Global ETD Search

11	Incremental Design Migration Support in Industrial Control Systems Development Balasubramanian, Harish 04 December 2014 (has links) Industrial control systems (ICS) play an extremely important role in the world around us. They have helped in reducing human effort and contributed to automation of processes in oil refining, power generation, food and beverage and production lines. With advancement in technology, embedded platforms have emerged as ideal platforms for implementation of such ICSes. Traditional approaches in ICS design involve switching from a model or modeling environment directly to a real-world implementation. Errors have the potential to go unnoticed in the modeling environment and have a tendency to affect real control systems. Current models for error identification are complex and affect the design process of ICS appreciably. This thesis adds an additional layer to ICS design: an Interface Abstraction Process (IAP). IAP helps in incremental migration from a modeling environment to a real physical environment by supporting intermediate design versions. Implementation of the IAP is simple and independent of control system complexity. Early error identification is possible since intermediate versions are supported. Existing control system designs can be modified minimally to facilitate the addition of an extra layer. The overhead of adding the IAP is measured and analysed. With early validation, actual behavior of the ICS in the real physical setting matches the expected behavior in the modeling environment. This approach to ICS design adds a significant amount of latency to existing ICSes without affecting the design process significantly. Since the IAP helps in early design validation, it can be removed before deployment in the real-world. / Master of Science Industrial control systems incremental migration model-based design interface abstraction
12	Trusted Software Updates for Secure Enclaves in Industrial Control Systems Gunjal, Abhinav Shivram 18 September 2017 (has links) Industrial Control Systems (ICSs) manage critical infrastructures such as water treatment facilities, petroleum refineries, and power plants. ICSs are networked through Information Technology (IT) infrastructure for remote monitoring and control of physical processes. As ICSs integrate with IT infrastructure, IT vulnerabilities are carried over to the ICS environment. Previously proposed process controller security architectures maintain safe and stable plant operation even in the presence of attacks that exploit ICS vulnerabilities. Security architectures are process control system-level solutions that leverage isolated and trusted hardware (secure enclaves) for ICS security. Upon detecting an intrusion, the secure enclave switches control of the physical process to a high assurance controller, making a fail-safe plant operation. The process control loop components have an average lifespan of several decades. During this time, electromechanical components of process control loop may undergo aging that alters their characteristics and affects control loop performance. To deal with component aging and to improve control algorithm flexibility, updates to control loop parameters are required. Plant model, process control loop system specifications, and control algorithm-based security mechanisms at the secure enclave require parameter updates. ICSs have hundreds of process control components that may need be installed in hazardous environments and distributed across hundreds of square kilometers. Updating each component physically may lead to accidents, expensive travel, and increased downtime. Some ICS have allowable downtime of only 5 minutes per year. Hence, remote updates are desirable. A proposed dedicated and isolated hardware module at the secure enclave provides authentication of the update and ensures safe storage in a non-volatile memory. A protocol designed for update transmission through an untrusted ICS network provides resilience against network integrity attacks such as replay attacks. Encryption and authentication of the updates maintain integrity and confidentiality. During the normal plant operation, the hardware module is invisible to the other modules of the process control loop. The proposed solution is implemented on Xilinx Zynq-7000 programmable System-on-Chip to provide secure enclave updates. / Master of Science Industrial control systems programmable logic controller industrial control systems security secure enclaves software updates configurable system-on-chip
