Please use this identifier to cite or link to this item:
Issue Date: 18-Apr-2019
Publisher: Università degli studi Roma Tre
Abstract: ndustrial control systems (ICSs) are changing rapidly to satisfy requests of higher interconnectivity (e.g., connection between enterprise and process zone) and introduction of additional features that can boost up the governance (e.g., IT-typical components and data analytics process). This revolution exposes these systems to a new infection vectors from which is challenging to protect considering the complexity of deploying new components, especially in the pro cess zone. Common protections adopted by ICSs seem not to be effective against innovative attacks (e.g., Advanced Persistent Threats) performed by high-profile and motivated attachers who aim at penetrating into target-systems with a traf fic that looks like legitimate. An analysis of techniques used by such innovative attacks targeting ICS suggested the USB thumb drives are effective infection vectors that can be used to bypass the first perimeter of defence and jump directly into the critical part of the system (i.e., critical machines) that has to be carefully protected. Leveraging a USB thumb drive allows attackers to compromised also system that are strongly isolated by means of air-gap. We propose techniques that, along with traditional defences, can enhance the improvement of the cyber security posture of ICS. Especially, we show methods and hardware-based solutions that are able to prevent malware infection, also due to zero-days, spread through USB thumb drives without changing the us ability perceived by end-users. We protect both against infection coming from software (e.g., script embedded in files) and against modified-firmware that aim at impersonating a different USB peripheral like, for instance, a mouse of a keyboard. We also introduce a methodology and a software architecture, based on Software Defined Networking paradigm, that allow an ICS operator to use the spare bandwidth that might be available in over-provisioned networks to forward replicas of traffic streams towards a single intrusion detection system placed at an arbitrary location. Furthermore, we present an overview of a solution developed within the con text of an European project (Preemptive) devised to improve the cyber security of ICSs adopting an innovative approach. This solution encompasses several detection and prevention tools. Each of them aims at addressing a specific se curity aspect and use data collected in different part of the system. All data are integrated and correlate in order to decrease false positives and increase the chance to detect also APT-like attacks. Then, we show a protocol for a key-value storage service that provides ADS enabled integrity-protected queries and updates without impairing scalability, even in the presence of large network latencies between trusted clients and an untrusted server. This solution could be valuable in industrial control systems context where many unintelligent devices (e.g., sensors) store data in a remote private cloud. In this case, the integrity of data store in the cloud is guaranteed while maintaining the possibility to achieve high throughput keeping limited latency.
Access Rights: info:eu-repo/semantics/openAccess
Appears in Collections:X_Dipartimento di Ingegneria
T - Tesi di dottorato

Files in This Item:
File Description SizeFormat
FedericoGriscioliPhDThesis_2019.pdf7.81 MBAdobe PDFView/Open
Show full item record Recommend this item

Page view(s)

checked on Sep 21, 2023


checked on Sep 21, 2023

Google ScholarTM


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.