Security metrics and allocation of security resources for control systems

Abstract: Achieving a sufficient level of security of control systems is very important, yet challenging. Firstly, control systems operate critical infrastructures vital for our society. Hence, attacks against them can result in dire consequences. Secondly, large numbers of security vulnerabilities typically exist in these systems, which makes them attractive targets of attacks. In fact, several attacks have already occurred. Thirdly, due to their specific nature, securing control systems can be costly. For example, their real time availability requirements complicate the deployment of security measures, and control system equipment with limited computational power is unsuited for many security solutions. Motivated by the necessity of control systems security, we study two security-related applications. The first application considers classifying and preventing security vulnerabilities. We aim to first characterize the most critical vulnerability combinations in a control system, and then prevent these combinations in a cost-effective manner. To characterize the critical vulnerability combinations, we develop an impact estimation framework. Particularly, we use a physical model of the control system to simulate the impact that attack strategies may have on the physical process. Our framework is compatible with a number of attack strategies proposed throughout the literature, and can be used to estimate the impact efficiently. To prevent critical vulnerability combinations in a cost-effective manner, we develop a security measure allocation framework. The framework includes an algorithm for systematically finding critical vulnerability combinations, and two approaches for allocating security measures that prevent these combinations cost-effectively. The second application considers actuator security. Actuators are vital components of control systems to protect, since they directly interact with the physical process. To evaluate the vulnerability of every actuator in a control system, we develop actuator security indices. These indices characterize resources that the attacker needs to compromise to conduct a perfectly undetectable attack against each actuator. We propose methods to compute the actuator security indices, show that the defender can improve the indices by allocating additional sensors, and discuss the robustness of the indices. We also study a sensor allocation game based on actuator security indices. The goal of studying this game is to develop a monitoring strategy that improves the indices. We derive an approximate Nash Equilibrium of the game, and present the cases when this approximate Nash Equilibrium becomes exact. We also outline the intuition behind this equilibrium, and discuss the ways to further improve the monitoring strategy from the equilibrium.