13	Détection d'intrusions pour les systèmes de contrôle industriels / Intrusion detection for industrial control systems Koucham, Oualid 12 November 2018 (has links) L’objectif de ce travail de thèse est le développement de techniques de détection d’intrusions et de corrélation d’alertes spécifiques aux systèmes de contrôle industriels (ICS). Cet intérêt est justifié par l’émergence de menaces informatiques visant les ICS, et la nécessité de détecter des attaques ciblées dont le but est de violer les spécifications sur le comportement correct du processus physique.Dans la première partie de nos travaux, nous nous sommes intéressés à l’inférence automatique de spécifications pour les systèmes de contrôle séquentiels et ce à des fins de détection d’intrusions. La particularité des systèmes séquentiels réside dans leur logique de contrôle opérant par étapes discrètes. La détection d’intrusions au sein de ces systèmes a été peu étudiée malgré leur omniprésence dans plusieurs domaines d’application. Dans notre approche, nous avons adopté le formalisme de la logique temporelle linéaire (LTL) et métrique (MTL) permettant de représenter des propriétés temporelles d’ordre qualitatif et quantitatif sur l’état des actionneurs et des capteurs. Un algorithme d’inférence de propriétés a été développé afin d’automatiser la génération des propriétés à partir de motifs de spécifications couvrant les contraintes les plus communes. Cette approche vise à pallier le nombre conséquent de propriétés redondantes inférées par les approches actuelles.Dans la deuxième partie de nos travaux, nous cherchons à combiner l’approche de détection d’intrusions développée dans le premier axe avec des approches de détection d’intrusions classiques. Pour ce faire, nous explorons une approche de corrélation tenant compte des spécificités des systèmes industriels en deux points: (i) l’enrichissement et le prétraitement d’alertes venant de domaines différents (cyber et physique), et (ii) la mise au point d’une politique de sélection d’alertes tenant compte du contexte d’exécution du processus physique. Le premier point part du constat que, dans un système industriel, les alertes qui sont remontées au corrélateur sont caractérisées par des attributs hétérogènes (attributs propres aux domaines cyber et physique). Cependant, les approches de corrélation classiques présupposent une certaine homogénéité entre les alertes. Afin d’y remédier, nous développons une approche d’enrichissement des alertes du domaine physique par des attributs du domaine cyber sur la base d’informations relatives aux protocoles supportés par les contrôleurs et à la distribution des variables du processus au sein des contrôleurs. Le deuxième point concerne le développement d’une politique de sélection d’alertes qui adapte dynamiquement les fenêtres de sélection des alertes selon l’évolution des sous-processus.Les résultats de l’évaluation de nos approches de détection et de corrélation montrent des performances améliorées sur la base de métriques telles que le nombre de propriétés inférées, le taux de réduction des alertes et la complétude des corrélations. / The objective of this thesis is to develop intrusion detection and alert correlation techniques geared towards industrial control systems (ICS). Our interest is driven by the recent surge in cybersecurity incidents targeting ICS, and the necessity to detect targeted attacks which induce incorrect behavior at the level of the physical process.In the first part of this work, we develop an approach to automatically infer specifications over the sequential behavior of ICS. In particular, we rely on specification language formalisms such as linear temporal logic (LTL) and metric temporal logic (MTL) to express temporal properties over the state of the actuators and sensors. We develop an algorithm to automatically infer specifications from a set of specification patterns covering the most recurring properties. In particular, our approach aims at reducing the number of redundant and unfalsifiable properties generated by the existing approaches. To do so, we add a pre-selection stage which allows to restrict the search for valid properties over non redundant portions of the execution traces. We evaluate our approach on a complex physical process steered by several controllers under process oriented attacks. Our results show that a significant reduction in the number of inferred properties is possible while achieving high detection rates.In the second part of this work, we attempt to combine the physical domain intrusion detection approach developed in the first part with more classical cyber domain intrusion detection approaches. In particular, we develop an alert correlation approach which takes into account some specificities of ICS. First, we explore an alert enrichment approach that allows to map physical domain alerts into the cyber domain. This is motivated by the observation that alertscoming from different domains are characterized by heterogeneous attributes which makes any direct comparison of the alerts difficult. Instead, we enrich the physical domain alerts with cyber domain attributes given knowledge about the protocols supported by the controllers and the memory mapping of process variables within the controllers.In this work, we also explore ICS-specific alert selection policies. An alert selection policy defines which alerts will be selected for comparison by the correlator. Classical approaches often rely on sliding, fixed size, temporal windows as a basis for their selection policy. Instead, we argue that given the complex interdependencies between physical subprocesses, agreeing on analert window size is challenging. Instead, we adopt selection policies that adapt to the state of the physical process by dynamically adjusting the size of the alert windows given the state of the subprocesses within the physical process. Our evaluation results show that our correlator achieves better correlation metrics in comparison with classical temporal based approaches. Détection d'intrusions Système de contrôle industriels Cybersécurité Intrusion detection Industrial control systems Cybersecurity 004 620
