Scalable Approach to Enhancing ICS Resilience by Network Diversity

Li, Tingting; Feng, Chengjian; Hankin, Chris

doi:10.1109/dsn48063.2020.00055

Cited by 4 publications

(7 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The main contributions of the paper are as follows: 1) We investigate the effectiveness of redundancy to mitigate attack impacts, taking the service capacity analysis angle to redundancy and diversity. This differs from previous works on the use of diversity for security such as [2], [3], [4], which focus on identifying which parts of a system to diversify, but without considering overall performance. On the capacity analysis side, where performance modeling is common, our work differs in our focus on malicious attacks.…”

Section: Introductionmentioning

confidence: 80%

“…Diversity: Existing studies on the use of diversity to increase robustness to attacks (e.g. [2], [3], [4]) focus on optimizing network service diversity to resist attack propagation. By comparison, we determine the optimal number of (diverse) servers to be used for the services provided by a system in order to limit the impacts from attacks, with diversity arising in the different server types used for a given service.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Redundancy Planning for Cost Efficient Resilience to Cyber Attacks

Soikkeli

Casale

Muñoz-González

et al. 2023

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

We investigate the extent to which redundancy (including with diversity) can help mitigate the impact of cyber attacks that aim to reduce system performance. Using analytical techniques, we estimate impacts, in terms of monetary costs, of penalties from breaching Service Level Agreements (SLAs), and find optimal resource allocations to minimize the overall costs arising from attacks. Our approach combines attack impact analysis, based on performance modeling using queueing networks, with an attack model based on attack graphs. We evaluate our approach using a case study of a website, and show how resource redundancy and diversity can improve the resilience of a system by reducing the likelihood of a fully disruptive attack. We find that the cost-effectiveness of redundancy depends on the SLA terms, the probability of attack detection, the time to recover, and the cost of maintenance. In our case study, redundancy with diversity achieved a saving of up to around 50 percent in expected attack costs relative to no redundancy. The overall benefit over time depends on how the saving during attacks compares to the added maintenance costs due to redundancy.

show abstract

Section: Introductionmentioning

confidence: 80%

Section: Related Workmentioning

confidence: 99%

Redundancy Planning for Cost Efficient Resilience to Cyber Attacks

Soikkeli

Casale

Muñoz-González

et al. 2023

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…Common vulnerabilities in neighbor nodes allow an attacker to employ the same tool to gain control of both nodes, easing how the attacker acquires targets in the network by propagation. To avoid the exploitation of 0-day shared vulnerabilities in such fashion, works like [14], [31]- [33] propose to diversify the network resources implemented in neighbor nodes. The models and problem statements presented in the works above improved our vision on network diversity methods.…”

Section: Related Workmentioning

confidence: 99%

“…However, works like [24], [25], and the vulnerability disclosure databases [9]- [13] reveal that apparently unrelated implementations could share common risks due to code reutilization, third-party software applications, etc. In the literature, other authors have considered shared vulnerabilities, such as [14], [31]- [33], [37], [41]- [43]. Some authors take into account shared vulnerabilities assessing the number of common vulnerabilities disclosed between the available technologies.…”

Section: Related Workmentioning

confidence: 99%

“…Examples of average metrics are the average pairwise connectivity [35], [37], the average attacking effort [14], [31], and the average normalized size of the largest component [38]. On the other hand, examples of worst-case scenario metrics are the worstcase pairwise connectivity [36], the least attacking effort [14], [31], and the minimum normalized size of the largest component [38]. As observed in [38], each of the metrics taken alone in assessing reliability is incomplete; that is why in our work, we consider a joint metric that incorporates both.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Maximizing Network Reliability to 0-Day Exploits Through a Heterogeneous Node Migration Strategy

2021

View full text Add to dashboard Cite

A recurrent problem currently affecting network reliability is the simultaneous exploitation of 0-day vulnerabilities shared between several node implementations across the network. When such 0-day vulnerabilities are exploited, large portions of the network may get compromised as a result. In this work, we propose a network node migration strategy to minimize the impact of 0-day attacks on network reliability. The migration method proposes replacing homogeneous node implementations with diverse alternatives to yield a heterogeneous network. The migration method allocates heterogeneous nodes within the network by minimizing the product between the average and the maximum number of network partitions, which may emerge after the simultaneous exploitation of 0-day risks on shared network resources. As we show, our migration strategy maximizes network connectivity in the event of a simultaneous 0-day attack. Our work's significant findings are the following: First, increasing the heterogeneity in node technologies reduces the attacker's ability to break down the entire network. Second, given a set of available network technologies that partially share risks, a network design implemented using several heterogeneous technologies sharing a small number of 0-day risks is more reliable than one with a small number of technologies whose 0-day risks are disjoint. Third, we observed that in a node-heterogeneous network topology, clustering nodes by technology improves network reliability.INDEX TERMS Network diversity, network reliability, 0-day vulnerabilities, connected components.

show abstract

Enhancing attack resilience of cyber-physical systems through state dependency graph models

Adamos

Stergiopoulos

Karamousadakis

et al. 2023

Int. J. Inf. Secur.

View full text Add to dashboard Cite

This paper presents a method that utilizes graph theory and state modelling algorithms to perform automatic complexity analysis of the architecture of cyber-physical systems (CPS). It describes cyber physical systems risk assessment (CPSRA), a tool to provide automatic decision support for enhancing the overall resilience of CPS architectures often used in critical infrastructures. CPRSA is built to enhance industrial risk assessment and improve the resilience of CPS architecture against malicious attacks on the cyber domain that can affect industrial processes, which is critical in a distributed cyber environment. Such attacks often compromise execution states on physical components and lead to hazards or even disasters through plant malfunction. CPSRA is tested against a real-world testbed model of a large SCADA system that is infused with real-world CVE vulnerabilities in some of its components. The tool creates an isomorphic graph of the CPS process model and uses graph algorithms and network analytics on the model to test cyber-attacks and evaluate attack resilience aspects. The tool’s output is then used to pinpoint high-complexity components in terms of influence on the overall CPS architecture and suggest mitigation points for security measure implementation while considering every potential subattack path and subliminal path on the model’s attack graph. The paper complements standardized assessment reports and contributes to automatic architecture assessment for critical infrastructure environments and can be used as the basis to model dependencies and threat propagation in larger digital twins, a need outlined in major NIST publications concerning the security of industrial systems that was previously done manually, without automatic insight into state and vulnerability influences.

show abstract

Scalable Approach to Enhancing ICS Resilience by Network Diversity

Cited by 4 publications

References 20 publications

Redundancy Planning for Cost Efficient Resilience to Cyber Attacks

Redundancy Planning for Cost Efficient Resilience to Cyber Attacks

Maximizing Network Reliability to 0-Day Exploits Through a Heterogeneous Node Migration Strategy

Enhancing attack resilience of cyber-physical systems through state dependency graph models

Contact Info

Product

Resources

About