Trust is cast as a continuous re-evaluation: a system’s reliability and security are scrutinized, not just prior to, but during its deployment. This approach to maintaining trust is specifically applied to distributed and embedded control systems. Unlike general purpose systems, distributed and embedded control systems, such as power grid control systems and water treatment systems, etc., generally have a 24x7 availability requirement. Hence, upgrading or adding new cyber protection features into these systems in order to sustain them when faults caused by cyber attacks occur, is often difficult to achieve and inhibits the evolution of these systems into a cyber environment. In this chapter, we present a solution for extending the capabilities of existing systems while simultaneously maintaining the stability of the current systems. An externalized survivability management scheme based on the observe-reason-modify paradigm is applied, which decomposes the cyber attack protection process into three orthogonal subtasks: observation, evaluation and protection. This architecture provides greater flexibility and has a resolvability attribute- it can utilize emerging techniques; yet requires either minimal modifications or even no modifications whatsoever to the controlled infrastructures. The approach itself is general and can be applied to a broad class of observable systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
R. Panko, Corporate Computer and Network Security, Prentice Hall, Upper Saddle River, NJ, 2004.
V.P. Nelson, Fault-Tolerant Computing: Fundamental Concepts, Computer, IEEE, July 1990, pp. 19-25.
K. Kwiat, Can Reliability and Security be Joined Reliably and Securely?, Proceeding of the Symposium on Reliable Distributed Systems (SRDS), IEEE, October 2001.
D. Garlan, S.-W. Cheng, A.-C. Huang, B. Schmerl, and P. Steenkiste, “Rainbow: Architecture-based self-adaptation with reusable infrastructure” IEEE Computer, vol. Volume 37, Issue 10, pp. 46-54, October 2004.
D. Garlan and B. Schmerl, “Model-based adaptation for self-healing systems” in WOSS '02: Proceedings of the first workshop on Self-healing systems, New York, NY, USA, 2002, pp. 27-32.
G. Karsai, A. Ledeczi, J. Sztipanovits, G. Peceli, G. Simon, and T. Kovacshazy, “An approach to self-adaptive software based on supervisory control” in IWSAS, 2001, pp. 24-38.
G. Kaiser, J. Parekh, P. Gross, and G. Valetto, “Kinesthetics eXtreme: An external infrastructure for monitoring distributed legacy systems” in Autonomic Computing Workshop Fifth Annual International Workshop on Active Middleware Services (AMS'03), 2003.
Y. Qun, Y. Xian-Chun, and X. Man-Wu, “A framework for dynamic software architecture-based elf-healing” SIGSOFT Softw. Eng. Notes, vol. 30, no. 4, pp. 1-4, 2005.
Y. Diao, J. Hellerstein, S. Parekh, R. Griffith, G. Kaiser, and D. Phung, “Self-managing systems: A control theory foundation” in 12th IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS '05), 2005.
S. N. L. Ernest Friedman-Hill, “Jess” http://herzberg.ca.sandia.gov/jess/.
United States General Accounting Office. Critical Infrastructure Protection Challenges and Efforts to Secure Control Systems. Report to Congressional Requesters. March 2004.
Understanding SCADA Security Vulnerabilities. Technical Report. Riptech, Inc. 2001.
J. Pollet. Developing a Solid SCADA Security Strategy. SICON. Houston. TX. 2002.
F. Haji. L. Lindsay. S. Song. Practical Security Strategy for SCADA Automation Systems and Networks. CCECE/CCGEI, Saskatoon. May 2005.
C. L. Bowen. T. K. Buennemeyer. R. W. Thomas. Next Generation SCADA Security: Best Practices and Client Puzzles. In Proceedings of the IEEE Workshop on Information Assurance and Security. West Point, NY. 2005.
D. Gamez. S. N. Tehrani. J. Bigham. C. Balducelli. K. Burbeck. T. Chyssler. Dependable Computing Systems: Paradigms, Performance Issues, and Applications. Wiley, Inc. 2000.
In Tech Inc. Intrusion Detection and Cybersecurity. Technical Report. May 2004.
Wika, K.J., Safety Kernel Enforcement of Software Safety Policies, Ph.D. dissertation, Department of Computer Science, University of Virginia, Charlottesville, VA, 1995.
Knight J. C. Nakano L. G. Software test techniques for system fault-tree analysis. In Proc. SAFECOMP 97, 1997, pp. 369-380
Leveson, N. G., T. J. Shimeall, J. L. Stolzy, and J. C. Thomas, “Design for Safe Software” in Proceedings AIAA Space Sciences Meeting, Reno, Nevada, 1983.
Wayne Labs. Technology Brief (Issue 2, 2004). How secure is your control system? http://www.automationnotebook.com/2004 Issue 2/ technologybrief September2004.html
NUREG-0492, Fault Tree Handbook, U.S. Nuclear Regulatory Commission, January, 1981.
Shangping Ren, Limin Shen, Jeffrey J.P. Tsai: Reconfigurable Coordination Model for Dynamic Autonomous Real-Time Systems. SUTC (1) 2006: 60-67
Shangping Ren, Yue Yu, Nianen Chen, Kevin Marth, Pierre-Etienne Poirot, Limin Shen: Actors, Roles and Coordinators - A Coordination Model for Open Distributed and Embedded Systems. COORDINATION 2006: 247-265
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2009 Springer-Verlag US
About this chapter
Cite this chapter
Ren, S., Chen, N., Yu, Y., Poirot, P., Kwiat, K., Tsai, J.J. (2009). A Non-Intrusive Approach to Enhance Legacy Embedded Control Systems with Cyber Protection Features. In: Machine Learning in Cyber Trust. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-88735-7_7
Download citation
DOI: https://doi.org/10.1007/978-0-387-88735-7_7
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-88734-0
Online ISBN: 978-0-387-88735-7
eBook Packages: Computer ScienceComputer Science (R0)