Protecting Control Flow in Finite State Machines
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Critical infrastructure systems continue to foster predictable communication patterns and static configurations over extended periods of time. The static nature of these systems eases the process of gathering reconnaissance information that can be used to design, develop, and launch attacks by adversaries. In this research effort, the early phases of an attack vector will be disrupted by randomizing application port numbers, IP addresses, and communication paths dynamically through the use of overlay networks within Industrial Control Systems (ICS). These protective measures convert static systems into "moving targets," adding an additional layer of defense. Additionally, we have developed a framework that automatically detects and defends against threats within these systems using an ensemble of machine learning algorithms that classify and categorize abnormal behavior. Our proof-of-concept has been demonstrated within a representative ICS environment. Performance metrics of our proof-of-concept have been captured with latency impacts of less than a millisecond, on average.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016
Moving target defense (MTD) is an emerging paradigm in which system defenses dynamically mutate in order to decrease the overall system attack surface. Though the concept is promising, implementations have not been widely adopted. The field has been actively researched for over ten years, and has only produced a small amount of extensively adopted defenses, most notably, address space layout randomization (ASLR). This is despite the fact that there currently exist a variety of moving target implementations and proofs-of-concept. We suspect that this results from the moving target controls breaking critical system dependencies from the perspectives of users and administrators, as well as making things more difficult for attackers. As a result, the impact of the controls on overall system security is not sufficient to overcome the inconvenience imposed on legitimate system users. In this paper, we analyze a successful MTD approach. We study the control's dependency graphs, showing how we use graph theoretic and network properties to predict the effectiveness of the selected control.
Moving target defense (MTD) is an emerging paradigm in which system defenses dynamically mu- tate in order to decrease the overall system attack surface. Though the initial concept is promising, implementations have not been widely adopted. The field has been actively researched for over ten years, and has only produced a small amount of extensively adopted defenses, most notably, address space layout randomization (ASLR). This is despite the fact that there currently exist a variety of moving target implementations and proofs-of-concept. We suspect that this results from the moving target controls breaking critical system dependencies from the perspectives of users and administrators, as well as making things more difficult for attackers. As a result, the impact of the controls on overall system security is not sufficient to overcome the inconvenience imposed on legitimate system users. In this paper, we analyze a successful MTD approach. We study the con- trol's dependency graphs, showing how we use graph theoretic and network properties to predict the effectiveness of the selected control. Then, with this framework in place, the dynamic nature of some Moving Target Defenses opens the possibility of modeling them with dynamic systems approaches, such as state space representations familiar from control and systems theory. We then use this approach to develop state space models for Moving Target Defenses, provide an analysis of their properties, and suggest approaches for using them.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Proceedings of the 11th International Conference on Cyber Warfare and Security, ICCWS 2016
Today's globalized supply chains are complex systems of systems characterized by a conglomeration of interconnected networks and dependencies. There is a constant supply and demand for materials and information exchange with many entities such as people, organizations, processes, services, products, and infrastructure at various levels of involvement. Fully comprehending supply chain risk (SCR) is a challenging problem, as attacks can be initiated at any point within the system lifecycle and can have detrimental effects to mission assurance. Counterfeit items, from individual components to entire systems, have been found in commercial and government systems. Cyber-attacks have been enabled by suppliers' lack of security. Furthermore, there have been recent trends to incorporate supply chain security to help defend against potential cyber-attacks, however, we find that traditional supply chain risk reduction and screening methods do not typically identify intrinsic vulnerabilities of realized systems. This paper presents the application of a supply chain decision analytics framework for assisting decision makers in performing risk-based cost-benefit prioritization of security investments to manage SCR. It also presents results from a case study along with discussions on data collection and pragmatic insight to supply chain security approaches. This case study considers application of the framework in analyzing the supply chain of a United States Government critical infrastructure construction project, clarifies gaps between supply chain analysis and technical vulnerability analysis, and illustrates how the framework can be used to identify supply chain threats and to suggest mitigations.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Critical Infrastructure control systems continue to foster predictable communication paths, static configurations, and unpatched systems that allow easy access to our nation's most critical assets. This makes them attractive targets for cyber intrusion. We seek to address these attack vectors by automatically randomizing network settings, randomizing applications on the end devices themselves, and dynamically defending these systems against active attacks. Applying these protective measures will convert control systems into moving targets that proactively defend themselves against attack. Sandia National Laboratories has led this effort by gathering operational and technical requirements from Tennessee Valley Authority (TVA) and performing research and development to create a proof-of-concept solution. Our proof-of-concept has been tested in a laboratory environment with over 300 nodes. The vision of this project is to enhance control system security by converting existing control systems into moving targets and building these security measures into future systems while meeting the unique constraints that control systems face.