14	Semantic-aware Stealthy Control Logic Infection Attack kalle, Sushma 06 August 2018 (has links) In this thesis work we present CLIK, a new, automated, remote attack on the control logic of a programmable logic controller (PLC) in industrial control systems. The CLIK attack modifies the control logic running in a remote target PLC automatically to disrupt a physical process. We implement the CLIK attack on a real PLC. The attack is initiated by subverting the security measures that protect the control logic in a PLC. We found a critical (zero-day) vulnerability, which allows the attacker to overwrite password hash in the PLC during the authentication process. Next, CLIK retrieves and decompiles the original logic and injects a malicious logic into it and then, transfers the infected logic back to the PLC. To hide the infection, we propose a virtual PLC that engages the software the virtual PLC intercepts the request and then, responds with the original (uninfected) control logic to the software. Information Security
15	Reliability for Hard Real-time Communication in Packet-switched Networks Ganjalizadeh, Milad January 2014 (has links) Nowadays, different companies use Ethernet for different industrial applications. Industrial Ethernet has some specific requirements due to its specific applications and environmental conditions which is the reason that makes it different than corporate LANs. Real-time guarantees, which require precise synchronization between all communication devices, as well as reliability are the keys in performance evaluation of different methods [1]. High bandwidth, high availability, reduced cost, support for open infrastructure as well as deterministic architecture make packet-switched networks suitable for a variety of different industrial distributed hard real-time applications. Although research on guaranteeing timing requirements in packet-switched networks has been done, communication reliability is still an open problem for hard real-time applications. In this thesis report, a framework for enhancing the reliability in multihop packet-switched networks is presented. Moreover, a novel admission control mechanism using a real-time analysis is suggested to provide deadline guarantees for hard real-time traffic. A generic and flexible simulator has been implemented for the purpose of this research study to measure different defined performance metrics. This simulator can also be used for future research due to its flexibility. The performance evaluation of the proposed solution shows a possible enhancement of the message error rate by several orders of magnitude, while the decrease in network utilization stays at a reasonable level. Distributed real-time systems reliability packet-switched network hard real-time industrial control
16	Συλλογή δεδομένων και εποπτικός έλεγχος στο περιβάλλον Cimplicity της GeFanuc Χούντρας, Θόδωρος 31 May 2012 (has links) Η παρούσα διπλωματική ασχολείται με το σχεδιασμό συστημάτων SCADA στο λογισμικό Proficy Cimplicity. Στο 1ο κεφάλαιο περιγράφονται οι βασικές αρχές των Βιομηχανικών Αυτοματισμών, των Βιομηχανικών Δικτύων, των Ιεραρχικών μοντέλων στην παραγωγή και των συστημάτων SCADA. Στο 2ο κεφάλαιο περιγράφονται όλες οι λειτουργικές δυνατότητες που συνθέτουν το λογισμικό παραθέτοντας παράλληλα συγκεκριμένα παραδείγματα. Στο 3ο κεφάλαιο παρουσιάζονται ενδεικτικές εφαρμογές από το βιομηχανικό περιβάλλον. Στο 4ο κεφάλαιο αναλύεται η δυνατότητα ενσωμάτωσης Videostream σε οθόνη σταθμού SCADA. Αυτό γίνεται εστιάζοντας σε τρία μοτίβα χρήσης: Αναπαραγωγή αρχείων Video, λήψη με ενσωματωμένη/συνδεδεμένη στον υπολογιστή κάμερα και τέλος παρουσίαση εφαρμογής ολοκληρωμένων λύσεων παρακολούθησης μίας βιομηχανικής εγκατάστασης. Η εφαρμογή αυτή βασίζεται στον εξοπλισμό IP Surveillance της εταιρίας MOXA. Στο 5ο κεφάλαιο επεξηγείται το πρωτόκολλο OPC και πως αυτό συμμετέχει στην ανταλλαγή δεδομένων στο Cimplicity. Επεξηγείται ο ρόλος του Cimplicity OPC Server αλλά και το πρωτόκολλο OPC Client με στόχο τη διασύνδεση του λογισμικού με διαφορετικού τύπου και κατασκευαστή εξοπλισμό. Ως παράδειγμα του πρωτοκόλλου OPC Client για την επικοινωνία με PLC, χρησιμοποιήθηκε η διάταξη του τεχνητού αναρριχητή, ο οποίος βρίσκεται στο Εργαστήριο Γενικής Ηλεκτροτεχνίας. Τέλος στο 6ο κεφάλαιο, γίνεται αναφορά σε μία μέθοδο μοντελοποίησης βιομηχανικών συστημάτων, τα Γενικευμένα Αυτόματα. Η μέθοδος αυτή αξιοποιείται με στόχο να εξαχθεί με ελάχιστο κόπο, ο κώδικας υλοποίησης της λογικής του αυτοματισμού, είτε για SCADA εφαρμογή, είτε για PLC λειτουργία. Η μέθοδος εφαρμόστηκε σε μία από τις εφαρμογές του 3ου κεφαλαίου. / In this diploma thesis, developing SCADA systems using Proficy Cimplicity Software has been studied. The first chapter describes the basic principles of Industrial Automation, Industrial Networks, the hierarchical processing models and SCADA systems. The second chapter refers to the study of the Cimplicity fuctions and tools using specific examples. The third chapter presents applications from the industrial environment. The fourth chapter examines the posibility of embedding video stream applications in SCADA screens. Tree different scenarios examined: Playing back Video files, playing live video using a camera attached to the computer system and video surveillance solutions for industrial installations. This