To see the other types of publications on this topic, follow the link: IDS SCADA.
Dissertations / Theses on the topic 'IDS SCADA'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 27 dissertations / theses for your research on the topic 'IDS SCADA.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Fahlström, Albin, and Victor Henriksson. "Intrångsdetektering i processnätverk." Thesis, Mälardalens högskola, Akademin för innovation, design och teknik, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-39881.
Full textAbstract:
The threat against industrial networks have increased, which raises the demands on the industries cybersecurity. The industrial networks are not constructed with cybersecurity in mind, which makes these systems vulnerable to attacks. Even if the networks outer protection is deemed sufficient, the system may still be infected. This risk demands an intrusion detection system (IDS) that can identify infected components. An IDS scans all traffic of a point in the network and looks for traffic matching its detections parameters, if a match is made the IDS will send an alarm to the administrators. It can also analyze the network traffic using a behavior based method which means that the IDS will alert administrators if network activity deviates from the normal traffic flow. It is of vital essence that the IDS do not impair with the system, an outage of the industrial process can have a high cost for the industry. This report aims to put forward plans for the implementation of an IDS in one of Mälarenergi AB’s industrial networks, this will be made using the Bro and Snort intrusion detection systems.<br>Hoten mot industrinätverken har blivit större vilket har ställt högre krav på industriernas cybersäkerhet. Industrinätverk är ofta inte konstruerade med cybersäkerhet i åtanke, vilket har gjort dessa system sårbara mot attacker. Även om nätverkets yttre skydd anses gott går det inte att vara säker på att ett industrinätverk förblir osmittat. Detta ställer krav på någon form av intrångsdetekteringssystem (IDS) som kan upptäcka infekterad utrustning och suspekt datatrafik i nätverket. En IDS skannar alla paket vid en viss punkt i nätverket, om IDS:en upptäcker något paket som matchar med dess signatur kommer den att larma en administratör. IDS:en kan även använda beteendeanalys där den larmar om nätverksaktiviteten avviker från det normala. Det är mycket viktigt att en IDS inte orsakar avbrott i industriprocessen, om en process stannar kan det innebära stora kostnader för industrin. Denna rapport syftar till att lämna ett lösningsförslag på en IDS-implementation till ett av Mälarenergi AB: s processnätverk, lösningen konstruerades med hjälp av IDS:erna Bro och Snort.<br><p>Vissa bilder i den elektroniska rapporten har tagits bort av upphovrättsliga skäl. Författarna har bedömt att rapporten är förståelig även utan dessa bilder. </p>
2
Kuchař, Karel. "Vhodná strategie pro detekci bezpečnostních incidentů v průmyslových sítích." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2020. http://www.nusl.cz/ntk/nusl-412978.
Full textAbstract:
This diploma thesis is focused on problematics of the industrial networks and offered security by the industrial protocols. The goal of this thesis is to create specific methods for detection of security incidents. This thesis is mainly focused on protocols Modbus/TCP and DNP3. In the theoretical part, the industrial protocols are described, there are defined vectors of attacks and is described security of each protocol. The practical part is focused on the description and simulation of security incidents. Based on the data gathered from the simulations, there are identified threats by the introduced detection methods. These methods are using for detecting the security incident an abnormality in the network traffic by created formulas or machine learning. Designed methods are implemented to IDS (Intrusion Detection System) of the system Zeek. With the designed methods, it is possible to detect selected security incidents in the destination workstation.
3
Ševčík, Michal. "Návrh monitoringu kritické komunikační infrastruktury pro energetickou společnost." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2018. http://www.nusl.cz/ntk/nusl-378335.
Full textAbstract:
Diploma thesis deals with monitoring critical infrastructure, critical information infrastructure and network monitoring in energetic industry. The goal is to create analytical environment for processing logs from the network, to map the most critical segments of the network and implementation of monitoring and network devices, that increase security and mitigate risks of security events or security incidents
4
Hansen, Sinclair D. "An intrusion detection system for supervisory control and data acquisition systems." Thesis, Queensland University of Technology, 2008. https://eprints.qut.edu.au/16636/1/Sinclair_Hansen_Thesis.pdf.
Full textAbstract:
Despite increased awareness of threats against Critical Infrastructure (CI), securing of Supervisory Control and Data Acquisition (SCADA) systems remains incomplete. The majority of research focuses on preventative measures such as improving communication protocols and implementing security policies. New attempts are being made to use commercial Intrusion Detection System (IDS) software to protect SCADA systems. These have limited effectiveness because the ability to detect specific threats requires the context of the SCADA system. SCADA context is defined as any information that can be used to characterise the current status and function of the SCADA system. In this thesis the standard IDS model will be used with the varying SCADA data sources to provide SCADA context to a signature and anomaly detection engine. A novel addition to enhance the IDS model will be to use the SCADA data sources to simulate the remote SCADA site. The data resulting from the simulation is used by the IDS to make behavioural comparison between the real and simulated SCADA site. To evaluate the enhanced IDS model the specific context of a water and wastewater system is used to develop a prototype. Using this context it was found that the inflow between sites has similar diurnal characteristic to network traffic. This introduced the idea of using inflow data to detect abnormal behaviour for a remote wastewater site. Several experiments are proposed to validate the prototype using data from a real SCADA site. Initial results show good promise for detecting abnormal behaviour and specific threats against water and wastewater SCADA systems.
5
Hansen, Sinclair D. "An intrusion detection system for supervisory control and data acquisition systems." Queensland University of Technology, 2008. http://eprints.qut.edu.au/16636/.
