Tuesday, June 25, 2013

New Research Grant On Security of Industrial Control Systems

We're excited to announce a new research grant on Semantic Security Monitoring for Industrial Control Systems that the National Science Foundation has awarded to a team of researchers at the International Computer Science Institute (ICSI),  the National Center for Supercomputing Applications (NCSA), and the University of Illinois. We plan to eventually integrate the technology developed for this effort into Bro's open-source distribution.

Industrial control systems differ significantly from standard, general-purpose computing environments, and they face quite different security challenges. With physical "air gaps" now the exception, our critical infrastructure has become vulnerable to a broad range of potential attackers. In this project we will develop novel network monitoring approaches that can detect sophisticated semantic attacks: malicious actions that drive a process into an unsafe state without however exhibiting any obvious protocol-level red flags. In one thrust, we will conduct a measurement-centric study of ICS network activity, aimed at developing a deep understanding of operational semantics in terms of actors, workloads, dependencies, and state changes over time. In a second thrust, we will develop domain-specific behavior models that abstract from low-level protocol activity to their semantic meaning according to the current state of the processes under control. Our goal is to integrate these models into operationally viable, real-time network monitoring that reports unexpected deviations as indicators of attacks or malfunction. A separate "Transition to Practice" phase will advance our research results into deployment-ready technology by integrating it into Bro.

No comments:

Post a Comment