Preventing cyber-induced irreversible physical damage to cyber-physical systems.

摘要

With the advancement information and communication technologies, networked computing devices have been adopted to address real-world challenges due to their efficiency and programmability while maintaining scalability, sustainability, and resilience. As a result, computing and communication technologies have been integrated into critical infrastructures and other physical processes. Cyber physical systems (CPS) integrate computation and physical processes of critical infrastructure systems. Historically, these systems mostly relied on proprietary technologies and were built as stand-alone systems in physically secure locations. However, the situation has changed considerably in recent years. Commodity hardware, software, and standardized communication technologies are used in CPS to enhance their connectivity, provide better accessibility to costumers and maintenance personnel, and improve overall efficiency and robustness of their operations. Unfortunately, increased connectivity, efficiency, and openness have also significantly increased vulnerabilities of CPS to cyber attacks. These vulnerabilities could allow attackers to alter the systems' behavior and cause irreversible physical damage, or even worse cyber-induced disasters.;However, existing security measures cannot be effectively applied to CPS directly because they are mostly for cyber only systems. Thus, new approaches to preventing cyber physical system disasters are essential. We recognize very different characteristics of cyber and physical components in CPS, where cyber components are flexible with large attack surfaces while physical components are inflexible and relatively simple with very small attack surfaces. This research focuses on the components where cyber and physical components interact. Securing cyber-physical interfaces will complete a layer-based defense strategy in the "Defense in Depth Framework". In this research we propose Trusted Security Modules (TSM) as a systematic solution to provide a guarantee to prevent cyber-induced physical damage even when operating systems and controllers are compromised. TSMs will be placed at the interface between cyber and physical components by adapting the existing integrity enforcing mechanisms such as Trusted Platform Module (static integrity), Control-Flow Integrity (dynamic integrity) to enhance its own security and integrity. Through this dissertation we introduce the general design and number of ways to implement the TSM. We also show the behaviors of TSM with a working prototype and simulation.