4.7 Article

MystifY: A proactive Moving-Target Defense for a resilient SDN controller in Software Defined CPS

COMPUTER COMMUNICATIONS (2022)

Get Full Text
Add to Collection

Journal

COMPUTER COMMUNICATIONS
Volume 189, Issue -, Pages 205-220

Publisher

ELSEVIER
DOI: 10.1016/j.comcom.2022.03.019

Keywords

CPC; SDN; CPP; MTD; Smart grid; Network security

Categories

Computer Science, Information Systems Engineering, Electrical & Electronic Telecommunications

Funding

  1. Commonwealth Cyber Initiative, USA [HS-4Q21-005]
  2. SWVA node ProCyEd

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

The paper introduces MystifY, a spatiotemporal runtime diversification for Moving-Target Defense (MTD) to secure the Software Defined CPS (SD-CPS) infrastructure. The approach utilizes grid-aware algorithms, dynamic controller relocation, and temporal diversification to enhance the resilience and reliability of SDN controllers. Experimental results demonstrate the efficiency and effectiveness of the presented solution.
The recent devastating mission Cyber-Physical System (CPS) attacks, failures, and the desperate need to scale and to dynamically adapt to changes, revolutionized traditional CPS to what we name as Software Defined CPS (SD-CPS). SD-CPS embraces the concept of Software Defined (SD) everything where CPS infrastructure is more elastic, dynamically adaptable and online-programmable. However, in SD-CPS, the threat became more immanent, as the long-been physically-protected assets are now programmatically accessible to cyber attackers. In SD-CPSs, a network failure hinders the entire functionality of the system. In this paper, we present MystifY, a spatiotemporal runtime diversification for Moving-Target Defense (MTD) to secure the SD-CPS infrastructure. In this paper, we relied on Smart Grid networks as crucial SD-CPS application to evaluate our presented solution. MystifY's MTD relies on a set of pillars to ensure the SDN controller resiliency against failures and attacks. The 1st pillar is a grid-aware algorithm that optimally allocates the most suitable controller-deployment location in large-scale grids. The 2nd pillar is a special diversifier that dynamically relocates the controller between heterogeneously configured hosts to avoid host-based attacks. The 3rd pillar is a temporal diversifier that dynamically detours controller-workload between multiple controllers to enhance their reliability and to detect and avoid controller intrusions. Our experimental results showed the efficiency and effectiveness of the presented approach.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.7
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.