Full textAbstract:
Despite increased awareness of threats against Critical Infrastructure (CI), securing of Supervisory Control and Data Acquisition (SCADA) systems remains incomplete. The majority of research focuses on preventative measures such as improving communication protocols and implementing security policies. New attempts are being made to use commercial Intrusion Detection System (IDS) software to protect SCADA systems. These have limited effectiveness because the ability to detect specific threats requires the context of the SCADA system. SCADA context is defined as any information that can be used to characterise the current status and function of the SCADA system. In this thesis the standard IDS model will be used with the varying SCADA data sources to provide SCADA context to a signature and anomaly detection engine. A novel addition to enhance the IDS model will be to use the SCADA data sources to simulate the remote SCADA site. The data resulting from the simulation is used by the IDS to make behavioural comparison between the real and simulated SCADA site. To evaluate the enhanced IDS model the specific context of a water and wastewater system is used to develop a prototype. Using this context it was found that the inflow between sites has similar diurnal characteristic to network traffic. This introduced the idea of using inflow data to detect abnormal behaviour for a remote wastewater site. Several experiments are proposed to validate the prototype using data from a real SCADA site. Initial results show good promise for detecting abnormal behaviour and specific threats against water and wastewater SCADA systems.
6
Mareček, Matěj. "IDE for SCADA Development at CERN." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2016. http://www.nusl.cz/ntk/nusl-255482.
Full textAbstract:
Cílem této magisterské práce je navrhnout a implementovat IDE (integrované vývojové prostředí), které zvýší efektivitu a bezpečnost vývoje pro SIMATIC WinCC Open Architecture. Tato práce je založena na výzkumu provedeném týmem z Technické univerzity v Eindhovenu a splňuje požadavky pocházející ze SCD sekce v CERN (Evropské organizace pro jaderný výzkum). Vyvinuté IDE je postaveno na platformě Eclipse, přičemž pro syntaktickou analýzu, linkování a sémantickou analýzu kódu používá Xtext framework. IDE nabízí také podporu pro nově vytvořený programovací jazyk, který umožňuje programátorům jednoduše nadefinovat šablonu pro konfigurační soubory používané WinCC OA. Interpret tohoto nového jazyka je schopen provést syntaktickou analýzu šablony a konfiguračního souboru a rozhodnout, zdali konfigurační soubor odpovídá šabloně. Praktickým výstupem této práce je integrované vývojové prostředí, které podporuje vývoj WinCC OA aplikací v CERN a periodicky provádí analýzu kódu těchto aplikací napsaného v jazyce Control script.
7
Váňa, Martin. "Kybernetické prostředí pro systémy typu ICS/SCADA." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2019. http://www.nusl.cz/ntk/nusl-400894.
Full textAbstract:
The thesis explores the problematics of cyber environment for the ICS/SCADA systems. First, shorter section is mainly focused on general introduction into the ICS/SCADA systems and their inner workings. Communication model of a general SCADA system and its foundational elements are explained. It is mainly theoretical passage and it serves as an introduction. It is necessary for understanding the second part which is mainly practical. The appropriate system is chosen as a first thing in the practical part of the thesis for the implementation of the whole project. There are defined criteria on which the system itself is implemented. Following that the system itself is implemented under a framework called openMUC and it is tested with help of the simulators according to the objective of the thesis.
8
Albinsson, Felix, and Jesper Riedl. "HONEYPOT – To bee or not to bee: A study of attacks on ICS/SCADA systems." Thesis, Mälardalens högskola, Akademin för innovation, design och teknik, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-54563.
Full textAbstract:
In the past, industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems were planned to run as isolated networks, and not interconnect with other networks e.g., the internet or other parts of a corporate’s network. Because of the isolation, no cybersecurity mechanism was required. In the modern society, ICS/SCADA systems has evolved to communicate over public IP networks and has been incorporated in a company’s intranet or directly to the internet. This integration opens up for threats that were not envisioned at the time when the system was created. When ICS/SCADA systems get exposed to the internet, there is a risk that vulnerabilities in the systems get exploited by a malicious force. This can lead to data loss, destruction of data and devices, damage to infrastructure, financial losses for the company, and even loss of human life could occur. To mitigate and prevent attacks it is crucial to understand the attacks and the behaviour of the attacker. One way to achieve this is setting up a system that mimics the real system. This fake system is separated from the production network and closely monitored. The data collected can be analysed and used to gain knowledge about the attacks. This thesis will present a possible way to study attacks on an ICS/SCADA system using a honeypot designed for this purpose. To do this, a suitable honeypot had to be found that could collect relevant data regarding what kind of attacks that may be used against an ICS/SCADA system. This was achieved by experimenting with different set ups, and the collected data was analysed. This led to the use of T-pot as the chosen honeypot and the collected data showed that a lot of the traffic were directed towards the ICS/SCADA communication protocols Modbus and s7comm. To secure an ICS/SCADA system, it is important to gain knowledge about attacks and attack vectors. A honeypot can be a useful tool that provide information regarding attacks and attackers and can be a help in setting up a defence-in-depth strategy to improve the security in an ICS/SCADA network.
9
Xu, Hao. "WINCC SCADA system via profibus & OPC." Thesis, Xu, Hao (2013) WINCC SCADA system via profibus & OPC. Other thesis, Murdoch University, 2013. https://researchrepository.murdoch.edu.au/id/eprint/21651/.
Full textAbstract:
Over 1500 hours' effort were put into this intensive project with 6 weeks prior to the commencing date of the project to meet the objectives and requirements of the project. During this project, all the available devices, instruments including their configuration software were properly configured with all the expected features fully functioning. This thesis report summaries most of the work done with a reasonably detailed level to support future students with a comprehensive background to develop the project aspects in the future.
A comprehensive SCADA system was designed and implemented using the configured devices and the control modules in the laboratory. The network structure of the control system was relatively large, but indeed demonstrated the capability of the automation system.
Profibus communication networks in the laboratory were carefully designed and fully set up with proper labels, which would then be used as an education tool to gain the experience of industrial communication by the students.
