Journal
COMPUTER COMMUNICATIONS
Volume 189, Issue -, Pages 205-220Publisher
ELSEVIER
DOI: 10.1016/j.comcom.2022.03.019
Keywords
CPC; SDN; CPP; MTD; Smart grid; Network security
Categories
Funding
- Commonwealth Cyber Initiative, USA [HS-4Q21-005]
- SWVA node ProCyEd
Ask authors/readers for more resources
The paper introduces MystifY, a spatiotemporal runtime diversification for Moving-Target Defense (MTD) to secure the Software Defined CPS (SD-CPS) infrastructure. The approach utilizes grid-aware algorithms, dynamic controller relocation, and temporal diversification to enhance the resilience and reliability of SDN controllers. Experimental results demonstrate the efficiency and effectiveness of the presented solution.
The recent devastating mission Cyber-Physical System (CPS) attacks, failures, and the desperate need to scale and to dynamically adapt to changes, revolutionized traditional CPS to what we name as Software Defined CPS (SD-CPS). SD-CPS embraces the concept of Software Defined (SD) everything where CPS infrastructure is more elastic, dynamically adaptable and online-programmable. However, in SD-CPS, the threat became more immanent, as the long-been physically-protected assets are now programmatically accessible to cyber attackers. In SD-CPSs, a network failure hinders the entire functionality of the system. In this paper, we present MystifY, a spatiotemporal runtime diversification for Moving-Target Defense (MTD) to secure the SD-CPS infrastructure. In this paper, we relied on Smart Grid networks as crucial SD-CPS application to evaluate our presented solution. MystifY's MTD relies on a set of pillars to ensure the SDN controller resiliency against failures and attacks. The 1st pillar is a grid-aware algorithm that optimally allocates the most suitable controller-deployment location in large-scale grids. The 2nd pillar is a special diversifier that dynamically relocates the controller between heterogeneously configured hosts to avoid host-based attacks. The 3rd pillar is a temporal diversifier that dynamically detours controller-workload between multiple controllers to enhance their reliability and to detect and avoid controller intrusions. Our experimental results showed the efficiency and effectiveness of the presented approach.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available