Expert tuners for PI control

Shenassa, M. Hassan

January 1988

No description available.

670.285

Industrial control systems

Optimisation of gas storage and L.V. distribution systems

Hindi, K. S.

January 1975

No description available.

629.8

Industrial control systems

Digital control techniques for electro-hydraulic servosystems

Plummer, Andrew Robert

January 1991

No description available.

629.892

Industrial control systems

FiniteFuzz : Finite State Machine Fuzzer For Industrial Control IoT Devices

Kaur, Jaskaran

03 July 2023

Automated software testing techniques have become increasingly popular in recent years, with fuzzing being one of the most prevalent approaches. However, fuzzing Finite State Machines (FSMs) poses a significant challenge due to state and input dependency, resulting in exponential exploration time required to unlock the Finite State Machine. To address this issue, we present a novel approach in this research paper by introducing FINITEFUZZ, a Grey Box Fuzzer explicitly designed to fuzz Finite State Machines. Unlike the Blackbox fuzzers, FINITEFUZZ employs a mutational technique that utilizes feedback to steer the fuzzing process. FINITEFUZZ takes a random set of states and compares them with the desired FSM and records the states that increase the coverage of the Finite State Machine. The next seed incorporates the feedback received from all the previous seed inputs. This avoids exploring the same path multiple times and results in linear performance for all the types of Finite State machines possible. Our findings reveal that the use of FINITEFUZZ significantly reduces the exploration time required to uncover each state of the machine, making it a promising solution for generating Finite State Machines. We tested our FINITEFUZZ on 4 different types of Finite State Machines with each scenario resulting in at least 5X performance improvement in FSM generation. The potential applications of FSMs are vast, and our research suggests that the proposed approach can be used to generate any type of Finite State Machine. / Master of Science / Fuzzing, also known as Fuzz testing is a technique used to test software for security vulner- abilities, errors, and unexpected behavior. It involves generating random or semi-random input to a software application such as an operating system, or network service to test how it responds. Once input is generated, it is sent to the target application, which may crash, hang or produce unexpected results in response to the input. The results are then analyzed to identify potential vulnerabilities such as buffer overflows, input validation errors, and re- source leaks. Fuzzing is also used to test software that is difficult to test through other means, such as closed-source software or embedded systems. We generated a Fuzzer,FINITEFUZZ for Finite State Machine that unlocks the FSM starting from the random input and exploring only those seeds that increases the test coverage

Fuzzing

Finite State Machine

Industrial Control Systems}

Investigating Attacks on Industrial Control Systems Using Deterministic Replay Simulation

Gregory Walkup (6623090)

10 June 2019

From factories to power grids, industrial systems are increasingly being digitally controlled and networked. While networking these systems together improves their efficiency and convenience, it also opens them up to attack by malicious actors. When these attacks occur, forensic investigators need to quickly be able to determine what was compromised and which corrective actions should be taken. In this thesis, a method is proposed for investigating attacks on industrial control systems by simulating the logged inputs of the system over time using a model constructed from the control programs that make up the system. When evaluated, this led to the detection of attacks which perturbed the normal operation of the system by comparing the simulated output to the actual output. It also allowed for dependency tracing between the inputs and outputs of the system, so that attacks could be traced from their unwanted effects to their source and vice-versa. This method can thus greatly aid investigators in recovering the complete attack story using only logs of inputs and outputs to an industrial control system.