Abstract not provided.
IEEE Security and Privacy
Physical unclonable functions (PUFs) make use of the measurable intrinsic randomness of physical systems to establish signatures for those systems. PUFs provide a means to generate unique keys that don't need to be stored in nonvolatile memory, and they offer exciting opportunities for new authentication and supply chain security technologies.
IEEE Security & Privacy
Physical unclonable functions (PUFs) make use of the measurable intrinsic randomness of physical systems to establish signatures for those systems. Thus, PUFs provide a means to generate unique keys that don't need to be stored in nonvolatile memory, and they offer exciting opportunities for new authentication and supply chain security technologies.
Abstract not provided.
We are using the DoD MIL-STD as our guide for microelectronics aging (MIL-STD 883J, Method 1016.2: Life/Reliability Characterization Tests). In that document they recommend aging at 3 temperatures between 200-300C, separated by at least 25C, with the supply voltage at the maximum recommended voltage for the devices at 125C (3.6V in our case). If that voltage causes excessive current or power then it can be reduced and the duration of the tests extended. The MIL-STD also recommends current limiting resistors in series with the supply. Since we don’t have much time and we may not have enough ovens and other equipment, two temperatures separated by at least 50C would be an acceptable backup plan. To ensure a safe range of conditions is used, we are executing 24-hour step tests. For these, we will apply the stress for 24 hours and then measure the device to make sure it wasn’t damaged. During the stress the PUFs should be exercised, but we don’t need to measure their response. Rather, at set intervals our devices should be returned to nominal temperature (under bias), and then measured. The MIL-STD puts these intervals at 4, 8, 16, 32, 64, 128, 256, 512 and 1000 hours, although the test can be stopped early if 75% of the devices have failed. A final recommendation per the MIL-STD is that at least 40 devices should be measured under each condition. Since we only have 25 parts, we will place 10 devices in each of two stress conditions.
Abstract not provided.
IEEE Security and Privacy
Abstract not provided.
Abstract not provided.
Abstract not provided.
Proposed for publication in IEEE Transactions on Very Large Scale Integration Systems .
Abstract not provided.
This report assesses current public domain cyber security practices with respect to cyber indications and warnings. It describes cybersecurity industry and government activities, including cybersecurity tools, methods, practices, and international and government-wide initiatives known to be impacting current practice. Of particular note are the U.S. Government's Trusted Internet Connection (TIC) and 'Einstein' programs, which are serving to consolidate the Government's internet access points and to provide some capability to monitor and mitigate cyber attacks. Next, this report catalogs activities undertaken by various industry and government entities. In addition, it assesses the benchmarks of HPC capability and other HPC attributes that may lend themselves to assist in the solution of this problem. This report draws few conclusions, as it is intended to assess current practice in preparation for future work, however, no explicit references to HPC usage for the purpose of analyzing cyber infrastructure in near-real-time were found in the current practice. This report and a related SAND2010-4766 National Cyber Defense High Performance Computing and Analysis: Concepts, Planning and Roadmap report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.
There is a national cyber dilemma that threatens the very fabric of government, commercial and private use operations worldwide. Much is written about 'what' the problem is, and though the basis for this paper is an assessment of the problem space, we target the 'how' solution space of the wide-area national information infrastructure through the advancement of science, technology, evaluation and analysis with actionable results intended to produce a more secure national information infrastructure and a comprehensive national cyber defense capability. This cybersecurity High Performance Computing (HPC) analysis concepts, planning and roadmap activity was conducted as an assessment of cybersecurity analysis as a fertile area of research and investment for high value cybersecurity wide-area solutions. This report and a related SAND2010-4765 Assessment of Current Cybersecurity Practices in the Public Domain: Cyber Indications and Warnings Domain report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.
Abstract not provided.
The readout of a solid state qubit often relies on single charge sensitive electrometry. However the combination of fast and accurate measurements is non trivial due to large RC time constants due to the electrometers resistance and shunt capacitance from wires between the cold stage and room temperature. Currently fast sensitive measurements are accomplished through rf reflectrometry. I will present an alternative single charge readout technique based on cryogenic CMOS circuits in hopes to improve speed, signal-to-noise, power consumption and simplicity in implementation. The readout circuit is based on a current comparator where changes in current from an electrometer will trigger a digital output. These circuits were fabricated using Sandia's 0.35 {micro}m CMOS foundry process. Initial measurements of comparators with an addition a current amplifier have displayed current sensitivities of < 1nA at 4.2K, switching speeds up to {approx}120ns, while consuming {approx}10 {micro}W. I will also discuss an investigation of noise characterization of our CMOS process in hopes to obtain a better understanding of the ultimate limit in signal to noise performance.
Abstract not provided.