Skip to main content
SpringerLink
Log in

Intrusion Detection for CPS Real-Time Controllers

  • Chapter
Cyber Physical Systems Approach to Smart Electric Power Grid

Part of the book series: Power Systems ((POWSYS))

Abstract

Security in CPS-based real-time embedded systems controlling the power grid has been an afterthought, but it is becoming a critical issue as CPS systems are networked and inter-dependent. This work presents a set of mechanisms for timebased intrusion detection, i.e., the execution of unauthorized instructions in realtime CPS environments. The novelty is the utilization of information obtained by static timing analysis for intrusion detection. Real-time CPS systems are unique in that timing bounds on code sections are readily available since they are required for schedulability analysis.We demonstrate how micro-timings can be exploited for multiple granularity levels of application code to track execution progress. Through bounds checking of these micro-timings, we develop techniques to detect intrusions (1) in a self-checking manner by the application and (2) through the operating system scheduler, which are novel contributions to the real-time/embedded systems domain to the best of our knowledge.

This work was supported in part by NSF grants 1329780, 1239246, 0812121 and U.S. Army Research Office (ARO) grant W911NF-08-1-0105 managed by NCSU Secure Open Systems Initiative (SOSI). This is an extended version of a prior conference paper [50].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aho, A.V., Sethi, R., Ullman, J.D.: Compilers – Principles, Techniques, and Tools. Addison-Wesley (1986)

    Google Scholar 

  2. Asfaw, B., Bekele, D., Eshete, B., Villafiorita, A., Weldemariam, K.: Host-based anomaly detection for pervasive medical systems. In: 2010 Fifth International Conference on Risks and Security of Internet and Systems, CRiSIS (2010)

    Google Scholar 

  3. Atanassov, P., Puschner, P.: Impact of dram refresh on the execution time of real-time tasks. In: Proc. IEEE International Workshop on Application of Reliable Computing and Communication, pp. 29–34 (2001)

    Google Scholar 

  4. Bak, S., Chivukula, D., Adekunle, O., Sun, M., Caccamo, M., Sha, L.: The system-level simplex architecture for improved real-time embedded system safety. In: IEEE Real-Time Embedded Technology and Applications Symposium, pp. 99–107 (2009)

    Google Scholar 

  5. Bernat, G., Colin, A., Petters, S.: Wcet analysis of probabilistic hard real-time systems. In: IEEE Real-Time Systems Symposium (2002)

    Google Scholar 

  6. Bhat, B., Mueller, F.: Making dram refresh predictable. In: Euromicro Conference on Real-Time Systems, pp. 145–154 (2010)

    Google Scholar 

  7. Bhat, B., Mueller, F.: Making dram refresh predictable. Real-Time Systems 47(5), 430–453 (2011)

    Article  Google Scholar 

  8. Braberman, V., Felder, M., Marre, M.: Testing timing behavior of real-time software. International Software Quality Week (1997), http://citeseer.ist.psu.edu/braberman97testing.html

  9. Burger, D., Austin, T., Bennett, S.: Evaluating future microprocessors: The simplescalar toolset. Tech. Rep. CS-TR-96-1308, University of Wisconsin - Madison, CS Dept. (1996)

    Google Scholar 

  10. Burger, D., Austin, T.M., Bennett, S.: Evaluating future microprocessors: The simplescalar tool set. Technical Report CS-TR-1996-1308, University of Wisconsin, Madison (1996)

    Google Scholar 

  11. C-Lab: Wcet benchmarks, http://www.c-lab.de/home/en/download.html

  12. Chana, S.K., Karale, S.J.: Analysis of Intrusion Detection Response System (IDRS) In Cyber Physical Systems (Cps) Using Regular Expression (Regexp). IOSR Journal of Computer Engineering, IOSR-JCE (2014), http://dx.doi.org/10.6084/m9.figshare.1109874

  13. Cowan, C., Beattie, S., Johansen, J., Wagle, P.: Pointguardtm: protecting pointers from buffer overflow vulnerabilities. In: SSYM 2003: Proceedings of the 12th Conference on USENIX Security Symposium, p. 7 (2003)

    Google Scholar 

  14. Crenshaw, T., Gunter, E., Robinson, C., Sha, L., Kumar, P.: The simplex reference model: Limiting fault-propagation due to unreliable components in cyber-physical system architectures. In: IEEE Real-Time Systems Symposium, pp. 400–412 (2007)

    Google Scholar 

  15. Dán, G., Sandberg, H., Ekstedt, M., Björkman, G.: Challenges in power system information security. IEEE Security Privacy 10(4), 62–70 (2012)