Simulation and Modelling

Computer System Security

industrial control systems

cybersecurity

simulation

Incremental Design Migration Support in Industrial Control Systems Development

Balasubramanian, Harish

04 December 2014

Industrial control systems (ICS) play an extremely important role in the world around us. They have helped in reducing human effort and contributed to automation of processes in oil refining, power generation, food and beverage and production lines. With advancement in technology, embedded platforms have emerged as ideal platforms for implementation of such ICSes. Traditional approaches in ICS design involve switching from a model or modeling environment directly to a real-world implementation. Errors have the potential to go unnoticed in the modeling environment and have a tendency to affect real control systems. Current models for error identification are complex and affect the design process of ICS appreciably. This thesis adds an additional layer to ICS design: an Interface Abstraction Process (IAP). IAP helps in incremental migration from a modeling environment to a real physical environment by supporting intermediate design versions. Implementation of the IAP is simple and independent of control system complexity. Early error identification is possible since intermediate versions are supported. Existing control system designs can be modified minimally to facilitate the addition of an extra layer. The overhead of adding the IAP is measured and analysed. With early validation, actual behavior of the ICS in the real physical setting matches the expected behavior in the modeling environment. This approach to ICS design adds a significant amount of latency to existing ICSes without affecting the design process significantly. Since the IAP helps in early design validation, it can be removed before deployment in the real-world. / Master of Science

Industrial control systems

incremental migration

model-based design

interface abstraction

Using Eye-tracking to Acknowledge Attended Alarms

Herdt, Katherine Elizabeth

21 January 2022

A lack of alarm management for industrial control rooms has led to frequent alarm floods that have the potential to overwhelm operators within minutes. One approach to managing alarm floods would be altering the salience of alarms that operators might already notice, thereby reducing the disruption on workflow and attention for managing uninformative alarms. This research investigated the central hypothesis that eye fixations could supply passive input to acknowledge alarms anticipated by the operators and thereby improve their overall task performance. A dual-task experiment recruiting 24 participants was conducted to compare three gaze-based alarm acknowledgement methods –Proximity, Prediction, and Entropy- against no acknowledgement across three types of scenarios – Near-threshold, Trending, and Fluctuation. The gaze-based acknowledgement methods reduced visual and auditory salience of alarms as a function of the number of fixations on parameters as well as characteristics of the parameter known to influence operator monitoring behaviors. The participants performed an alarm monitoring task while controlling a continuous parameter within an acceptable range. While participants showed a preference for all of three gaze-based acknowledgment methods, performance of the parameter control task did not improve with gaze-based acknowledgement. Scenario types, as defined by the behavior of the parameters, exhibited a significant effect on the performance of the parameter control task, suggesting a greater influence on participant attention than the reduced salience associated with the gaze-based acknowledgments. Additional analysis revealed that gaze-acknowledgements are higher in scenarios with the most suitable for the gaze-based acknowledgement methods, although the participants did not show any gaze-based acknowledgements and did not make a prediction of an alarm for a significant portion of the trials, suggesting a lack of resource allocation to the alarm monitoring task. This result suggests that the effectiveness of gaze-based acknowledgement may depend on the combination of on-going tasks. Taken together, the experimental results showed some utility of user gaze in managing alarms given how acknowledgement occurred more often when the acknowledgement methods and parameters matched; however, further design research is necessary to translate the utility into clear performance or productivity benefits. / Master of Science / Industrial control rooms are notorious for having too many alarms triggered within minutes and operators are hindered by responding to these alarms as opposed to the actual process faults. Existing alarm management research and applications have already reduced nuisance alarms by filtering out those correlated to one another according to historical data or plant models. However, existing approaches have not eliminated the process parameters that operators already expect to reach alarm thresholds. In other words, current alarm management has not adapted for operator awareness of impending alarms. This study explored how eye-tracking might be used to acknowledge alarms anticipated by operators, thereby reducing uninformative alarms and interruption to operator work. The participants performed an alarm monitoring task while trying to maintain a fluctuating parameter within an acceptable range. While participants liked the gaze-based acknowledgement methods, their performance on the parameter control task did not improve over conditions without any alarm acknowledgement. The alarm monitoring task may not have received sufficient attention to induce an observable benefit. The characteristics of the parameter seemed to have a larger effect on participants' attention than the muted alarm presentation associated with the gaze-based acknowledgment. Further research is necessary to refine the current design to induce the postulated attention and performance benefits with gaze-based acknowledgement.

