Scalable Security Enforcement for Cyber Physical Systems

The security of Cyber-Physical Systems (CPSs) is increasingly important as more and more of these systems are added to the Internet of Things (IoT). As we increase the complexity and connectivity of our smart systems, we likewise broaden their digital attack surface. Recorded attacks on CPSs have ca...

Full description

Saved in:
Bibliographic Details
Published inIEEE access Vol. 12; pp. 14385 - 14410
Main Authors Baird, Alex, Panda, Abhinandan, Pearce, Hammond, Pinisetty, Srinivas, Roop, Partha
Format Journal Article
LanguageEnglish
Published Piscataway The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2024
IEEE
Subjects
Complex systems
Complexity
Cyber-physical systems
Cybersecurity
Enforcement
Fused deposition modeling
Internet of Things
Policies
Run time (computers)
runtime enforcement
Security
synchronous programming
Three dimensional printing
Online AccessGet full text

Cover

More Information
Summary:The security of Cyber-Physical Systems (CPSs) is increasingly important as more and more of these systems are added to the Internet of Things (IoT). As we increase the complexity and connectivity of our smart systems, we likewise broaden their digital attack surface. Recorded attacks on CPSs have caused significant physical impacts making methods for mitigation of attacks of paramount importance. The use of runtime enforcement (RE) can prevent violation of security policies. Here, runtime enforcers intervene before the CPS is compromised. Two key challenges are presented: (1) for complex systems, methods for automatically composing multiple policies are lacking; and (2) runtime enforcers are themselves executed digitally—meaning they too could have potential security vulnerabilities. We present the first comprehensive runtime enforcement framework which addresses both challenges. It can compose a lot of security policies in parallel and synthesize these policies into the more trustworthy hardware layers of a system. This removes reliance on potentially vulnerable firmware and software layers. We demonstrate our approach with policies to mitigate a set of attacks on a Fused Filament Fabrication (FFF) 3D printer. The experimental results show linear growth in logic element and register usage as the number of policies increase. This compares favourably to the exponential state space explosion that occurs with the conventional approach of monolithic composition. Additionally, we find higher enforcer clock frequencies are possible with the proposed parallel approach compared to existing serial approaches.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2024.3357714