A Non-Intrusive Approach to Enhance Legacy Embedded Control Systems with Cyber Protection Features

  • Shangping Ren
  • Nianen Chen
  • Yue Yu
  • Pierre Poirot
  • Kevin Kwiat
  • Jeffrey J.P. Tsai

Trust is cast as a continuous re-evaluation: a system’s reliability and security are scrutinized, not just prior to, but during its deployment. This approach to maintaining trust is specifically applied to distributed and embedded control systems. Unlike general purpose systems, distributed and embedded control systems, such as power grid control systems and water treatment systems, etc., generally have a 24x7 availability requirement. Hence, upgrading or adding new cyber protection features into these systems in order to sustain them when faults caused by cyber attacks occur, is often difficult to achieve and inhibits the evolution of these systems into a cyber environment. In this chapter, we present a solution for extending the capabilities of existing systems while simultaneously maintaining the stability of the current systems. An externalized survivability management scheme based on the observe-reason-modify paradigm is applied, which decomposes the cyber attack protection process into three orthogonal subtasks: observation, evaluation and protection. This architecture provides greater flexibility and has a resolvability attribute- it can utilize emerging techniques; yet requires either minimal modifications or even no modifications whatsoever to the controlled infrastructures. The approach itself is general and can be applied to a broad class of observable systems.


Evaluation Module Finite State Machine Decision Unit Inference Engine Water Treatment System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    R. Panko, Corporate Computer and Network Security, Prentice Hall, Upper Saddle River, NJ, 2004.Google Scholar
  2. [2]
    V.P. Nelson, Fault-Tolerant Computing: Fundamental Concepts, Computer, IEEE, July 1990, pp. 19-25.Google Scholar
  3. [3]
    K. Kwiat, Can Reliability and Security be Joined Reliably and Securely?, Proceeding of the Symposium on Reliable Distributed Systems (SRDS), IEEE, October 2001.Google Scholar
  4. [4]
    D. Garlan, S.-W. Cheng, A.-C. Huang, B. Schmerl, and P. Steenkiste, “Rainbow: Architecture-based self-adaptation with reusable infrastructure” IEEE Computer, vol. Volume 37, Issue 10, pp. 46-54, October 2004.Google Scholar
  5. [5]
    D. Garlan and B. Schmerl, “Model-based adaptation for self-healing systems” in WOSS '02: Proceedings of the first workshop on Self-healing systems, New York, NY, USA, 2002, pp. 27-32.Google Scholar
  6. [6]
    G. Karsai, A. Ledeczi, J. Sztipanovits, G. Peceli, G. Simon, and T. Kovacshazy, “An approach to self-adaptive software based on supervisory control” in IWSAS, 2001, pp. 24-38.Google Scholar
  7. [7]
    G. Kaiser, J. Parekh, P. Gross, and G. Valetto, “Kinesthetics eXtreme: An external infrastructure for monitoring distributed legacy systems” in Autonomic Computing Workshop Fifth Annual International Workshop on Active Middleware Services (AMS'03), 2003.Google Scholar
  8. [8]
    Y. Qun, Y. Xian-Chun, and X. Man-Wu, “A framework for dynamic software architecture-based elf-healing” SIGSOFT Softw. Eng. Notes, vol. 30, no. 4, pp. 1-4, 2005.CrossRefGoogle Scholar
  9. [9]
    Y. Diao, J. Hellerstein, S. Parekh, R. Griffith, G. Kaiser, and D. Phung, “Self-managing systems: A control theory foundation” in 12th IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS '05), 2005.Google Scholar
  10. [10]
    S. N. L. Ernest Friedman-Hill, “Jess”
  11. [11]
    United States General Accounting Office. Critical Infrastructure Protection Challenges and Efforts to Secure Control Systems. Report to Congressional Requesters. March 2004.Google Scholar
  12. [12]
    Understanding SCADA Security Vulnerabilities. Technical Report. Riptech, Inc. 2001.Google Scholar
  13. [13]
    J. Pollet. Developing a Solid SCADA Security Strategy. SICON. Houston. TX. 2002.Google Scholar
  14. [14]
    F. Haji. L. Lindsay. S. Song. Practical Security Strategy for SCADA Automation Systems and Networks. CCECE/CCGEI, Saskatoon. May 2005.Google Scholar
  15. [15]
    C. L. Bowen. T. K. Buennemeyer. R. W. Thomas. Next Generation SCADA Security: Best Practices and Client Puzzles. In Proceedings of the IEEE Workshop on Information Assurance and Security. West Point, NY. 2005.Google Scholar
  16. [16]
    D. Gamez. S. N. Tehrani. J. Bigham. C. Balducelli. K. Burbeck. T. Chyssler. Dependable Computing Systems: Paradigms, Performance Issues, and Applications. Wiley, Inc. 2000.Google Scholar
  17. [17]
    In Tech Inc. Intrusion Detection and Cybersecurity. Technical Report. May 2004.Google Scholar
  18. [18]
    Wika, K.J., Safety Kernel Enforcement of Software Safety Policies, Ph.D. dissertation, Department of Computer Science, University of Virginia, Charlottesville, VA, 1995.Google Scholar
  19. [19]
    Knight J. C. Nakano L. G. Software test techniques for system fault-tree analysis. In Proc. SAFECOMP 97, 1997, pp. 369-380Google Scholar
  20. [20]
    Leveson, N. G., T. J. Shimeall, J. L. Stolzy, and J. C. Thomas, “Design for Safe Software” in Proceedings AIAA Space Sciences Meeting, Reno, Nevada, 1983.Google Scholar
  21. [21]
    Wayne Labs. Technology Brief (Issue 2, 2004). How secure is your control system? Issue 2/ technologybrief September2004.html
  22. [22]
    NUREG-0492, Fault Tree Handbook, U.S. Nuclear Regulatory Commission, January, 1981.Google Scholar
  23. [23]
    Shangping Ren, Limin Shen, Jeffrey J.P. Tsai: Reconfigurable Coordination Model for Dynamic Autonomous Real-Time Systems. SUTC (1) 2006: 60-67Google Scholar
  24. [24]
    Shangping Ren, Yue Yu, Nianen Chen, Kevin Marth, Pierre-Etienne Poirot, Limin Shen: Actors, Roles and Coordinators - A Coordination Model for Open Distributed and Embedded Systems. COORDINATION 2006: 247-265Google Scholar

Copyright information

© Springer-Verlag US 2009

Authors and Affiliations

  • Shangping Ren
    • 1
  • Nianen Chen
    • 1
  • Yue Yu
    • 1
  • Pierre Poirot
    • 1
  • Kevin Kwiat
    • 2
  • Jeffrey J.P. Tsai
    • 3
  1. 1.Department of Computer Science, Illinois Institute of TechnologyChicago
  2. 2.AFRL
  3. 3.Department of Computer Science, University of Illinois at ChicagoChicago

Personalised recommendations