Model Based Impact Analysis and Security Measure Allocation for Control Systems
Sammanfattning: Improvement of cyber-security of industrial control systems is of utmost importance for our society. It has been recognized that many security vulnerabilities can be found in these systems, which if exploited may lead to dire consequences. For instance, successful cyber-attacks against industrial control systems may cause loss of electricity, lead to shortage of drinkable water,or disrupt oil and gas production. Deploying security measures to protect industrial control systems may be costly. Thus, it is expected that we would not be able to prevent all the security vulnerabilities that we find within the systems. In this thesis, we consider two problems related to this issue. The first one is how to determine which combinations of vulnerabilities are the most critical to be prevented. An important part of this classification is estimating the impact of cyber-attacks conducted using these vulnerabilities, which is the first major problem considered in the thesis. The budget for deploying security measures can then be focused on preventing the most critical combinations of vulnerabilities that are found. How to do this in an optimal way once the number of vulnerabilities and measures is large is the second major problem considered. As our first contribution, we outline a framework for estimating the attack impact in industrial control systems. Here, we consider industrial control systems that have both control and monitoring tasks. For industrial control systems with control tasks, we propose a framework to estimate the impact of several attack strategies. We prove that the estimation of the impact of all possible strategies is reducible to solving a set of convex minimization problems. The solvers for convex minimization problems are well known, so the exact value of the attack impact can be obtained easily. For industrial control systems with monitoring tasks, we analyze the impact of a bias injection attack strategy. We prove that the attack impact can be obtained as the solution of a quadratically constrained quadratic program, for which the exact solution can be found efficiently. We also introduce a lower bound of the attack impact in terms of the number of compromised sensors. The theoretical findings are illustrated in numerical examples. As our second contribution, we propose a flexible modeling framework for allocating security measures. Our framework is suitable for dynamical models of industrial control systems, and can be used in cases when the number of vulnerabilities and measures is large. The advantages of our framework are the following. Firstly, the framework includes an algorithm for efficiently finding the most dangerous vulnerabilities in the system. Secondly, the problem of eliminating these vulnerabilities can provably be casted as a minimization of a linear function subject to a submodular constraint. This implies that the suboptimal solution of the problem, with guaranteed performance, can be found using a fast greedy algorithm. The applicability of the framework is demonstrated through simulations on an industrial control system used for regulating temperature within a building
KLICKA HÄR FÖR ATT SE AVHANDLINGEN I FULLTEXT. (PDF-format)