Over 500 pages of configuration manuals of devices and configuration software were created as a large part of the focus of this project. The configuration manuals contain a huge range of information which covers more than what students need during their study. Those manuals are expected to guide students for their projects and troubleshooting.
10
Myers, David. "Detecting cyber attacks on industrial control systems using process mining." Thesis, Queensland University of Technology, 2019. https://eprints.qut.edu.au/130799/1/David_Myers_Thesis.pdf.
Full textAbstract:
Industrial control systems conduct processes which are core to our lives, from the generation, transmission, and distribution of power, to the treatment and supply of water. These industrial control systems are moving from dedicated, serial-based communications to switched and routed corporate networks to facilitate the monitoring and management of an industrial processes. However, this connection to corporate networks can expose industrial control systems to the Internet, placing them at risk of cyber-attack. In this study, we develop and evaluate a process-mining based anomaly detection system to generate process models of, and detect cyber-attacks on, industrial control system processes and devices.
11
Maglaras, Leandros. "Intrusion detection in SCADA systems using machine learning techniques." Thesis, University of Huddersfield, 2018. http://eprints.hud.ac.uk/id/eprint/34578/.
Full textAbstract:
Modern Supervisory Control and Data Acquisition (SCADA) systems are essential for monitoring and managing electric power generation, transmission and distribution. In the age of the Internet of Things, SCADA has evolved into big, complex and distributed systems that are prone to conventional in addition to new threats. So as to detect intruders in a timely and efficient manner a real time detection mechanism, capable of dealing with a range of forms of attacks is highly salient. Such a mechanism has to be distributed, low cost, precise, reliable and secure, with a low communication overhead, thereby not interfering in the industrial system’s operation. In this commentary two distributed Intrusion Detection Systems (IDSs) which are able to detect attacks that occur in a SCADA system are proposed, both developed and evaluated for the purposes of the CockpitCI project. The CockpitCI project proposes an architecture based on real-time Perimeter Intrusion Detection System (PIDS), which provides the core cyber-analysis and detection capabilities, being responsible for continuously assessing and protecting the electronic security perimeter of each CI. Part of the PIDS that was developed for the purposes of the CockpitCI project, is the OCSVM module. During the duration of the project two novel OCSVM modules were developed and tested using datasets from a small-scale testbed that was created, providing the means to mimic a SCADA system operating both in normal conditions and under the influence of cyberattacks. The first method, namely K-OCSVM, can distinguish real from false alarms using the OCSVM method with default values for parameters ν and σ combined with a recursive K-means clustering method. The K-OCSVM is very different from all similar methods that required pre-selection of parameters with the use of cross-validation or other methods that ensemble outcomes of one class classifiers. Building on the K-OCSVM and trying to cope with the high requirements that were imposed from the CockpitCi project, both in terms of accuracy and time overhead, a second method, namely IT-OCSVM is presented. IT-OCSVM method is capable of performing outlier detection with high accuracy and low overhead within a temporal window, adequate for the nature of SCADA systems. The two presented methods are performing well under several attack scenarios. Having to balance between high accuracy, low false alarm rate, real time communication requirements and low overhead, under complex and usually persistent attack situations, a combination of several techniques is needed. Despite the range of intrusion detection activities, it has been proven that half of these have human error at their core. An increased empirical and theoretical research into human aspects of cyber security based on the volumes of human error related incidents can enhance cyber security capabilities of modern systems. In order to strengthen the security of SCADA systems, another solution is to deliver defence in depth by layering security controls so as to reduce the risk to the assets being protected.
12
Woodard, Chris. "Rise SCADA and electrical system: A report pertaining to the condition and serviceability of the electrical and SCADA systems of the former RISE facility." Thesis, Woodard, Chris (2013) Rise SCADA and electrical system: A report pertaining to the condition and serviceability of the electrical and SCADA systems of the former RISE facility. Other thesis, Murdoch University, 2013. https://researchrepository.murdoch.edu.au/id/eprint/14809/.
Full textAbstract:
The former Research Institute for Sustainable Energy (RISE) testing laboratory was originally a facility for measuring, monitoring and testing a variety of renewable energy systems. The RISE facility was independent of the School of Engineering and Energy, but has recently been taken over by the School as the Engineering and Energy Laboratory.
Many of the systems associated with the laboratory have not been operated for a number of years and the condition of these systems, and the equipment that is associated with them, is not known. Personnel involved with the former RISE facility have since left Murdoch taking with them their knowledge of the facility.
This project was primarily concerned with re-commissioning these systems and developing an operational knowledge of the SCADA based control system. Areas to be covered in particular were:
• connections to the grid from PV arrays and wind turbines
• PLC system and software
• inverters, solar array simulator, environmental chamber and other peripheral equipment
• power supplies such as the diesel generator, motor generator set and battery banks
• 3 phase permanently connected power monitors
• AC and DC electrical systems
Initial inspections of the electrical systems showed that two key components of the facility were found to be defective and would need to be rectified if the facility was to function properly. These components were the diesel generator which provided electricity totally independent of the grid for testing purposes, and a fault on the PLC which was affecting the operation of the electrical systems. Also several main pieces of equipment had since been removed from the facility; most notably of these being the battery banks, main test inverter and the DC supply from the wind turbines located in what is now known as the Renewable Energy Outdoor Test Area (ROTA). Several pieces of equipment required for the operation of the diesel generator would also require attention such as the fuel tank and starting battery.
Approval was granted for the alternator to be repaired and placed back into service. Approval was also granted for the purchase of a replacement analogue input card to rectify the fault with the PLC.
In addition to this another requirement of the project was to develop a system so that the laboratory could be used as a training facility for future students. A procedure was developed so that an electrical system consisting of actual real components; a source, a transmission and distribution system and a load could be simulated. Software was also developed using National Instruments LabVIEW software to monitor and record various power parameters from the system. The system is referred to as the “Small Electrical Distribution System”.
