MystifY: A proactive Moving-Target Defense for a resilient SDN controller in Software Defined CPS

The recent devastating mission Cyber-Physical System (CPS) attacks, failures, and the desperate need to scale and to dynamically adapt to changes, revolutionized traditional CPS to what we name as Software Defined CPS (SD-CPS). SD-CPS embraces the concept of Software Defined (SD) everything where CPS infrastructure is more elastic, dynamically adaptable and online-programmable. However, in SD-CPS, the threat became more immanent, as the long-been physically-protected assets are now programmatically accessible to cyber attackers. In SD-CPSs, a network failure hinders the entire functionality of the system. In this paper, we present MystifY, a spatiotemporal runtime diversification for Moving-Target Defense (MTD) to secure the SD-CPS infrastructure. In this paper, we relied on Smart Grid networks as crucial SD-CPS application to evaluate our presented solution. MystifY's MTD relies on a set of pillars to ensure the SDN controller resiliency against failures and attacks. The 1st pillar is a grid-aware algorithm that optimally allocates the most suitable controller-deployment location in large-scale grids. The 2nd pillar is a special diversifier that dynamically relocates the controller between heterogeneously configured hosts to avoid host-based attacks. The 3rd pillar is a temporal diversifier that dynamically detours controller-workload between multiple controllers to enhance their reliability and to detect and avoid controller intrusions. Our experimental results showed the efficiency and effectiveness of the presented approach.

Automated summary

The paper introduces MystifY, a spatiotemporal runtime diversification for Moving-Target Defense (MTD) to secure the Software Defined CPS (SD-CPS) infrastructure. The approach utilizes grid-aware algorithms, dynamic controller relocation, and temporal diversification to enhance the resilience and reliability of SDN controllers. Experimental results demonstrate the efficiency and effectiveness of the presented solution.