CORESAFE: A Formal Approach against Code Replacement Attacks on Cyber Physical Systems

Submitted by user123 on Sat, 07/24/2021 - 12:48
Project Investigator
Prof. Sandeep K. Shukla

Cyber-Physical Systems (CPS) such as a manufacturing plant, a power generator,  a power transmission substation are usually controlled by a SCADA (Supervisory Control and Data Acquisition System). Other CPS examples include drive-by-wire automotive, fly-by-wire flight control system etc. Due to the rise of global terrorism, and cyber criminals, these systems are ripe targets of cyber attacks. At IIT Kanpur, we are in the process of building a SCADA Cyber Security lab with real SCADA hardware/software/networks as well as surrogate physical plants,  to study the cyber threat models, vulnerabilities, and cyber security mechanisms. We are also looking into cybersecurity of general CPS systems. Among the various attack surfaces recognized by the community, the possibility of replacement of previously vetted control software, or other software components in the system by malicious variants by insider attackers is an acute possibility. Recent studies have shown that almost 29% of all attacks are insider attacks. In order to continually monitor the behavior of various software components of such systems, one has to figure out a mechanism in which normal and abnormal behaviors can be distinguished automatically.