CPAC: Securing critical infrastructure with cyber-physical access control

Sriharsha Etigowni, Dave Jing Tian, Grant Hernandez, Saman Zonouz, Kevin Butler

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Scopus citations

Abstract

Critical infrastructure such as the power grid has become increasingly complex. The addition of computing elements to traditional physical components increases complexity and hampers insight into how elements in the system interact with each other. The result is an infrastructure where operational mistakes, some of which cannot be distinguished from attacks, are more difficult to prevent and have greater potential impact, such as leaking sensitive information to the operator or attacker. In this paper, we present CPAC, a cyber-physical access control solution to manage complexity and mitigate threats in cyber-physical environments, with a focus on the electrical smart grid. CPAC uses information flow analysis based on mathematical models of the physical grid to generate policies enforced through verifiable logic. At the device side, CPAC combines symbolic execution with lightweight dynamic execution monitoring to allow non-intrusive taint analysis on programmable logic controllers in realtime. These components work together to provide a realtime view of all system elements, and allow for more robust and finer-grained protections than any previous solution to securing the grid. We implement a prototype of CPAC using Bachmann PLCs and evaluate several real-world incidents that demonstrate its scalability and effectiveness. The policy checking for a nation-wide grid is less than 150 ms, faster than existing solutions. We additionally show that CPAC can analyze potential component failures for arbitrary component failures, far beyond the capabilities of currently deployed systems. CPAC thus provides a solution to secure the modern smart grid from operator mistakes or insider attacks, maintain operational privacy, and support N-x contingencies.

Original languageEnglish (US)
Title of host publicationProceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016
PublisherAssociation for Computing Machinery
Pages139-152
Number of pages14
ISBN (Electronic)9781450347716
DOIs
StatePublished - Dec 5 2016
Event32nd Annual Computer Security Applications Conference, ACSAC 2016 - Los Angeles, United States
Duration: Dec 5 2016Dec 9 2016

Publication series

NameACM International Conference Proceeding Series
Volume5-9-December-2016

Other

Other32nd Annual Computer Security Applications Conference, ACSAC 2016
CountryUnited States
CityLos Angeles
Period12/5/1612/9/16

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'CPAC: Securing critical infrastructure with cyber-physical access control'. Together they form a unique fingerprint.

  • Cite this

    Etigowni, S., Tian, D. J., Hernandez, G., Zonouz, S., & Butler, K. (2016). CPAC: Securing critical infrastructure with cyber-physical access control. In Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016 (pp. 139-152). (ACM International Conference Proceeding Series; Vol. 5-9-December-2016). Association for Computing Machinery. https://doi.org/10.1145/2991079.2991126