alarm management

gaze-based interaction

industrial control systems

Trusted Software Updates for Secure Enclaves in Industrial Control Systems

Gunjal, Abhinav Shivram

18 September 2017

Industrial Control Systems (ICSs) manage critical infrastructures such as water treatment facilities, petroleum refineries, and power plants. ICSs are networked through Information Technology (IT) infrastructure for remote monitoring and control of physical processes. As ICSs integrate with IT infrastructure, IT vulnerabilities are carried over to the ICS environment. Previously proposed process controller security architectures maintain safe and stable plant operation even in the presence of attacks that exploit ICS vulnerabilities. Security architectures are process control system-level solutions that leverage isolated and trusted hardware (secure enclaves) for ICS security. Upon detecting an intrusion, the secure enclave switches control of the physical process to a high assurance controller, making a fail-safe plant operation. The process control loop components have an average lifespan of several decades. During this time, electromechanical components of process control loop may undergo aging that alters their characteristics and affects control loop performance. To deal with component aging and to improve control algorithm flexibility, updates to control loop parameters are required. Plant model, process control loop system specifications, and control algorithm-based security mechanisms at the secure enclave require parameter updates. ICSs have hundreds of process control components that may need be installed in hazardous environments and distributed across hundreds of square kilometers. Updating each component physically may lead to accidents, expensive travel, and increased downtime. Some ICS have allowable downtime of only 5 minutes per year. Hence, remote updates are desirable. A proposed dedicated and isolated hardware module at the secure enclave provides authentication of the update and ensures safe storage in a non-volatile memory. A protocol designed for update transmission through an untrusted ICS network provides resilience against network integrity attacks such as replay attacks. Encryption and authentication of the updates maintain integrity and confidentiality. During the normal plant operation, the hardware module is invisible to the other modules of the process control loop. The proposed solution is implemented on Xilinx Zynq-7000 programmable System-on-Chip to provide secure enclave updates. / Master of Science

Industrial control systems

programmable logic controller

industrial control systems security

secure enclaves

software updates

configurable system-on-chip

Détection d'intrusions pour les systèmes de contrôle industriels / Intrusion detection for industrial control systems

