期刊
COMPUTER COMMUNICATIONS
卷 189, 期 -, 页码 205-220出版社
ELSEVIER
DOI: 10.1016/j.comcom.2022.03.019
关键词
CPC; SDN; CPP; MTD; Smart grid; Network security
资金
- Commonwealth Cyber Initiative, USA [HS-4Q21-005]
- SWVA node ProCyEd
The paper introduces MystifY, a spatiotemporal runtime diversification for Moving-Target Defense (MTD) to secure the Software Defined CPS (SD-CPS) infrastructure. The approach utilizes grid-aware algorithms, dynamic controller relocation, and temporal diversification to enhance the resilience and reliability of SDN controllers. Experimental results demonstrate the efficiency and effectiveness of the presented solution.
The recent devastating mission Cyber-Physical System (CPS) attacks, failures, and the desperate need to scale and to dynamically adapt to changes, revolutionized traditional CPS to what we name as Software Defined CPS (SD-CPS). SD-CPS embraces the concept of Software Defined (SD) everything where CPS infrastructure is more elastic, dynamically adaptable and online-programmable. However, in SD-CPS, the threat became more immanent, as the long-been physically-protected assets are now programmatically accessible to cyber attackers. In SD-CPSs, a network failure hinders the entire functionality of the system. In this paper, we present MystifY, a spatiotemporal runtime diversification for Moving-Target Defense (MTD) to secure the SD-CPS infrastructure. In this paper, we relied on Smart Grid networks as crucial SD-CPS application to evaluate our presented solution. MystifY's MTD relies on a set of pillars to ensure the SDN controller resiliency against failures and attacks. The 1st pillar is a grid-aware algorithm that optimally allocates the most suitable controller-deployment location in large-scale grids. The 2nd pillar is a special diversifier that dynamically relocates the controller between heterogeneously configured hosts to avoid host-based attacks. The 3rd pillar is a temporal diversifier that dynamically detours controller-workload between multiple controllers to enhance their reliability and to detect and avoid controller intrusions. Our experimental results showed the efficiency and effectiveness of the presented approach.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据