As an aside to this a program has been developed that monitors and records voltage, current and power that is being produced by the Real PV Array located on the roof of the Energy and Engineering Laboratory building.
For someone who is unfamiliar with the setup of the electrical systems that make up the Energy and Engineering Laboratory a simplified block diagram of the Main AC switchboard has been produced. Schedules have been included of all socket inlets and outlets, main AC and communications cables and the Main AC Switchboard nomenclature.
The diesel generator is nearly ready to be re-commissioned after approximately 5 years of non use. Procedures have been developed so that a user can configure the Main AC switchboard so that the “Small Electrical Distribution System” can be operated safely and measurements obtained and analysed.
The main goal of the project was to get the diesel generator operating; therefore this report is focused on the equipment associated with the diesel generator. The equipment focused on was the diesel generator itself, the Main AC Switchboard, the Load Bank and the PLC system. Systems such as the Main DC switchboard and Solar Array Simulator were not covered in as much detail as they are not required for the “Small Electrical Distribution System”.
13
Walker, Brenton. "Development of a Profibus network and WinCC SCADA environment for educational purposes." Thesis, Walker, Brenton (2011) Development of a Profibus network and WinCC SCADA environment for educational purposes. Other thesis, Murdoch University, 2011. https://researchrepository.murdoch.edu.au/id/eprint/6841/.
Full textAbstract:
Through the course of the Industrial Computer Systems degree students are exposed to fieldbus technologies and SCADA systems through research projects without the use of practical componentry. This thesis summarises the work completed to provide students with a working fieldbus infrastructure as well as to educate the reader on the development, implementation and testing of such networks.
During this thesis various Profibus networks were designed to be implemented into the Industrial Computer Systems Facility PS2.027 (ICSE). Four networking examples to be implemented in PS2.027 were created to demonstrate various Profibus data exchange arrangements. These examples were then scaled down and simulated on a testing platform built for this project, to demonstrate the network operates as designed. By utilising Profibus diagnostic equipment and techniques the network examples were then verified to be as per the designed arrangements.
In addition to the designed Profibus infrastructure this thesis briefly investigated the development of a small WinCC SCADA environment for one of the scaled Profibus examples. The WinCC SCADA environment designed functioned as required and provided a template to be used as an educational tool.
A large part of this thesis focused on the development of suitable documentation, such as the development of laboratory guides. These guides were designed to be used for the education of future ENG345 – SCADA students. These guides provide the process behind establishing various types of Profibus networks. The documentation developed was also created to outline the use of the various technologies utilised throughout this project.
It was discovered through the research and development of this thesis that many opportunities to further develop this project existed. These advancements could be made after the installation of the Profibus architecture into the Industrial Computer Systems Facility over the summer period.
14
Nyqvist, Jennifer. "Operational technology definition and differentiation : In the context of operational systems in Sweden." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-18752.
Full textAbstract:
ICS, short for Industrial Control Systems, can be a part of the electrical and water supplies among others, which are important instances for society. This all resides in the realm of Operational technology, abbreviation OT. Due to technological development, Information Technology i.e. IT is introduced and merged into the realm of industrial systems, because of society’s increasing dependencies on digital infrastructures and services.ICS and Supervisory Control and Data Acquisition (SCADA) systems are rather well known and reputable. In the realm of OT, there’s a range of different systems, and ICS itself encompasses a range of process automation technologies, such as SCADA systems and Distributed Control Systems (DCS) among others.This paper aims to try to define and differentiate a distinct boundary of systems without any connection to IT and can be considered purely OT, if they exist at all. This by conducting an interview with people working for governmental agencies with an eminent amount of experience in the realm of OT. What kind of systems are currently in operation today that don’t fit into the realm of ICS, do they exist at all and how do they work?The definition and differentiation of OT may indicate a subset of systems and components, and terminologies of systems in the OT-realm are misused, indicating a lack of insight in this realm of industrial systems.
15
Cabral, Warren. "Architectural analysis and customised deployment of deceptive cowrie and conpot honeypots." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2021. https://ro.ecu.edu.au/theses/2468.
Full textAbstract:
Honeypots are progressively becoming a fundamental cybersecurity tool to detect, prevent, and record new threats and attack methodologies used by attackers to penetrate systems. A honeypot is a deceptive or fake computer system that presents itself as a real computer system with actual sensitive information. A range of open-source honeypots are available today, such as Cowrie and Conpot, which can be easily downloaded and deployed within minutes—with default settings. Cowrie is a medium-interaction secure shell (SSH) and Telnet honeypot intended to log brute force and shell interaction attacks. In contrast, Conpot is a low-interaction SCADA honeypot, which attempts to mimic an active SCADA system. These honeypots operate on a standardised configuration file that encompass options for deployment such as hostnames, IPs, network services, protocols, applications, and fingerprint information. These options are convoluted and must be used in an integrated and granular fashion to make the deception presented by the honeypot to be plausible and effective. The current issue with the default configurations is that it is easily detected by adversaries using default parameters, automated scripts and scanners such as Shodan and NMAP. Nonetheless, cybersecurity specialists deploy most honeypots with default configurations. This is because modern systems do not provide a standard framework for optimal deployment of these honeypots based on the various configuration options available to produce a non-default configuration. Hence, default honeypot deployments are counterproductive and a surplus network resources and personnel.
A quantitative empirical learning approach driven by a quasi-experimental methodology was undertaken to develop a solid understanding about the deceptive capabilities of the Cowrie and Conpot honeypots. This was accomplished by developing a framework created from the analysis of numerous Cowrie and Conpot configurations and linking these artefacts to their deceptive potential. This framework provides for customised honeypot configuration, thereby enhancing their functionality to achieve a high degree of deceptiveness and realism. Thereafter, these configured honeypots were then deployed in association with banners and firewall rules to prevent Shodan and NMAP detections and to prevent attackers from acknowledging default parameters. The results of these deployments show an exponential increase in attackerhoneypot interaction in comparison to their subsequent default implementations. In turn, they inform and educate cybersecurity audiences how important it is to deploy honeypots with advanced deceptive configurations to bait cybercriminals and mitigate counterproductive distributions.
