By Topic

A host-based security assessment architecture for Industrial Control systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Rakshit, A. ; Dept. of Comput. & Inf. Sci., Kansas State Univ., Manhattan, KS, USA ; Xinming Ou

Computerized control systems perform vital functions across many critical infrastructures throughout the nation. These systems can be vulnerable to a variety of attacks leading to devastating consequences like loss of production, interruption in distribution of public utilities and most importantly endangering public safety. This calls for an approach to halt attacks in their tracks before being able to do any harm to these systems. Vulnerability assessment performed on these systems can identify and assess potential vulnerabilities in a control system network, before they are exploited by malicious intruders. An effective vulnerability assessment architecture should assimilate security knowledge from multiple sources to uncover all the vulnerabilities present on a host. Legitimate concerns arise since host-based security scanners typically need to run at administrative privileges, and takes input from external knowledge sources for the analysis making it imperative that the scanner be trustworthy. Intentionally or otherwise, ill-formed input may compromise the scanner and the whole system if the scanner is susceptible to, or carries one or more vulnerability itself. We have implemented the scanning architecture in the context of an enterprise-level security analyzer.The analyzer finds security vulnerabilities present on a host according to the third-party security knowledge specified in Open Vulnerability Assessment Language(OVAL). This paper presents an architecture where a host-based security scanner's code base can be minimized to an extent where its correctness can be verified by adequate vetting. Moreover, the architecture also allows for leveraging third-party security knowledge efficiently and supports various higher-level security analysis.

Published in:

Resilient Control Systems, 2009. ISRCS '09. 2nd International Symposium on

Date of Conference:

11-13 Aug. 2009