Embedded systems currently rely on local and often insecure state retention for process control and subsequent forensic analysis. As critical embedded control systems (e.g., smart grids, SCADA) generate increasing amounts of data and become ever more connected to other systems, secure retention and management of that data is required. Attacks such as Stuxnet show that SCADA and other systems comprising critical infrastructure are vulnerable to the compromise of controllers and sensing devices, as well as falsification of data to circumvent anomaly detection mechanisms. This project develops techniques and architectures for securely storing and monitoring embedded system state in critical infrastructure. We are examining vulnerabilities relating to generating and storing data in critical embedded systems, which are often resource-constrained environments. We propose the design and deployment of 'autonomously secure storage devices' that act as resilient storage for embedded devices. We are designing logging, audit, and management architectures for resiliently storing system data and provenance in the face of malicious and compromised devices. Additionally, we explore how this data may be disseminated to other systems and to environments such as the cloud and aim to protect data through privacy-preserving communication and querying interfaces, and attempt to make data-driven inferences about system operation to detect anomalous behavior. Through these active protections to generated data and metadata, we aim to provide a new baseline for producing and storing data generated within critical infrastructures.
CAREER: Securing Critical Infrastructure with Autonomously Secure Storage