16
Kesraoui, Soraya. "Intégration des techniques de vérification formelle dans une approche de conception des systèmes de contrôle-commande : application aux architectures SCADA." Thesis, Lorient, 2017. http://www.theses.fr/2017LORIS442/document.
Full textAbstract:
La conception des systèmes de contrôle-commande souffre souvent des problèmes de communication et d’interprétation des spécifications entre les différents intervenants provenant souvent de domaines techniques très variés. Afin de cadrer la conception de ces systèmes, plusieurs démarches ont été proposées dans la littérature. Parmi elles, la démarche dite mixte (ascendante/descendante), qui voit la conception réalisée en deux phases. Dans la première phase (ascendante), un modèle du système est défini à partir d’un ensemble de composants standardisés. Ce modèle subit, dans la deuxième phase (descendante), plusieurs raffinages et transformations pour obtenir des modèles plus concrets (codes,applicatifs, etc.). Afin de garantir la qualité des systèmes conçus par cette démarche, nous proposons dans cette thèse, deux approches de vérification formelle basées sur le Model-Checking. La première approche porte sur la vérification des composants standardisés et permet la vérification d’une chaîne de contrôle-commande élémentaire complète. La deuxième approche consiste en la vérification des modèles d’architecture (P&ID) utilisés pour la génération des programmes de contrôle-commande. Cette dernière est basée sur la définition d’un style architectural en Alloy pour la norme ANSI/ISA-5.1. Pour supporter les deux approches, deux flots de vérification formelle semi-automatisés basés sur les concepts de l’IDM ont été proposés. L’intégration des méthodes formelles dans un contexte industriel est facilitée, ainsi, par la génération automatique des modèles formels à partir des modèles de conception maîtrisés par les concepteurs métiers. Nos deux approches ont été validées sur un cas industriel concret concernant un système de gestion de fluide embarqué dans un navire<br>The design of control-command systems often suffers from problems of communication and interpretation of specifications between the various designers, frequently coming from a wide range of technical fields. In order to address the design of these systems, several methods have been proposed in the literature. Among them, the so-called mixed method (bottom-up/top-down), which sees the design realized in two steps. In the first step (bottom-up), a model of the system is defined from a set of standardized components. This model undergoes, in the second (top-down) step, several refinements and transformations to obtain more concrete models (codes, applications, etc.). To guarantee the quality of the systems designed according to this method, we propose two formal verification approaches,based on Model-Checking, in this thesis. The first approach concerns the verification of standardized components and allows the verification of a complete elementary control-command chain. The second one consists in verifying the model of architecture (P&ID) used for the generation of control programs.The latter is based on the definition of an architectural style in Alloy for the ANSI/ISA-5.1 standard. To support both approaches, two formal semi-automated verification flows based on Model-Driven Engineering have been proposed. This integration of formal methods in an industrial context is facilitated by the automatic generation of formal models from design models carried out by business designers. Our two approaches have been validated on a concrete industrial case of a fluid management system embedded in a ship
17
Wyman, Matthew Cody. "The SAP Link: A Controller Architecture for Secure Industrial Control Systems." BYU ScholarsArchive, 2019. https://scholarsarchive.byu.edu/etd/8815.
Full textAbstract:
Industrial Control Systems are essential to modern life. They are utilized in hundreds of processes including power distribution, water treatment, manufacturing, traffic management, and amusement park ride control. These systems are an essential part of modern life and if compromised, could result in significant economic loss, safety impacts, damage to the environment, and even loss of life. Unfortunately, many of these systems are not properly secured from a cyber attack. It is likely that a well-funded and motivated attack from a nation-state will successfully compromise an industrial control system's network. As cyber war becomes more prevalent, it is becoming more critical to find new and innovative ways to reduce the physical impacts from a cyber attack.This thesis presents a new architecture for a secure industrial controller. This architecture protects the integrity of the controller logic, including the safety logic which is responsible for keeping the process in a safe condition. In particular, it would prevent malicious or accidental modification or bypassing of the controller logic. This architecture divides the controller into three components; the logic controller, the interface controller and the SAP link. The logic controller is responsible for controlling the equipment and contains the safety logic. The interface controller communicates with the rest of the control system network. The Simple As Possible (SAP) link is a bridge between the logic and interface controllers that ensures the integrity of the logic controller by drastically limiting the external interface of the logic controller. We implement this new architecture on a physical controller to demonstrate the process of implementing the architecture and to demonstrate its feasibility.
18
Leuthäuser, Max, and Uwe Aßmann. "Enabling View-based Programming with SCROLL: Using roles and dynamic dispatch for etablishing view-based programming." Association for Computing Machinery, 2015. https://tud.qucosa.de/id/qucosa%3A70772.
Full textAbstract:
Present-day software systems have to fulfill an increasing number of requirements rendering them more and more complex. Many systems need to anticipate changing contexts (self-adaptive systems) or need to adapt to changing business rules or requirements (self-optimizing systems). The challenge of 21th century software development will be to cope with these aspects. We believe that the role concept offers a simple way to adapt object-oriented programs to their changing contexts. In a role-based language, an object plays multiple roles during its lifetime. If the contexts are represented as first-class entities, they provide dynamic views to the object-oriented program, and if the context changes, the dynamic views can be switched easily, and the software system adapts automatically.