    Article  Google Scholar 

  16. Gao, W., Morris, T., Reaves, B., Richey, D.: On scada control system command and response injection and intrusion detection. In: eCrime Researchers Summit (eCrime), pp. 1–9 (2010)

    Google Scholar 

  17. Hadeli, H., Schierholz, R., Braendle, M., Tuduce, C.: Leveraging determinism in industrial control systems for advanced anomaly detection and reliable security configuration. In: IEEE Conference on Emerging Technologies Factory Automation, ETFA 2009, pp. 1–8 (2009)

    Google Scholar 

  18. Healy, C.A., Arnold, R.D., Mueller, F., Whalley, D., Harmon, M.G.: Bounding pipeline and instruction cache performance. IEEE Transactions on Computers 48(1), 53–70 (1999)

    Article  Google Scholar 

  19. Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: CCS 2003: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 272–280 (2003)

    Google Scholar 

  20. Kuperman, B., Brodley, C., Ozdoganoglu, H., Vijaykumar, T., Jalote, A.: Detection and prevention of stack buffer overflow attacks. Commun. ACM 48(11), 50–56 (2005)

    Article  Google Scholar 

  21. Labrosse, J.: Micro C/OS-II. R & D Books (1998)

    Google Scholar 

  22. Lauf, A., Peters, R., Robinson, W.: Intelligent intrusion detection: A behavior-based approach. In: 21st Advanced Information Networking and Applications: Symposium for Embedded Computing (2007)

    Google Scholar 

  23. Lauf, A.P., Peters, R.A., Robinson, W.H.: A distributed intrusion detection system for resource-constrained devices in ad-hoc networks. Ad Hoc Netw. 8(3), 253–266 (2010)

    Article  Google Scholar 

  24. Levy, E.: Crossover: Online pests plaguing the offline world. IEEE Security and Privacy 1(6), 71–73 (2003)

    Article  Google Scholar 

  25. Liu, C., Layland, J.: Scheduling algorithms for multiprogramming in a hard-real-time environment. J. of the Association for Computing Machinery 20(1), 46–61 (1973)

    Article  MathSciNet  MATH  Google Scholar 

  26. Mitchell, R., Chen, I.: Effect of intrusion detection and response on reliability of cyber physical systems. IEEE Transactions on Reliability 62(1), 199–210 (2013)

    Article  Google Scholar 

  27. Mitchell, R., Chen, I.R.: A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. 46(4), 55:1–55:29 (2014)

    Article  Google Scholar 

  28. Mohan, S.: Worst-case execution time analysis of security policies for deeply embedded real-time systems. SIGBED Rev. 5(1), 1–2 (2008)

    Article  Google Scholar 

  29. Mohan, S., Hawkins, F.M.W., Root, M., Whalley, D., Healy, C.: Parametric timing analysis and its application to dynamic voltage scaling. ACM Transactions on Embedded Computing Systems (2007) (accepted)

    Google Scholar 

  30. Mohan, S., Mueller, F.: Preserving timing anomalies in pipelines of high-end processors. Tech. Rep. TR 2007-13, Dept. of Computer Science, North Carolina State University (2008)

    Google Scholar 

  31. Mohan, S., Mueller, F., Hawkins, W., Root, M., Healy, C., Whalley, D.: Parascale: Expoliting parametric timing analysis for real-time schedulers and dynamic voltage scaling. In: IEEE Real-Time Systems Symposium, pp. 233–242 (2005)

    Google Scholar 

  32. Mohan, S., Mueller, F., Whalley, D., Healy, C.: Timing analysis for sensor network nodes of the atmega processor family. In: IEEE Real-Time Embedded Technology and Applications Symposium, pp. 405–414 (2005)

    Google Scholar 

  33. Moses, A.: ‘sinister’ integral energy virus outbreak a threat to power grid (2009), http://www.smh.com.au/technology/security/sinister-integral-energy-virus-outbreak-a-threat-to-power-grid-20091001-gdrx.html

  34. Mueller, F.: Timing analysis for instruction caches. Real-Time Systems 18(2/3), 209–239 (2000)

    Article  Google Scholar 

  35. Ravi, S., Raghunathan, A., Kocher, P., Hattangady, S.: Security in embedded systems: Design challenges. ACM Trans. Embed. Comput. Syst. 3(3), 461–491 (2004)

    Article  Google Scholar 

  36. Seshadri, A., Perrig, A., van Doorn, L., Khosla, P.: Swatt: Software-based attestation for embedded devices. In: IEEE Symposium on Security and Privacy, p. 272 (2004)