solutions are based in the IP Surveillance products of MOXA Company. The fifth chapter explaines the OPC protocol and how it is being used for data exchange in Cimplicity. It also explaines the Cimplicity OPC Server and the OPC Client protocol for interconnecting software and devices with different vendors. An example of OPC Client protocol is included, the "artificial climber" which is located in the Systems And Measurements Laboratory. The last chapter, an industrial modelling method is reffered, the Global Automata. It is being used for developing with minor effort, the programming script which describes the automation, either for SCADA apllications, either for PLC functioning. This method was used for one of the third chapter examples. Βιομηχανικός έλεγχος 629.895 Industrial control Automation systems SCADA Proficy Cimplicity
17	Návrh zabezpečení průmyslového řídícího systému / Industrial control system security design Strnad, Matěj January 2019 (has links) The subject of the master's thesis is a design of security measures for securing of an industrial control system. It includes an analysis of characteristics of communication environment and specifics of industrial communication systems, a comparison of available technological means and a design of a solution according to investor's requirements.
18	Omni SCADA intrusion detection Gao, Jun 11 May 2020 (has links) We investigate deep learning based omni intrusion detection system (IDS) for supervisory control and data acquisition (SCADA) networks that are capable of detecting both temporally uncorrelated and correlated attacks. Regarding the IDSs developed in this paper, a feedforward neural network (FNN) can detect temporally uncorrelated attacks at an F1 of 99.967±0.005% but correlated attacks as low as 58±2%. In contrast, long-short term memory (LSTM) detects correlated attacks at 99.56±0.01% while uncorrelated attacks at 99.3±0.1%. Combining LSTM and FNN through an ensemble approach further improves the IDS performance with F1 of 99.68±0.04% regardless the temporal correlations among the data packets. / Graduate SCADA Industrial control system Modbus LSTM IDS Deep learning Recurrent neural network
19	The SAP Link: A Controller Architecture for Secure Industrial Control Systems Wyman, Matthew Cody 01 February 2019 (has links) Industrial Control Systems are essential to modern life. They are utilized in hundreds of processes including power distribution, water treatment, manufacturing, traffic management, and amusement park ride control. These systems are an essential part of modern life and if compromised, could result in significant economic loss, safety impacts, damage to the environment, and even loss of life. Unfortunately, many of these systems are not properly secured from a cyber attack. It is likely that a well-funded and motivated attack from a nation-state will successfully compromise an industrial control system's network. As cyber war becomes more prevalent, it is becoming more critical to find new and innovative ways to reduce the physical impacts from a cyber attack.This thesis presents a new architecture for a secure industrial controller. This architecture protects the integrity of the controller logic, including the safety logic which is responsible for keeping the process in a safe condition. In particular, it would prevent malicious or accidental modification or bypassing of the controller logic. This architecture divides the controller into three components; the logic controller, the interface controller and the SAP link. The logic controller is responsible for controlling the equipment and contains the safety logic. The interface controller communicates with the rest of the control system network. The Simple As Possible (SAP) link is a bridge between the logic and interface controllers that ensures the integrity of the logic controller by drastically limiting the external interface of the logic controller. We implement this new architecture on a physical controller to demonstrate the process of implementing the architecture and to demonstrate its feasibility. SCADA ICS security controller architecture industrial control system cyber war safety logic Electrical and Computer Engineering
20	Leveraging PLC Ladder Logic for Signature Based IDS Rule Generation Richey, Drew Jackson 12 August 2016 (has links) Industrial Control Systems (ICS) play a critical part in our world’s economy, supply chain and critical infrastructure. Securing the various types of ICS is of the utmost importance and has been a focus of much research for the last several years. At the heart of many defense in depth strategies is the signature based intrusion detection system (IDS). The signatures that define an IDS determine the effectiveness of the system. Existing methods for IDS signature creation do not leverage the information contained within the PLC ladder logic file. The ladder logic file is a rich source of information about the PLC control system. This thesis describes a method for parsing PLC ladder logic to extract address register information, data types and usage that can be used to better define the normal operation of the control system which will allow for rules to be created to detect abnormal activity. industrial control system security intrusion detection system signature based ids ladder logic

Search results