However, the concepts of roles and dynamic contexts have been discussed for a long time in many areas of computer science. So far, their implementation in an existing object-oriented language requires a specific runtime environment. Also, classical object-oriented languages and their runtime systems are not able to cope with essential role-specific features, such as true delegation or dynamic binding of roles. As a solution, this work presents a simple implementation pattern for role-based objects that does not require a specific runtime system, SCROLL (SCala ROles Language). The implementation pattern is demonstrated on the basis of the Scala language. As technical support from Scala, the pattern requires dynamic mixins, compiler-translated function calls, and implicit conversions. The implementation details of the pattern are hidden in a Scala library and therefore transparent to Scala programmers. The SCROLL library supports roles embedded in structured contexts, so-called compartments. We show that they are specific, hierarchic runtime views, which enables hierarchic view-based programming for free in Scala.
We also discuss how to apply the implementation pattern of SCROLL for other languages, in particular for behavioral modeling languages in MDSD. This discussion shows that the SCROLL pattern can be embedded into the generated code, so that it still is hidden to the developer, but does not require a specific runtime system. Using the pattern in model-driven code generation enables dynamic views for all kinds of modeling languages. And therefore, this paper shows a way how to realize dynamic views for all modeling languages in MDSD.
19
Leuthäuser, Max. "Pure Embedding of Evolving Objects." International Academy, Research, and Industry Association, 2017. https://tud.qucosa.de/id/qucosa%3A70692.
Full textAbstract:
Scripting languages are extraordinarily popular due to their very flexible object model. Dynamic extensions (i.e., adding, removing and manipulating behavior and state) allow for the evolution and adaption of objects to context changes at runtime. Introducing this flexibility into a statically typed, object-oriented language would improve programmability and separation of concerns beyond the level of what one could usually gain with inheritance, mixins, traits or manually adapted designpatterns. They often lead to object-schizophrenia or the need for hand-crafted, additional management code. Although there were already attempts bringing flexible objects into statically typed languages with the benefits of an explicitly crafted core calculus or type system, they need their own compiler and tooling which limits the usability, e.g., when dealing with existing legacy code. This work presents an embedding of dynamically evolving objects via a lightweight library approach, which is pure in the sense, that there is no need for a specific compiler or tooling. It is written in Scala, which is both a modern object-oriented and functional programming language. Our approach is promising to solve practical problems arising in the area of dynamical extensibility and adaption like role-based programming.
20
Amoah, Raphael. "Formal security analysis of the DNP3-Secure Authentication Protocol." Thesis, Queensland University of Technology, 2016. https://eprints.qut.edu.au/93798/1/Raphael_Amoah_Thesis.pdf.
Full textAbstract:
This thesis evaluates the security of Supervisory Control and Data Acquisition (SCADA) systems, which are one of the key foundations of many critical infrastructures. Specifically, it examines one of the standardised SCADA protocols called the Distributed Network Protocol Version 3, which attempts to provide a security mechanism to ensure that messages transmitted between devices, are adequately secured from rogue applications. To achieve this, the thesis applies formal methods from theoretical computer science to formally analyse the correctness of the protocol.
21
Barreiros, Pedro Miguel França. "Exploring security controls for ICS/SCADA environments." Master's thesis, 2020. http://hdl.handle.net/10451/48398.
Full textAbstract:
Trabalho de projeto de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2020<br>Os Sistemas de Controlo Industriais (ICS) estão a começar a fundir-se com as soluções de IT, por forma a promover a interconectividade. Embora isto traga inúmeros benefícios de uma perspetiva de controlo, os ICS apresentam uma falta de mecanismos de segurança que consigam evitar possíveis ameaças informáticas, quando comparados aos comuns sistemas de informação [29], [64]. Dada a natureza crítica destes sistemas, e a ocorrências recentes de ciberataques desastrosos, a segurança ´e um tópico que deve ser incentivado. À luz deste problema, na presente dissertação apresentamos uma avaliação de possíveis aplicações e controlos de segurança a serem implantados nestes ambientes críticos e a implementação de uma solução de segurança extensível que dá resposta a certos ataques focados em sistemas industriais, capaz de ser implantada em qualquer rede industrial que permita a sua ligação. Com o auxilio de uma framework extensivel e portátil para testes de ICS, e outros ambientes industriais de testes, foi possível analisar diferentes cenários de ameaças, implantar mecanismos de segurança para os detetar e avaliar os resultados, com o intuito de fornecer uma ideia de como empregar estes mecanismos da melhor maneira possível num ambiente real de controlo industrial.<br>Industrial Control Systems (ICS) are beginning to merge with IT solutions, in order to promote inter-connectivity. Although this brings countless benefits from a control perspective, ICS have been lacking in security mechanisms to ward off potential cyber threats, when compared to common information systems [29], [64]. Given the critical nature of these systems, and the recent occurrences of disastrous cyber-attacks, security is a topic that should be encouraged. In light of this problem, in this dissertation we present an assessment of possible security applications and controls that can be deployed in these critical environments and the implementation of an extensible security solution that responds to certain attacks focused on industrial systems, capable of being deployed in any industrial network that allows its connection. With the help of an extensible and portable framework for ICS testing, and other industrial testing environments, it was possible to analyze different threat scenarios, implement security mechanisms to detect them and evaluate the results in order to provide an idea on how to employ these mechanisms as best as possible in a real industrial control environment, without compromising it’s process.
22
Parthasarathy, Saranya. "Bloom Filter Based Intrusion Detection for Smart Grid." Thesis, 2012. http://hdl.handle.net/1969.1/ETD-TAMU-2012-05-10768.
Full textAbstract:
This thesis addresses the problem of local intrusion detection for SCADA (Supervisory Control and Data Acquisition) field devices in the smart grid. A methodology is proposed to detect anomalies in the communication patterns using a combination of n-gram analysis and Bloom Filter. The predictable and regular nature of the SCADA communication patterns is exploited to train the intrusion detection system. The protocol considered to test the proposed approach is MODBUS which is used for communication between a SCADA server and field devices in power system. The approach is tested for attacks like HMI compromise and Man-in-the-Middle.
