|
This project addresses security attacks that: (i) masquerade as failures and (ii) are delivered via self-learning malware that monitors the target system and launches the attack at a time and system location to have a maximal impact, by injecting a strategic failure. The target systems are cyber-physical systems (CPS) that manage or control large computing enterprises (e.g., the cooling or power distribution of high-performance system or cloud infrastructure). In this scenario, the vulnerability of the cyber-physical system acts as a weak point that lowers the security barrier of an otherwise well-protected system. This project addresses a full range of issues, including: (i) design of self-learning malware; (ii) launch vectors for failure injection attacks; and (iii) mitigation and defense against such attacks. The research draws on data from a cyber-physical system that supports the cooling of the Blue Waters supercomputing system at the University of Illinois.
The intellectual merit of this work lies in: (i) Development of scientifically sound methods to jointly study reliability failures of, and malicious attacks on, a cyber-physical system infrastructure that provides critical services for the uninterruptible operation of a large computing infrastructure. Possible advances in cyber-attacks in the context of indirectness, automation (driven by self-learning and adaptive malware), and reduced barriers to unauthorized entry to the system are considered; (ii) Study of feasibility of deploying attacks through self-learning malware (inserted into the auxiliary CPS), which takes advantage of a low-security barrier. In cyber-physical systems, the real-time control sequences rely on online measurements from the sensors distributed across the system. By monitoring those measurements one can build smart malware that is able to learn (interpret) the system state and then trigger an attack sequence at an opportune time; (iii) Develop attack mitigation methods that can be integrated with an existing intrusion detection system and combined with the monitoring from the cyber and physical layers of the tenant system; (iv) Validation of the mitigation strategies using a data-driven simulation testbed that emulates the cyber-physical system behavior and enables experimentation with different attack scenarios. While we focus on a large computing infrastructure, the problem has broader implications, e.g., the proliferation of "Internet of Things" devices creates an environment for attackers to exploit vulnerabilities in such entities as a stepping stone for launching attacks against highly-valuable assets. In the broader context of cyber security, this project aims to identify potential advances in threats by demonstrating the feasibility of masquerading a security problem as a reliability failure. Demonstrating a proof-of-concept on a potential threat and presenting an effective mitigation method will promote the development of detection and mitigation techniques against new threats.
|
SaTC: CORE: Small: Data-Driven Study of Attacks on Cyber-Physical Infrastructure Supporting Large Computing Systems