Koucham, Oualid

12 November 2018

L’objectif de ce travail de thèse est le développement de techniques de détection d’intrusions et de corrélation d’alertes spécifiques aux systèmes de contrôle industriels (ICS). Cet intérêt est justifié par l’émergence de menaces informatiques visant les ICS, et la nécessité de détecter des attaques ciblées dont le but est de violer les spécifications sur le comportement correct du processus physique.Dans la première partie de nos travaux, nous nous sommes intéressés à l’inférence automatique de spécifications pour les systèmes de contrôle séquentiels et ce à des fins de détection d’intrusions. La particularité des systèmes séquentiels réside dans leur logique de contrôle opérant par étapes discrètes. La détection d’intrusions au sein de ces systèmes a été peu étudiée malgré leur omniprésence dans plusieurs domaines d’application. Dans notre approche, nous avons adopté le formalisme de la logique temporelle linéaire (LTL) et métrique (MTL) permettant de représenter des propriétés temporelles d’ordre qualitatif et quantitatif sur l’état des actionneurs et des capteurs. Un algorithme d’inférence de propriétés a été développé afin d’automatiser la génération des propriétés à partir de motifs de spécifications couvrant les contraintes les plus communes. Cette approche vise à pallier le nombre conséquent de propriétés redondantes inférées par les approches actuelles.Dans la deuxième partie de nos travaux, nous cherchons à combiner l’approche de détection d’intrusions développée dans le premier axe avec des approches de détection d’intrusions classiques. Pour ce faire, nous explorons une approche de corrélation tenant compte des spécificités des systèmes industriels en deux points: (i) l’enrichissement et le prétraitement d’alertes venant de domaines différents (cyber et physique), et (ii) la mise au point d’une politique de sélection d’alertes tenant compte du contexte d’exécution du processus physique. Le premier point part du constat que, dans un système industriel, les alertes qui sont remontées au corrélateur sont caractérisées par des attributs hétérogènes (attributs propres aux domaines cyber et physique). Cependant, les approches de corrélation classiques présupposent une certaine homogénéité entre les alertes. Afin d’y remédier, nous développons une approche d’enrichissement des alertes du domaine physique par des attributs du domaine cyber sur la base d’informations relatives aux protocoles supportés par les contrôleurs et à la distribution des variables du processus au sein des contrôleurs. Le deuxième point concerne le développement d’une politique de sélection d’alertes qui adapte dynamiquement les fenêtres de sélection des alertes selon l’évolution des sous-processus.Les résultats de l’évaluation de nos approches de détection et de corrélation montrent des performances améliorées sur la base de métriques telles que le nombre de propriétés inférées, le taux de réduction des alertes et la complétude des corrélations. / The objective of this thesis is to develop intrusion detection and alert correlation techniques geared towards industrial control systems (ICS). Our interest is driven by the recent surge in cybersecurity incidents targeting ICS, and the necessity to detect targeted attacks which induce incorrect behavior at the level of the physical process.In the first part of this work, we develop an approach to automatically infer specifications over the sequential behavior of ICS. In particular, we rely on specification language formalisms such as linear temporal logic (LTL) and metric temporal logic (MTL) to express temporal properties over the state of the actuators and sensors. We develop an algorithm to automatically infer specifications from a set of specification patterns covering the most recurring properties. In particular, our approach aims at reducing the number of redundant and unfalsifiable properties generated by the existing approaches. To do so, we add a pre-selection stage which allows to restrict the search for valid properties over non redundant portions of the execution traces. We evaluate our approach on a complex physical process steered by several controllers under process oriented attacks. Our results show that a significant reduction in the number of inferred properties is possible while achieving high detection rates.In the second part of this work, we attempt to combine the physical domain intrusion detection approach developed in the first part with more classical cyber domain intrusion detection approaches. In particular, we develop an alert correlation approach which takes into account some specificities of ICS. First, we explore an alert enrichment approach that allows to map physical domain alerts into the cyber domain. This is motivated by the observation that alertscoming from different domains are characterized by heterogeneous attributes which makes any direct comparison of the alerts difficult. Instead, we enrich the physical domain alerts with cyber domain attributes given knowledge about the protocols supported by the controllers and the memory mapping of process variables within the controllers.In this work, we also explore ICS-specific alert selection policies. An alert selection policy defines which alerts will be selected for comparison by the correlator. Classical approaches often rely on sliding, fixed size, temporal windows as a basis for their selection policy. Instead, we argue that given the complex interdependencies between physical subprocesses, agreeing on analert window size is challenging. Instead, we adopt selection policies that adapt to the state of the physical process by dynamically adjusting the size of the alert windows given the state of the subprocesses within the physical process. Our evaluation results show that our correlator achieves better correlation metrics in comparison with classical temporal based approaches.

Détection d'intrusions

Système de contrôle industriels

Cybersécurité

Intrusion detection

Industrial control systems

Cybersecurity

004

620

Using High-level Synthesis to Predict and Preempt Attacks on Industrial Control Systems

Franklin, Zane Ryan

21 April 2014

As the rate and severity of malicious software attacks have escalated, industrial control systems (ICSes) have emerged as a particularly vulnerable target. ICSes govern the automation of the physical processes in industries such as power, water, oil and manufacturing. In contrast to the personal computing space, where attackers attempt to capture information or computing resources, the attacks directed at ICSes aim to degrade or destroy the physical processes or plants maintained by the ICS. Exploits with potentially catastrophic results are sold on brokerages to any interested party. Previous efforts in ICS security implicitly and mistakenly trust internal software. This thesis presents an architecture for trust enhancement of critical embedded processes (TECEP). TECEP assumes that all software can be or has already been compromised. Trust is instead placed in hardware that is invisible to any malicious software. Software processes critical for stable operation are duplicated in hardware, along with a supervisory process to monitor the behavior of the plant. Furthermore, a copy of the software and a model of the plant are implemented in hardware in order to estimate the system's future behavior. In the event of an attack, the hardware can successfully identify the plant's abnormal behavior in either the present or the future and supersede the software's directives, allowing the plant to continue functioning correctly. This approach to ICS security can be retrofitted to existing ICSes, has minimal impact on the ICS design process, and modestly increases hardware requirements in a programmable system-on-chip. / Master of Science

Industrial control systems

security

reconfigurable platform

high-level synthesis

system-on-chip