Bloom Filter is chosen because of its strong space advantage over other data structures like hash tables, linked lists etc. for representing sets. The advantage comes from its probabilistic nature and compact array structure. The false positive rates are found to be minimal with careful choice of parameters for Bloom Filter design. Also the memory-efficient property of Bloom Filter makes it suitable for implementation in resource constrained SCADA components. It is also established that the knowledge of physical state of the power system i.e., normal, emergency or restorative state can help in improving the accuracy of the proposed approach.
23
Gao, Jun. "Omni SCADA intrusion detection." Thesis, 2020. http://hdl.handle.net/1828/11745.
Full textAbstract:
We investigate deep learning based omni intrusion detection system (IDS) for supervisory control and data acquisition (SCADA) networks that are capable of detecting
both temporally uncorrelated and correlated attacks. Regarding the IDSs developed
in this paper, a feedforward neural network (FNN) can detect temporally uncorrelated attacks at an F1 of 99.967±0.005% but correlated attacks as low as 58±2%. In
contrast, long-short term memory (LSTM) detects correlated attacks at 99.56±0.01%
while uncorrelated attacks at 99.3±0.1%. Combining LSTM and FNN through an
ensemble approach further improves the IDS performance with F1 of 99.68±0.04%
regardless the temporal correlations among the data packets.<br>Graduate
24
Queiroz, Rui Miguel da Conceição. "Integration of SDN technologies in SCADA Industrial Control Networks." Master's thesis, 2017. http://hdl.handle.net/10316/83367.
Full textAbstract:
Dissertação de Mestrado em Engenharia Informática apresentada à Faculdade de Ciências e Tecnologia<br>Nos últimos anos, os Sistemas de Supervisão e Aquisição de Dados (SCADA) - um tipo de sistemas usado para controlar processos industriais, tais como os de geração de energia elétrica, linhas de montagem, entre outros - tornaram-se uma preocupação séria por questões de gestão e segurança. Depois de anos a confiar no isolamento desses sistemas e na segurança baseada no hipotético desconhecimento do funcionamento dos mesmos por parte de terceiros, a crescente junção dos sistemas de controlo industrial com os sistemas de informação, juntamente com a ausência de gestão e políticas de segurança adequadas, veio a revelar várias fraquezas nos sistemas SCADA. Apesar de não constituir nenhuma novidade no domínio das tecnologias de informação e comunicação, que lidou com problemas semelhantes durante décadas, as práticas ali aplicadas não poderiam ser facilmente transferidas para o domínio de controlo industrial SCADA devido às prioridades e requisitos distintos de cada uma destes domínios, assim como às limitações das redes existentes. O aparecimento de Software-Defined Networking (SDN) constituiu uma mudança de paradigma. Através do uso de abstração e simplificação, trouxe ganhos significativos em termos de: primeiro, permitir maior controlo sobre as redes e fluxos de informação; em segundo lugar, disponibilizar uma nova e poderosa (mas simplificada) maneira de gerir as rede; em terceiro lugar, permitir redes mais flexíveis e adaptáveis; em quarto lugar, e mais importante para os gestores de negócio, diminuir os custos de manutenção e gestão e permitir um tempo de resposta ao mercado mais rápido, sendo estes alguns dos parâmetros mais importantes em mercados competitivos.No entanto, os benefícios trazidos por SDN ainda não foram aplicados no domínio de SCADA.Neste sentido, esta tese fornece uma visão geral sobre o uso de tais tecnologias e apresenta algumas soluções, baseadas em sinergias entre ambas, que podem resolver os problemas acima mencionados, a fim de melhorar a gestão, disponibilidade e segurança em ambientes de controlo industrial SCADA.<br>In recent years, Supervisory Control and Data Acquisition (SCADA) Industrial Control Systems (ICS) – a kind of systems used for controlling industrial processes, power plants, assembly lines, among others – have become a serious concern because of security and manageability issues. After years of trusting in air-gaped isolation and obscurity security, the increased coupling of operational and information systems, together with the absence of proper management and security policies, disclosed several weaknesses in SCADA ICS. Despite not constituting any novelty within the information and communications technology (ICT) domain, which has dealt with similar problems for decades, the practices applied there could not be easily ported to the ICS domain due to the distinct priorities and requirements of each of those domains along with the limitations of the existing networks. The rise of Software-Defined Networking (SDN) constituted a paradigm shift. Through the usage of abstraction and simplification, it brought significant gains in terms of: firstly, allowing more control over networks and information flows; secondly, bringing a new and powerful (yet simplified) network management; thirdly, enabling more flexible and adaptable networks; fourthly, and most importantly for business managers, lowering the managing and maintenance costs and allowing faster time to market, which are some of the most important parameters in competitive markets.However, the benefits brought by SDN are yet to reach the ICS domain. In this sense, this thesis provides an overview on the usage of such technologies and presents some solutions, based on synergies between both, which can address the problems mentioned above in order to improve SCADA ICS manageability, availability and security.
25
Vieira, Marco Manuel Santos. "PICSEL: Portable ICS Extensible Lab." Master's thesis, 2020. http://hdl.handle.net/10451/48330.
