Abstract
Many cyber-physical systems (CPS) are critical infrastructure. Security attacks on these critical systems can have catastrophic consequences, putting human lives at risk. Consequently, it is very important to pace CPS systems to red-teaming/blue teaming exercises to understand vulnerabilities and the progression/impact of cyber attacks on them. Since it is not always prudent to conduct such security exercises on live CPS, researchers use CPS testbeds to conduct security-related experiments. Often, such testbeds are very expensive. Since attack scripts used in red-teaming/blue-teaming exercises are, in the strictest sense of the term, malicious in nature, there is a need to protect the testbed itself from these attack experiments that have the potential to go awry. Moreover, when multiple experiments are conducted on the same testbed, there is a need to maintain isolation among these experiments so that no experiment can accidentally or maliciously affect/compromise others. In this work, we describe a novel security architecture and framework to ensure protection of security-related experiments on a CPS testbed and at the same time support secure communication services among simultaneously running experiments based on well-formulated access control policies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ashok, A., Hahn, A., Govindarasu, M.: A cyber-physical security testbed for smart grid: system architecture and studies. In: Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, pp. 1–1 (2011)
Banerjee, A., Venkatasubramanian, K.K., Mukherjee, T., Gupta, S.K.S.: Ensuring safety, security, and sustainability of mission-critical cyber-physical systems. Proc. IEEE 100(1), 283–299 (2011)
Belyaev, K., Ray, I.: Component-oriented access control for deployment of application services in containerized environments. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 383–399. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48965-0_23
Burtsev, A., Radhakrishnan, P., Hibler, M., Lepreau, J.: Transparent checkpoints of closed distributed systems in emulab. In: Proceedings of the 4th ACM European Conference on Computer Systems, pp. 173–186 (2009)
Carriero, N., Gelernter, D.: Linda in context. Commun. ACM 32(4), 444–458 (1989)
Holm, H., Karresand, M., Vidström, A., Westring, E.: A survey of industrial control system testbeds. In: Buchegger, S., Dam, M. (eds.) Nordic Conference on Secure IT Systems, LNSC, vol. 9417, pp. 11–26. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26502-5_2
Kim, S., Heo, G., Zio, E., Shin, J., Song, J.G.: Cyber attack taxonomy for digital environment in nuclear power plants. Nuclear Eng. Technol. 52(5), 995–1001 (2020)
Line, M.B., Tøndel, I.A., Jaatun, M.G.: Cyber security challenges in smart grids. In: 2011 2nd IEEE Pes International Conference and Exhibition on Innovative Smart Grid Technologies, pp. 1–8. IEEE (2011)
Oyewumi, I.A., et al.: ISAAC: the idaho cps smart grid cybersecurity testbed. In: 2019 IEEE Texas Power and Energy Conference (TPEC), pp. 1–6. IEEE (2019)
Shi, J., Wan, J., Yan, H., Suo, H.: A survey of cyber-physical systems. In: 2011 International Conference on Wireless Communications and Signal Processing (WCSP), pp. 1–6. IEEE (2011)
Siaterlis, C., Garcia, A.P., Genge, B.: On the use of emulab testbeds for scientifically rigorous experiments. IEEE Commun. Surv. Tutorials 15(2), 929–942 (2012)
Siaterlis, C., Genge, B., Hohenadel, M.: Epic: a testbed for scientifically rigorous cyber-physical security experimentation. IEEE Trans. Emerging Top. Comput. 1(2), 319–330 (2013)
Smadi, A.A., Ajao, B.T., Johnson, B.K., Lei, H., Chakhchoukh, Y., Al-Haija, Q.A.: A comprehensive survey on cyber-physical smart grid testbed architectures: requirements and challenges. Electronics 10(9), 1043 (2021)
Sridhar, S., Hahn, A., Govindarasu, M.: Cyber-physical system security for the electric power grid. Proc. IEEE 100(1), 210–224 (2011)
Acknowledgements
This work was supported in part through funding from the US Department of Energy under CID \(\#\)DE-NE0008986, the US National Science Foundation under grant \(\#\)1822118, the industry partners AMI, NIST, Cyber Risk Research, Statnett, New Push and ARL of the NSF IUCRC Center for Cybersecurity Analytics and Automation, and the Colorado State University. Any opinions, finding, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the DOE, the NSF, the industry partners, the University, or any other federal agencies.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Talukder, M.R.H., Amin, M.A., Ray, I. (2022). Protecting Cyber-Physical System Testbeds from Red-Teaming/Blue-Teaming Experiments Gone Awry. In: Su, C., Gritzalis, D., Piuri, V. (eds) Information Security Practice and Experience. ISPEC 2022. Lecture Notes in Computer Science, vol 13620. Springer, Cham. https://doi.org/10.1007/978-3-031-21280-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-21280-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21279-6
Online ISBN: 978-3-031-21280-2
eBook Packages: Computer ScienceComputer Science (R0)