4.7 Article

MystifY: A proactive Moving-Target Defense for a resilient SDN controller in Software Defined CPS

期刊

COMPUTER COMMUNICATIONS
卷 189, 期 -, 页码 205-220

出版社

ELSEVIER
DOI: 10.1016/j.comcom.2022.03.019

关键词

CPC; SDN; CPP; MTD; Smart grid; Network security

资金

  1. Commonwealth Cyber Initiative, USA [HS-4Q21-005]
  2. SWVA node ProCyEd

向作者/读者索取更多资源

The paper introduces MystifY, a spatiotemporal runtime diversification for Moving-Target Defense (MTD) to secure the Software Defined CPS (SD-CPS) infrastructure. The approach utilizes grid-aware algorithms, dynamic controller relocation, and temporal diversification to enhance the resilience and reliability of SDN controllers. Experimental results demonstrate the efficiency and effectiveness of the presented solution.
The recent devastating mission Cyber-Physical System (CPS) attacks, failures, and the desperate need to scale and to dynamically adapt to changes, revolutionized traditional CPS to what we name as Software Defined CPS (SD-CPS). SD-CPS embraces the concept of Software Defined (SD) everything where CPS infrastructure is more elastic, dynamically adaptable and online-programmable. However, in SD-CPS, the threat became more immanent, as the long-been physically-protected assets are now programmatically accessible to cyber attackers. In SD-CPSs, a network failure hinders the entire functionality of the system. In this paper, we present MystifY, a spatiotemporal runtime diversification for Moving-Target Defense (MTD) to secure the SD-CPS infrastructure. In this paper, we relied on Smart Grid networks as crucial SD-CPS application to evaluate our presented solution. MystifY's MTD relies on a set of pillars to ensure the SDN controller resiliency against failures and attacks. The 1st pillar is a grid-aware algorithm that optimally allocates the most suitable controller-deployment location in large-scale grids. The 2nd pillar is a special diversifier that dynamically relocates the controller between heterogeneously configured hosts to avoid host-based attacks. The 3rd pillar is a temporal diversifier that dynamically detours controller-workload between multiple controllers to enhance their reliability and to detect and avoid controller intrusions. Our experimental results showed the efficiency and effectiveness of the presented approach.

作者

我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。

评论

主要评分

4.7
评分不足

次要评分

新颖性
-
重要性
-
科学严谨性
-
评价这篇论文

推荐

暂无数据
暂无数据