权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

SaTC: CORE: Small: Data-Driven Study of Attacks on Cyber-Physical Infrastructure Supporting Large Computing Systems

SaTC：核心：小型：支持大型计算系统的网络物理基础设施攻击的数据驱动研究

基本信息

批准号：
1816673
负责人：
Zbigniew Kalbarczyk
金额：
$ 50万
依托单位：
University of Illinois at Urbana-Champaign
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2018
资助国家：
美国
起止时间：
2018-09-01 至 2022-08-31
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1816673&HistoricalAwards=false
关键词：
SaTC CORE Small Data Driven

项目摘要

This project addresses security attacks that: (i) masquerade as failures and (ii) are delivered via self-learning malware that monitors the target system and launches the attack at a time and system location to have a maximal impact, by injecting a strategic failure. The target systems are cyber-physical systems (CPS) that manage or control large computing enterprises (e.g., the cooling or power distribution of high-performance system or cloud infrastructure). In this scenario, the vulnerability of the cyber-physical system acts as a weak point that lowers the security barrier of an otherwise well-protected system. This project addresses a full range of issues, including: (i) design of self-learning malware; (ii) launch vectors for failure injection attacks; and (iii) mitigation and defense against such attacks. The research draws on data from a cyber-physical system that supports the cooling of the Blue Waters supercomputing system at the University of Illinois.The intellectual merit of this work lies in: (i) Development of scientifically sound methods to jointly study reliability failures of, and malicious attacks on, a cyber-physical system infrastructure that provides critical services for the uninterruptible operation of a large computing infrastructure. Possible advances in cyber-attacks in the context of indirectness, automation (driven by self-learning and adaptive malware), and reduced barriers to unauthorized entry to the system are considered; (ii) Study of feasibility of deploying attacks through self-learning malware (inserted into the auxiliary CPS), which takes advantage of a low-security barrier. In cyber-physical systems, the real-time control sequences rely on online measurements from the sensors distributed across the system. By monitoring those measurements one can build smart malware that is able to learn (interpret) the system state and then trigger an attack sequence at an opportune time; (iii) Develop attack mitigation methods that can be integrated with an existing intrusion detection system and combined with the monitoring from the cyber and physical layers of the tenant system; (iv) Validation of the mitigation strategies using a data-driven simulation testbed that emulates the cyber-physical system behavior and enables experimentation with different attack scenarios. While we focus on a large computing infrastructure, the problem has broader implications, e.g., the proliferation of "Internet of Things" devices creates an environment for attackers to exploit vulnerabilities in such entities as a stepping stone for launching attacks against highly-valuable assets. In the broader context of cyber security, this project aims to identify potential advances in threats by demonstrating the feasibility of masquerading a security problem as a reliability failure. Demonstrating a proof-of-concept on a potential threat and presenting an effective mitigation method will promote the development of detection and mitigation techniques against new threats.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目解决了以下安全攻击：（i）伪装成故障，（ii）通过自学习恶意软件进行交付，该恶意软件监视目标系统并通过注入战略故障在某个时间和系统位置发起攻击以产生最大影响。目标系统是管理或控制大型计算企业（例如，高性能系统或云基础设施的冷却或配电）。在这种情况下，网络物理系统的脆弱性成为一个薄弱点，降低了原本受到良好保护的系统的安全屏障。该项目解决了一系列问题，包括：（i）自学习恶意软件的设计;（ii）故障注入攻击的启动向量;以及（iii）缓解和防御此类攻击。这项研究利用了一个网络物理系统的数据，该系统支持伊利诺伊大学Blue沃茨超级计算系统的冷却，这项工作的智力价值在于：㈠制定科学合理的方法，共同研究网络物理系统基础设施的可靠性故障和恶意攻击，该基础设施为大型计算基础设施的不间断运行提供关键服务。网络攻击的间接性，自动化（由自学和自适应恶意软件驱动）的背景下可能取得的进展，并减少未经授权进入系统的障碍被认为是;（ii）通过自学恶意软件（插入到辅助CPS），利用低安全屏障部署攻击的可行性研究。在信息物理系统中，实时控制序列依赖于分布在整个系统中的传感器的在线测量。通过监视这些测量值，可以构建能够学习的智能恶意软件（解释）系统状态，然后在适当的时候触发攻击序列;（iii）开发攻击缓解方法，该方法可以与现有的入侵检测系统集成，并与租户系统的网络和物理层的监控相结合; ㈣利用数据驱动的模拟试验台验证缓解战略，该试验台模拟网络物理系统的行为，并能够对不同的攻击情景进行试验。虽然我们关注的是大型计算基础设施，但该问题具有更广泛的含义，例如，“物联网”设备的激增为攻击者创造了一种环境，以利用这些实体中的漏洞作为对高价值资产发起攻击的垫脚石。在更广泛的网络安全背景下，该项目旨在通过展示将安全问题伪装成可靠性故障的可行性来识别威胁的潜在进展。展示潜在威胁的概念验证并提出有效的缓解方法将促进针对新威胁的检测和缓解技术的发展。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。