Intrusion detection for resource-constrained embedded control systems in the power grid

详细信息    查看全文

• 作者：Jason Reeves ; Ashwin Ramaswamy ; Michael Locasto ; Sergey Bratus ; Sean Smith
• 关键词：Embedded control systems ; Power grid ; Intrusion detection
• 刊名：International Journal of Critical Infrastructure Protection
• 出版年：2012
• 出版时间：July, 2012
• 年：2012
• 卷：5
• 期：2
• 页码：74-83
• 全文大小：275 K

文摘

The power grid depends on embedded control systems or SCADA systems to function properly. Securing these systems presents unique challenges¡ªin addition to the resource restrictions inherent to embedded devices, SCADA systems must accommodate strict timing requirements that are non-negotiable, and their massive scale greatly amplifies costs such as power consumption. Together, these constraints make the conventional approach to host intrusion detection-using a hypervisor to create a safe environment from which a monitoring entity can operate-too costly or impractical for embedded control systems in the critical infrastructure.

This paper discusses the design and implementation of Autoscopy, an experimental host-based intrusion detection mechanism that operates from within the kernel and leverages its built-in tracing framework to identify control-flow anomalies, which are most often caused by rootkits that hijack kernel hooks. The paper presents the concepts underlying the original Autoscopy prototype, highlights some of the issues that arose from it, and introduces the new system, dubbed Autoscopy Jr., which addresses the issues. Tests on non-embedded systems demonstrated that the monitoring scope could be managed to limit Autoscopy Jr.¡¯s performance impact on its host to under 5 % . The paper also describes the use of an optimized probe framework to reduce overhead and the test results obtained for a hardened kernel. The results demonstrate that Autoscopy Jr.¡¯s design and effectiveness render it uniquely suited to intrusion detection for SCADA systems.