Abstract-Internet is considered a Critical Infrastructure (CI) that is vital for both the economy and the society. Disruptions caused by natural disasters, malicious human actions and even hardware failure pose serious risks. Emulation testbeds are increasingly used to study the Internet in order to improve protection and response mechanisms. These are frequently considered more adequate than software simulators to realistically recreate the complex behavior of networks. In this paper we study how testbeds based on the Emulab software can be used to conduct scientifically rigorous experiments, specifically in terms of: a) experiment fidelity, b) repeatability, c) measurement accuracy, and d) interference.Our study, which is based on extensive experimentation on different testbeds, indicates that the current trend of using emulation testbeds is justified as both realistic and efficient. We show that Emulab-based experiments are representative of real systems in terms of emerging behavior (qualitative) and that repeatable experiments are possible. The main contribution of this tutorial article is that based on experimental results we identified caveats and provided insights to significant configuration parameters and limitations that are further elaborated into a set of guidelines that any Emulab user should be aware of. Then, he/she can decide about the importance of each guideline in the context of a specific study and experiment.
Recent malware, like Stuxnet and Flame, constitute a major threat to networked critical infrastructures (NCIs), e.g., power plants. They revealed several vulnerabilities in today's NCIs, but most importantly they highlighted the lack of an efficient scientific approach to conduct experiments that measure the impact of cyber threats on both the physical and the cyber parts of NCIs. In this paper, we present EPIC, a novel cyber-physical testbed, and a modern scientific instrument that can provide accurate assessments of the effects that cyber-attacks may have on the cyber and physical dimensions of NCIs. To meet the complexity of today's NCIs, EPIC employs an Emulab-based testbed to recreate the cyber part of NCIs and multiple software simulators for the physical part. Its main advantage is that it can support very accurate, real-time, repeatable, and realistic experiments with heterogeneous infrastructures. We show through several case studies how EPIC can be applied to explore the impact that cyber-attacks and Information and Communications Technology system disruptions have on critical infrastructures.
The pervasive adoption of traditional information and communication technologies hardware and software in industrial control systems (ICS) has given birth to a unique technological ecosystem encapsulating a variety of objects ranging from sensors and actuators to video surveillance cameras and generic PCs. Despite their invaluable advantages, these advanced ICS create new design challenges, which expose them to significant cyber threats. To address these challenges, an innovative ICS network design technique is proposed in this paper to harmonize the traditional ICS design requirements pertaining to strong architectural determinism and real-time data transfer with security recommendations outlined in the ISA-62443.03.02 standard. The proposed technique accommodates security requirements by partitioning the network into security zones and by provisioning critical communication channels, known as security conduits, between two or more security zones. The ICS network design is formulated as an integer linear programming (ILP) problem that minimizes the cost of the installation. Real-time data transfer limitations and security requirements are included as constraints imposing the selection of specific traffic paths, the selection of routing nodes, and the provisioning of security zones and conduits. The security requirements of cyber assets denoted by traffic and communication endpoints are determined by a cyber attack impact assessment technique proposed in this paper. The sensitivity of the proposed techniques to different parameters is evaluated in a first scenario involving the IEEE 14-bus model and in a second scenario involving a large network topology based on generated data. Experimental results demonstrate the efficiency and scalability of the ILP model. Index Terms-Industrial control systems (ICS), ISA-62443, network design, security conduit, security zone.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.