Abstract
Malware and forensic analyses of embedded cyber-physical systems are tedious, manual processes that testbeds are commonly not designed to support. Additionally, attesting the physics impact of embedded cyber-physical system malware has no formal methodologies and is currently an art. This chapter describes a novel testbed design methodology that integrates virtualized embedded industrial control systems and physics simulators, thereby supporting malware and forensic analyses of embedded cyber-physical systems without risks. Unlike existing hardware-based testbeds, the resulting soft industrial control system testbeds are portable, distributable and expandable by design. However, embedded system virtualization is non-trivial, especially at the firmware level, and solutions vary widely depending on the embedded system architectures and operating systems. This chapter discusses how the proposed methodology overcomes the challenges to virtualizing embedded systems and explores the benefits via a proof-of-concept implementation involving a Siemens MJ-XL variable step voltage regulator control panel.
Chapter PDF
Similar content being viewed by others
References
Bergman, D., Jin, D., Nicol, D., Yardley, T.: The virtual power system testbed and inter-testbed integration, Proceedings of the Second USENIX Conference on Cyber Security Experimentation and Test (2009)
Byres, E.: #1 ICS and SCADA Security Myth: Protection by Air Gap, Tofino Security, Lantzville, Canada (2012)
Chakrabortty, A., Xin, Y., Hussein, A.: A U.S.-wide DETER-WAMS-ExoGENI testbed for wide-area monitoring and control of power systems using distributed synchrophasors, presented at Cyber-Physical Systems Week (2015)
Davis, C., Tate, J., Okhravi, H., Grier, C., Overbye, T., Nicol, D.: SCADA cyber security testbed development, Proceedings of the Thirty-Eighth North American Power Symposium, pp. 483–488 (2006)
Dondossola, G., Garrone, F., Szanto, J.: Supporting cyber risk assessment of power control systems with experimental data, Proceedings of the IEEE/PES Power Systems Conference and Exposition (2009)
Evans, I.: Analysis of Defenses Against Code Reuse Attacks on Modern and New Architectures, M.E. Thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, Massachusetts (2015)
Freescale Semiconductor, MC68332 User’s Manual, Chandler, Arizona (2004). cache.freescale.com/files/microcontrollers/doc/user_guide/MC68332UM.pdf
Giani, A., Karsai, G., Roosta, T., Shah, A., Sinopoli, B., Wiley, J.: A testbed for secure and robust SCADA systems, ACM SIGBED Review, vol. 5(2), article no. 4 (2008)
Leverett, E., Wightman, R.: Vulnerability inheritance in programmable logic controllers, Proceedings of the Second International Symposium on Research in Grey-Hat Hacking (2013)
Redwood, O., Lawrence, J., Burmester, M.: A symbolic honeynet framework for SCADA system threat intelligence, in Critical Infrastructure Protection IX, M. Rice and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 103–118 (2015)
Roberts, P.: Industrial control vendors identified in Dragonfly attack, The Security Ledger, July 4, 2014. securityledger.com/2014/07/industrial-control-vendors-identified-in-dragonfly-attack
Schwartz, E., Avgerinos, T., Brumley, D.: Q: Exploit hardening made easy, Proceedings of the Twentieth USENIX Conference on Security (2011)
Thornton, Z., Morris, T.: Enhancing a virtual SCADA laboratory using Simulink, in Critical Infrastructure Protection IX, M. Rice and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 119–133 (2015)
Timorin, A.: SCADA Strangelove: SCADA deep inside, presented at the Balkan Computer Congress (2014)
Trainor, J., Laplace, C., Bellin, M., Hoffmann, M.: Man-Machine Interface, United States Patent 5,844,550 (1998)
Subcommittee on National Security, Homeland Defense, Foreign Operations of the Committee on Oversight, Government Reform, Cyber Security: Assessing the Immediate Threat to the United States, Serial No. 112–55, U.S. House of Representatives (112th Congress, First Session), Washington, DC, May 25, 2011
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 IFIP International Federation for Information Processing
About this paper
Cite this paper
Redwood, O., Reynolds, J., Burmester, M. (2016). Integrating Simulated Physics and Device Virtualization in Control System Testbeds. In: Rice, M., Shenoi, S. (eds) Critical Infrastructure Protection X. ICCIP 2016. IFIP Advances in Information and Communication Technology, vol 485. Springer, Cham. https://doi.org/10.1007/978-3-319-48737-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-48737-3_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48736-6
Online ISBN: 978-3-319-48737-3
eBook Packages: Computer ScienceComputer Science (R0)