IGNORE: A Policy Server to Prevent Cyber-Attacks from Propagating to the Physical Domain
We present the intelligent governor for the smart grid system (IGNORE) to limit the success of attacks when a grid’s cyber system has been compromised and leveraged by an adversary to mount attacks on the physical system. IGNORE is based on the concept of the security reference monitor. It is a comp...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2020-09-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/10/18/6236 |
| _version_ | 1797554284697485312 |
|---|---|
| author | Yatin Wadhawan Clifford Neuman Anas AlMajali |
| author_facet | Yatin Wadhawan Clifford Neuman Anas AlMajali |
| author_sort | Yatin Wadhawan |
| collection | DOAJ |
| description | We present the intelligent governor for the smart grid system (IGNORE) to limit the success of attacks when a grid’s cyber system has been compromised and leveraged by an adversary to mount attacks on the physical system. IGNORE is based on the concept of the security reference monitor. It is a component that serves to protect a system from attacks that are more severe and frequent than is acceptable by enforcing security policies on the actions of the system’s higher-level functions. It enforces security and safety policies by ignoring commands issued by a system’s higher-level functions if by executing those commands may cause violations of its security and safety constraints. The underlying principle for generating security policies is the requirement and safety property that evaluates whether commands issued by a cyber system are required and safe in/for the physical system. Our key contribution is to present the methodology to design a governor for a grid’s higher-level function, that is, demand response. We define a set of attacks prevented by the governor, a set of rules that define the governor, and demonstrate its effectiveness through empirical results. This work sheds light upon how a higher-level functionality of a smart grid system is protected by analyzing the system’s cyber and physical aspects even when some parts of the cyber system are compromised. |
| first_indexed | 2024-03-10T16:29:47Z |
| format | Article |
| id | doaj.art-886287dedc324c76a9ad3439aeb8053b |
| institution | Directory Open Access Journal |
| issn | 2076-3417 |
| language | English |
| last_indexed | 2024-03-10T16:29:47Z |
| publishDate | 2020-09-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj.art-886287dedc324c76a9ad3439aeb8053b2023-11-20T12:59:05ZengMDPI AGApplied Sciences2076-34172020-09-011018623610.3390/app10186236IGNORE: A Policy Server to Prevent Cyber-Attacks from Propagating to the Physical DomainYatin Wadhawan0Clifford Neuman1Anas AlMajali2Information Science Institute, University of Southern California, Los Angeles, CA 90089-0894, USAInformation Science Institute, University of Southern California, Los Angeles, CA 90089-0894, USADepartment of Computer Engineering, The Hashemite University, Zarqa 13133, JordanWe present the intelligent governor for the smart grid system (IGNORE) to limit the success of attacks when a grid’s cyber system has been compromised and leveraged by an adversary to mount attacks on the physical system. IGNORE is based on the concept of the security reference monitor. It is a component that serves to protect a system from attacks that are more severe and frequent than is acceptable by enforcing security policies on the actions of the system’s higher-level functions. It enforces security and safety policies by ignoring commands issued by a system’s higher-level functions if by executing those commands may cause violations of its security and safety constraints. The underlying principle for generating security policies is the requirement and safety property that evaluates whether commands issued by a cyber system are required and safe in/for the physical system. Our key contribution is to present the methodology to design a governor for a grid’s higher-level function, that is, demand response. We define a set of attacks prevented by the governor, a set of rules that define the governor, and demonstrate its effectiveness through empirical results. This work sheds light upon how a higher-level functionality of a smart grid system is protected by analyzing the system’s cyber and physical aspects even when some parts of the cyber system are compromised.https://www.mdpi.com/2076-3417/10/18/6236smart gridpower gridcyber–physical systemgovernorcyber–physical attacks |
| spellingShingle | Yatin Wadhawan Clifford Neuman Anas AlMajali IGNORE: A Policy Server to Prevent Cyber-Attacks from Propagating to the Physical Domain Applied Sciences smart grid power grid cyber–physical system governor cyber–physical attacks |
| title | IGNORE: A Policy Server to Prevent Cyber-Attacks from Propagating to the Physical Domain |
| title_full | IGNORE: A Policy Server to Prevent Cyber-Attacks from Propagating to the Physical Domain |
| title_fullStr | IGNORE: A Policy Server to Prevent Cyber-Attacks from Propagating to the Physical Domain |
| title_full_unstemmed | IGNORE: A Policy Server to Prevent Cyber-Attacks from Propagating to the Physical Domain |
| title_short | IGNORE: A Policy Server to Prevent Cyber-Attacks from Propagating to the Physical Domain |
| title_sort | ignore a policy server to prevent cyber attacks from propagating to the physical domain |
| topic | smart grid power grid cyber–physical system governor cyber–physical attacks |
| url | https://www.mdpi.com/2076-3417/10/18/6236 |
| work_keys_str_mv | AT yatinwadhawan ignoreapolicyservertopreventcyberattacksfrompropagatingtothephysicaldomain AT cliffordneuman ignoreapolicyservertopreventcyberattacksfrompropagatingtothephysicaldomain AT anasalmajali ignoreapolicyservertopreventcyberattacksfrompropagatingtothephysicaldomain |