Secure state

Abstract: The paper presents a new approach to representing and detecting computer penetrations in real time. The approach, called state transition analysis, models penetrations as a series of state changes that lead from an initial secure state to a target compromised state. State transition diagrams, the graphical representation of penetrations, identify precisely the requirements for and the compromise of a penetration and present only the critical events that must occur for the successful completion of the penetration. State transition diagrams are written to correspond to the states of an actual computer system, and these diagrams form the basis of a rule based expert system for detecting penetrations, called the state transition analysis tool (STAT). The design and implementation of a Unix specific prototype of this expert system, called USTAT, is also presented. This prototype provides a further illustration of the overall design and functionality of this intrusion detection approach. Lastly, STAT is compared to the functionality of comparable intrusion detection tools. >

Abstract: Cyber-physical systems (CPSs) empower the integration of physical processes and cyber infrastructure with the aid of ubiquitous computation resources and communication capabilities. CPSs have permeated modern society and found extensive applications in a wide variety of areas, including energy, transportation, advanced manufacturing, and medical health. The security of CPSs against cyberattacks has been regarded as a long-standing concern. However, CPSs suffer from extendable vulnerabilities that are beyond classical networked systems due to the tight integration of cyber and physical components. Sophisticated and malicious cyberattacks continue to emerge to adversely impact CPS operation, resulting in performance degradation, service interruption, and system failure. Secure state estimation and control technologies play a vital role in warranting reliable monitoring and operation of safety-critical CPSs. This article provides a review of the state-of-the-art results for secure state estimation and control of CPSs. Specifically, the latest development of secure state estimation is summarized in light of different performance indicators and defense strategies. Then, the recent results on secure control are discussed and classified into three categories: 1) centralized secure control; 2) distributed secure control; and 3) resource-aware secure control. Furthermore, two specific application examples of water supply distribution systems and wide-area power systems are presented to demonstrate the applicability of secure state estimation and control approaches. Finally, several challenging issues are discussed to direct future research.

Abstract: Intrusion-detection systems aim at detecting attacks against computer systems and networks, or in general against information systems Indeed, it is difficult to provide provably secure information systems and to maintain them in such a secure state during their lifetime and utilization Sometimes, legacy or operational constraints do not even allow the definition of a fully secure information system Therefore, intrusion- detection systems have the task of monitoring the usage of such systems to detect apparition of insecure states They detect attempts and active misuse, either by legitimate users of the information systems or by external parties, to abuse their privileges or exploit security vulnerabilities In a previous paper [Computer networks 31, 805–822 (1999)], we introduced a taxonomy of intrusion- detection systems that highlights the various aspects of this area This paper extends the taxonomy beyond real- time intrusion detection to include additional aspects of security monitoring, such as vulnerability assessment