A Heterogeneous Redundant Architecture for Industrial Control System Security

Zhihao Dai, Matthew Leeke, Yulong Ding, Shuang-hua Yang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Component-level heterogeneous redundancy is gaining popularity as an approach for preventing single-point security breaches in Industrial Control Systems (ICSs), especially with regard to core components such as Programmable Logic Controllers (PLCs). To take control of a system with component-level heterogeneous redundancy, an adversary must uncover and concurrently exploit vulnerabilities across multiple versions of hardened components. As such, attackers incur increased costs and delays when seeking to launch a successful attack. Existing approaches advocate attack resilience via pairwise comparison among outputs from multiple PLCs. These approaches incur increased resource costs due to them having a high degree of redundancy and do not address concurrent attacks. In this paper we address both issues, demonstrating a data-driven component selection approach that achieves a trade-off between resources cost and security. In particular, we propose (i) a novel dual-PLC ICS architecture with native pairwise comparison which can offer limited yet comparable defence against single-point breaches, (ii) a machine-learning based selection mechanisms which can deliver resilience against non-concurrent attacks under resource constraints, (iii) a scaled up variant of the proposed architecture to counteract concurrent attacks with modest resource implications.
Original languageEnglish
Title of host publication2022 IEEE 27th Pacific Rim International Symposium on Dependable Computing (PRDC)
PublisherIEEE
Pages89-97
ISBN (Electronic)9781665485555
ISBN (Print)9781665485562
DOIs
Publication statusPublished - 28 Nov 2022
Event27th IEEE Pacific Rim International Symposium on Dependable Computing - Beijing, China
Duration: 28 Nov 20221 Dec 2022
https://prdc.dependability.org/PRDC2022/

Publication series

NamePacific Rim International Symposium on Dependable Computing
PublisherIEEE
ISSN (Print)1555-094X
ISSN (Electronic)2473-3105

Conference

Conference27th IEEE Pacific Rim International Symposium on Dependable Computing
Abbreviated titlePRDC 2022
Country/TerritoryChina
CityBeijing
Period28/11/221/12/22
Internet address

Fingerprint

Dive into the research topics of 'A Heterogeneous Redundant Architecture for Industrial Control System Security'. Together they form a unique fingerprint.

Cite this