Dynamic Data-Driven and Real-Time Verification for Industrial Control System Security

Industrial control systems (ICSes) perform vital functions in national critical infrastructures, such as electric power distribution; oil, gas, and water distribution; transportation systems; health-care device management; and even weapons systems. Figure 1 depicts an ICS example. The disruption of these control systems could have a significant impact on public safety and health, and lead to large financial losses. However, modern ICSes are increasingly adopting Internet technology to boost control efficiency. Exposing such control systems to public networks increases the risk of attacks and failures inherited from the commodity network infrastructure. The research goal of this project is to apply verification on dynamic data-driven network/application models to the problem of real-time errors and vulnerabilities detection for ICS security.

In the pursuit of this goal, we will develop a real-time verification framework, named "VeriGrid" (see Figure 2), for verifying the network and application behavior of an ICS in real time. VeriGrid takes dynamic input data from the network layer (e.g., topologies, forwarding tables) and the application layer (e.g., control event, data traffic), and then verifies the network/application behavior against system policies. Violations will indicate errors and vulnerabilities caused by cyber-attacks or misconfigurations. One key feature of VeriGrid is that our models are capable of accepting data at execution time (both traces or real-time data) as system states evolve, and the input data will drive VeriGrid to (1) select the appropriate models with different level of details, and (2) dynamically update the models, to steer the verification process.


In addition, we also plan to perform rigorous evaluation of VeriGrid on the IIT campus microgrid (see Figure 3). IIT and the Robert W. Galvin Center have built the first ever fully-functional Perfect Power system on IIT's Main Campus in Chicago,  a "Living Laboratory" for smart grid, microgrid, and other energy technologies.

Sponsor
   
The material presented at this website is based in part upon work supported by the Air Force Office of Scientific Research (AFOSR), the DDDAS Program, under Grant No. AFOSR FA9550-15-1-0190. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of AFOSR.

---