Intrusion detection for CPS real-time controllers

Christopher Zimmer, Balasubramany Bhat, Frank Mueller, Sibin Mohan

Research output: Contribution to journalArticlepeer-review

8 Scopus citations

Abstract

Security in CPS-based real-time embedded systems controlling the power grid has been an afterthought, but it is becoming a critical issue as CPS systems are networked and inter-dependent. This work presents a set of mechanisms for timebased intrusion detection, i.e., the execution of unauthorized instructions in realtime CPS environments. The novelty is the utilization of information obtained by static timing analysis for intrusion detection. Real-time CPS systems are unique in that timing bounds on code sections are readily available since they are required for schedulability analysis.We demonstrate how micro-timings can be exploited for multiple granularity levels of application code to track execution progress. Through bounds checking of these micro-timings, we develop techniques to detect intrusions (1) in a self-checking manner by the application and (2) through the operating system scheduler, which are novel contributions to the real-time/embedded systems domain to the best of our knowledge.

Original languageEnglish
Pages (from-to)329-358
Number of pages30
JournalPower Systems
Volume79
DOIs
StatePublished - 2015
Externally publishedYes

Funding

This work was supported in part by NSF grants 1329780, 1239246, 0812121 and U.S. Army Research Office (ARO) grant W911NF-08-1-0105 managed by NCSU Secure Open Systems Initiative (SOSI). This is an extended version of a prior conference paper [50].

FundersFunder number
Army Research Office
National Science Foundation
National Science Foundation1239246, 0812121, 1329780
Army Research OfficeW911NF-08-1-0105
North Carolina State University

    Fingerprint

    Dive into the research topics of 'Intrusion detection for CPS real-time controllers'. Together they form a unique fingerprint.

    Cite this