Full textAbstract:
Trabalho de projeto de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2020<br>Critical infrastructures such as electric power grids, nuclear plants, oil and gas refineries, transportations systems or pharmaceutical industries, play an increasingly important role in our lives due to technological advancement and the precision industry. Traditionally, most of these infrastructures, also called industrial control systems (ICS), are large-scale cyber-physical systems (CPS) which all use supervisory control and data acquisition (SCADA). Over recent years, malicious actors have realized the importance and impact of these infrastructures. Combining this with the deprivation of security features in ICS resulted in a large quantity of high value targets just waiting to be exploited. Since these systems are based on equipment with a really long lifetime and, in most of the cases, have an extremely high availability requirement, its important to, somehow, gather information and perform security tests in order to protect these infrastructures, without compromising a live operation. Normally these infrastructures are very complex and often have a remarkable diversity of equipment, communication protocols and transmission technologies. This thesis presents a portable testbed, PICSEL, which was designed and developed to achieve the following goals: to be a portable testbed testing existing exploits and new security solutions whilst exploring new vulnerabilities within the equipment or the environment. Several requirements were considered in the design of the testbed: for instance, choosing the equipment that allowed for more environment configurations; choosing power supplies that support additional equipment; and designing a static electrical diagram based on each device’s requirements. With these requirements, the testbed must be able to support different types of equipment and architectures, allowing for applications in multiple industries, inside which it can be easily reconfigured. The thesis describes the testbed architecture and discusses the design decisions, presenting two test scenarios that were studied and implemented using PICSEL. In each of these test scenarios, different attacks were performed validating each of the PICSEL goals. Testing known vulnerabilities, testing exploits in the wild and exporting information from PICSEL equipment to an external tool were very important steps to validate the results. Therefore, this thesis provides proof of concept confirming the key value of a modular and reconfigurable testbed, PICSEL.
26
ALSHAYA, SHAYA ABDULLAH. "A Comprehensive Cyber Security Enhancing Strategy for Industrial Control Systems in Oil Industry." Doctoral thesis, 2017. http://hdl.handle.net/2158/1079706.
Full textAbstract:
Industrial Control Systems (ICS) play a critical operational role in modern industrial
sectors. Businesses depend on this automated control system for various operations
to manage processes in the most benecial manner. Information and Communication
Technology (ICT) has enhanced ICS development and implementation. However,
such automation advancement may also create many new opportunities for cyberattacks.
Certain industries, such as the oil industry within Gulf Cooperation Council
(GCC) countries, have begun renewing industrial control systems and related
management to counteract cyber-attacks more eectively. The technological system
framework which is herewith mainly taken as reference are the Supervisory Control
and Data Acquisition (SCADA) systems.
The analysis and synthesis made through this Ph.D. thesis account for both technical
and human factors impinging on cyber-security system performance.
A comprehensive approach has thus adopted to qualify relevant scientic technical
contributions available from the literature, as well as to exploit outcomes of actual
direct experiences of the involved companies. For such a comprehensive approach
some basic analytical contributions have been rst provided for: i) qualifying related
scientic technical advancements within the cyber-security literature; ii) performing
subjective testing within the community of IT operators of ICS, concerned with
made experience and human behavior aecting cyber-security.
Such analysis is tuned with the objective of dening and adopting an enhanced comprehensive
cyber-security policy within enterprise for ICS operation, which properly
accounts also for relevance of human factors. Therefore, nal made contribution is
just denition and proposal of appropriate guidelines for such a purpose.
Research activity thus carried out is framed with an interdisciplinary context, as
needed to innovate enterprise cyber-security management, including specic support
and management of enterprise human resources.
27
Toledo, Leonardo Micael Freitas. "A Distributed Platform for Security Event Handling in Industrial Control Networks." Master's thesis, 2018. http://hdl.handle.net/10316/83563.
Full textAbstract:
Dissertação de Mestrado em Engenharia Informática apresentada à Faculdade de Ciências e Tecnologia<br>Durante os últimos anos, os Industrial Automation and Control Systems (IACSes) tornaram-se mais distribuídos. A actual idade de Big Data e Internet of Things (IoT) também trouxe novos desafios, como tratar grandes quantidades de dados heterogéneos em tempo-real. Sem soluções eficientes e escaláveis para processamento de todos os eventos gerados por cada fonte de dados (como um componente de deteção segurança ou sensores de telemetria), muitas informações valiosas podem se perder ou não serem detetadas a tempo. Sistemas de Security Information and Event Management (SIEM), que são ferramentas dedicadas responsáveis por processar e gerir adequadamente eventos de segurança, são portanto um componente crítico na segurança de um IACS. Tipicamente os sistemas SIEM são caros, não tem flexibilidade de personalização ou não são totalmente personalizados para ambientes distribuídos e abordagens Big Data. Para abordar essas questões, neste trabalho é proposto, projetado e implementado, uma plataforma eficiente para processar eventos provenientes de várias fontes, capaz de escalar facilmente de acordo com as necessidades do IACS, capaz de efectuar pre-processamento por domínio, bem como, análises globais (streaming e batch), no topo dos eventos de segurança. Além disto, a plataforma proposta é distribuída e permite geo-replicação de dados. Mais ainda, esta usa tecnologias actuais, open-source, como forma de melhorar o tratamento dos eventos de segurança em Industrial Control Networks (ICNs), e envolver a comunidade open-source a trabalhar numa solução comum para este problema.<br>During the past few years, Industrial Automation and Control Systems (IACSes) have become more distributed. The current age of Big Data and the Internet of Things (IoT) also brings new challenges to these systems, like the need to handle large amounts of heterogeneous data in real-time. Without efficient and scalable solutions for processing all the events generated by each data source (such as security related detection components or telemetry sensors), a lot of valuable insights may get lost or not be detected on time. Security Information and Event Management (SIEM) systems, which are dedicated tools responsible for properly processing and managing security related events, are therefore critical components for the security and safety of an IACS. Typical SIEM systems are expensive, lack customization flexibility or are not fully optimized for distributed environments and big data processing approaches. To address those issues, in this work is proposed, designed, and implemented an efficient framework for processing events coming from several sources, able to easily scale according to the IACS needs, capable of performing per-domain pre-processing, as well as global stream and batch analysis, on the top of security events. Furthermore, the proposed framework is distributed and allows geo-replication of data. Moreover, it uses cutting-edge open-source technologies as a way to advance security event handling in Industrial Control Networks (ICs), and to involve the open-source community in working towards a common solution to this problem.