    Google Scholar 

  37. Shacham, H., Page, M., Pfaff, B., Goh-Jin, E.J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: CCS 2004: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 298–307 (2004)

    Google Scholar 

  38. Shao, Z., Zhuge, Q., He, Y., Sha, E.H.M.: Defending embedded systems against buffer overflow via hardware/software. In: ACSAC 2003: Proceedings of the 19th Annual Computer Security Applications Conference, p. 352. IEEE Computer Society, Washington, DC (2003)

    Google Scholar 

  39. Shin, S., Kwon, T., Jo, G.Y., Park, Y., Rhy, H.: An experimental study of hierarchical intrusion detection for wireless industrial sensor networks. IEEE Transactions on Industrial Informatics 6(4), 744–757 (2010)

    Article  Google Scholar 

  40. Son, S.H., Mukkamala, R., David, R.: Integrating security and real-time requirements using covert channel capacity. IEEE Transactions on Knowledge and Data Engineering 12, 865–879 (2000)

    Article  Google Scholar 

  41. Venugopalan, R., Ganesan, P., Peddabachagari, P., Dean, A., Mueller, F., Sichitiu, M.: Encryption overhead for sensor networks and embedded systems: Modeling and analysis. In: Conference on Compilers, Architecture and Synthesis for Embedded Systems, pp. 188–197 (2003)

    Google Scholar 

  42. Wegener, J., Mueller, F.: A comparison of static analysis and evolutionary testing for the verification of timing constraints. Real-Time Systems 21(3), 241–268 (2001)

    Article  MATH  Google Scholar 

  43. Whitham, J.: Real-time processor architectures for worst case execution time reduction. Ph.D. thesis, University of York (2008)

    Google Scholar 

  44. Wilhelm, R., Engblom, J., Ermedahl, A., Holsti, N., Thesing, S., Whalley, D., Bernat, G., Ferdinand, C., Heckmann, R., Mitra, T., Mueller, F., Puaut, I., Puschner, P., Staschulat, J., Stenstrom, P.: The worst-case execution time problem — overview of methods and survey of tools. ACM Transactions on Embedded Computing Systems 7(3), 1–53 (2008)

    Article  Google Scholar 

  45. Wu, B., Chen, J., Wu, J., Cardei, M.: A survey of attacks and countermeasures in mobile ad hoc networks. Wireless Network Security 30(3), 103–135 (2007)

    Article  Google Scholar 

  46. Xie, T., Qin, X., Lin, M.: Open issues and challenges in security-aware real-time scheduling for distributed systems. Journal of Information 6(9) (2006)

    Google Scholar 

  47. Zhang, L., White, G.B.: Analysis of payload based application level network anomaly detection. In: HICSS 2007: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, p. 99 (2007)

    Google Scholar 

  48. Zhang, Y., Lee, W.: Intrusion detection in wireless ad-hoc networks. In: MobiCom 2000: Proceedings of the 6th Annual International Conference on Mobile Computing and Networking, pp. 275–283 (2000)

    Google Scholar 

  49. Zhang, Y., Lee, W., Huang, Y.A.: Intrusion detection techniques for mobile wireless networks. Wireless Networking 9(5), 545–556 (2003)

    Article  Google Scholar 

  50. Zimmer, C., Bhat, B., Mueller, F., Mohan, S.: Time-based intrusion dectection in cyber-physical systems. In: International Conference on Cyber-Physical Systems, pp. 109–118 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. North Carolina State University, Raleigh, NC, 27695-8206, USA

    Christopher Zimmer, Balasubramany Bhat & Frank Mueller

  2. University of Illinois at Urbana-Champaign, Urbana, IL, 61801, USA

    Sibin Mohan

Authors
  1. Christopher Zimmer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Balasubramany Bhat
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frank Mueller
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sibin Mohan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Electrical and Computer Engineering, Iowa State University, Ames, Iowa, USA

    Siddhartha Kumar Khaitan

  2. Electrical and Computer Engineering, Iowa State University, Ames, Iowa, USA

    James D. McCalley

  3. Energy Systems and Innovation Center (ESIC), Washington State University, Pullman, Washington, USA

    Chen Ching Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Zimmer, C., Bhat, B., Mueller, F., Mohan, S. (2015). Intrusion Detection for CPS Real-Time Controllers. In: Khaitan, S., McCalley, J., Liu, C. (eds) Cyber Physical Systems Approach to Smart Electric Power Grid. Power Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45928-7_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-45928-7_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-45927-0

  • Online ISBN: 978-3-662-45928-7

  • eBook Packages: EnergyEnergy (R0)

Publish with us

Policies and ethics

Search

Navigation