system vs. resilience and security in an open system.

5 A HolisPc Viewpoint Resilience Reliability Cyber System Physical Plant Cyber A\ack Disturbances Security Cyber Defense Control System Robustness

6 A Possible SoluPon: Defense- in- Depth PotenPal Threat Physical Security Firewalls, IDS and DMZs Control Systems AuthorizaPon and Access Control

7 A Unifying Security Model The cascading counter- measures using a mulptude of security devices and agents offers the administrators more opportunipes for informapon and resource control with the advent of potenpal threats. creates possible issues on the latency and the packet drop rate of communicapons between the controller and the plant. ẋ(t) =A(t)x(t)+B(t)Θ(t)u(t)+D(t)w(t) Cyber Security Architecture Control Systems

8 Physical Layer: H- Infinity OpPmal Control ẋ(t) =A(t)x(t)+B(t)Θ(t)u(t)+D(t)w(t) A zero- sum differenpal game between two players w(t) is the disturbance who maximizes the cost u(t) is the control who minimizes the cost Q f 0; Q f (t) 0 has piece- wise conpnuous entries γ is the disturbance a\enuapon level

9 Cyber Security Architecture: An Example Internet Control System LAN ID IDS/IPS Firewall Q 1 Q 2 Q 3

10 Intrusion DetecPon/PrevenPon Systems Arrival Rate IDS/IPS Service Rate Packet Loss Rate p 1 p 2 p L l 1 l 2 l 1 p 1 p L p L 1 - p i : packet drop rate µ i : service rate M/M/1 queue

11 IDS/IPS ConfiguraPon The IDS/IPS has a set of L rules L = {l 1,l 2,,l L } IPS rules can drop packets to prevent malicious acpvipes. IDS rules check packets, idenpfy a\ack pa\erns and log the acpvipes. IDS/IPS is configured by choosing a subset of rules L L. Tradeoffs: Heavy- weight security policies lead to larger delays and higher packet loss. Light- weight security policies increase missed detecpons.

12 Impact of Cyber- Policies on Physical Layer Control For a given configurapon L L. Incurred delay Incurred packet loss rate Modified system dynamics: Modified cost criterion:

13 OpPmal Control (1) An oppmal control to achieve disturbance a\enuapon for a given γ is Z γ is a solupon to the following generalized RiccaP equapon (GRDE): Infinite- dimensional compensator

14 OpPmal Control (2) If γ > ˆγ τd, the game admits a unique saddle- point solupon and the saddle- point value is given by A separapon principle: For γ > ˆγ τd, the oppmal saddle- point is only dependent on the packet loss rate. OpPmal a\enuapon level is only dependent on the delay. ˆγ τd

15 Impact of Physical Layer Control on Cyber Policies A separapon principle: For γ > ˆγ τd, the oppmal saddle- point is only dependent on the packet loss rate. OpPmal a\enuapon level is only dependent on the delay. ˆγ τd α i uplity associated with each rule

16 Conclusion (1) Modular and Cross- Layer Design Physical/Control layer: H- infinity robust control, adappve control, fault- tolerant control, etc. CommunicaPon layer: IDS/IPS configurapon and defense mechanism, CODIPAS learning algorithms, jamming, eavesdropping, data injecpon, etc. Network layer: secure distributed roupng, reliability, stealthy a\ack, etc. Supervisory layer: flow control, PoA and PoI, data fusion, etc. Management layer: patching problem, pricing, etc.

17 Conclusion (2) We have proposed a unifying framework to address security issues in cyber- physical systems. Cyber policies and physical layer controls are interdependent. We have used IDS/IPS as an example to illustrate the two main effects of the cyber architecture on control systems: delay and packet drop rate. A zero- sum differenpal game framework enables cross- layer design and analysis for security issues in cyber- physical systems. Future DirecPons: We can consider adversarial behaviors at the cyber- level and construct a two- level game framework. The framework can be applied to study mulp- agent systems.