Presentation on theme: "TRUST for SCADA: A Simulation-based Experimental Platform"— Presentation transcript:
1TRUST for SCADA: A Simulation-based Experimental Platform Andrew Davis, Gabor Karsai, Himanshu NeemaVanderbilt UniversityAnnarita Giani, UC BerkeleyBruno Sinopoli, Rohan Chabukswar, Carnegie Mellon University
2Outline SCADA Systems and Security The TRUST-SCADA Experimental TestbedA New ImplementationFuture Directions
3Outline SCADA Systems and Security The TRUST-SCADA Experimental TestbedA New ImplementationFuture Directions
4What is SCADA?Supervisory Control And Data Acquisition systems are computer-based monitoring tools that are used to manage and control critical infrastructure functions in real time.Control Gas Utilities, Power Plants, Oil Refineries, Power Utilities, Chemical Plants, Water Management, Traffic Control Systems, etc.
5Typical SCADA Hardware Elements SCADA MasterProvides overall monitoring and control SCADA systemSCADA NetworkProvides communication between SCADA master and RTUsRemote Terminal Units (RTUs)Local process controllers that are commanded by SCADA mastersCan perform simple logic-based or PID controlSensors and ActuatorsProvide means of measuring infrastructure parameters and adjusting them
7SCADA Systems Security Issues SCADA systems have decade-long lifetimesMost were designed without security considerationsSCADA systems today are connected to the InternetNetwork security problems may impact plant operationsSCADA systems are difficult to upgradeAdding security features often means downtimeDevices contain embedded computing componentsNetworks are customized for specific systemsNeed flexible, robust solutions that secure legacy SCADA systems and shape the design of the next
8Outline SCADA Systems and Security Goals and Requirements for a TRUST-SCADA Experimental TestbedA New ImplementationFuture Directions
9SCADA Testbed GoalsTo assess vulnerabilities of current SCADA implementations in realistic settingsTo provide and test solutions to address such vulnerabilitiesTo test innovative architectural and technological solutions for next generation SCADATo provide an open-source design for an affordable, and highly flexible testbed for the TRUST community
10SCADA Testbed Requirements Modularity:Must be able to model several SCADA elementsProcesses (‘plants’)Network architecturesCommunications topologies, media, and protocolsReconfigurability:Needs to be easily reconfigurable to test new control schemes, attack scenarios, solutionsRemote access:Should be available to remote usersAccurate modeling:Should be a realistic model of a real world process
11Outline SCADA Systems and Security The TRUST-SCADA Experimental TestbedA New ImplementationFuture Directions
12A New Implementation Simulation: An inexpensive and affordable approach for small-scale experimentation and educationAllows desktop and portable realizationWhat is simulated?Tool used (example)PlantSimulink/StateflowNetworkOmnet++, NS-2, OPNET, …Controller
14Integration Problems Integrating models Integrating the system Heterogeneous modeling for different domains: plant models, network models, controller models, etc.Needed: an overarching integration model that connects and relates the heterogeneous domain models in a logically coherent framework.Integrating the systemHeterogeneous simulators and emulators for different domains: OMNET++, Simulink/Stateflow, EMULAB, etc.Needed: an underlying software infrastructure that connects and relates the heterogeneous simulators in a logically and temporally coherent framework.Key idea: Integration is about interactions across system components. We model the interactions and use these models to facilitate model and system integration.
15Data Distribution Network C2WT Demonstration10/8/08C2 Wind Tunnel Project*: Challenges for Model and Simulation IntegrationOrganization/CoordinationController/Vehicle DynamicsDevsProcessing (Tracking)Delta3D3-D Environment (Sensors)CPNSL/SFAdaptiveHumanOrganizationMixedInitiativeControllerContext Dep.CommandInterpretationResourceAllocationData Distribution NetworkCoordinationDecisionSupportHCIAbstractCommandsPlatformAssignedStatusCOPElementsModel-Integrated System and Software Laboratory Environment: C2 WindtunnelHow can we integrate the models?How can we integrate the simulated heterogeneous system components?How can we integrate the simulation engines?GMESimulation InteractionSimulation ArchitectureOMNETNetwork Architecture* Human Centric Design Environments for Command and Control Systems:The C2 Wind Tunnel, AFOSR PRET: VU, GMU, UCB, UABarksdale AFB
16C2W Integration Solution Goalsto provide an environment to integrate and execute heterogeneous domain specific simulation models or ‘real’ system componentsto support easy configuration and evaluation of scenariosDoD/HLA was chosen as the base run-time integration platform.Rationale: HLA was designed as a simulation integration platform and it provides services for run-time integration of large simulators. Has sophisticated support for coordination among simulation engines.C2WT additions:Model based integration of domain specific simulation models (Simulink, Omnet++, etc)Data modelsIntegration modelsTransformation (import, export, code generation)Support for execution of domain specific modelsRuntime execution enginesKey idea: Integration is about interactions across system components. We model the interactions and use these models to facilitate model and system integration.
17Models: Integration and Deployment Interactions (message types)Federates (simulators)ExperimentHost node
18Using the C2W Integration Models Domain specificC2W simulation componentsconfigurationC2W integration models(data flow, timing, parameters)OMNETcomponentCPNcomponentBased on C2WT models configuration files are generated for the various simulation components.Configure how the component is connected to the simulation (input-output binding)C2W modeling environmentSimulinkcomponentDelta3DcomponentC2W Data models(interaction and object models)Domain specificsimulation modelstransformationOmnetmodelsCPNmodelsFederates have to have a common data model to be able to share data.Data model can be imported from domain specific modelsDomain specific models can be generated from data modelsSimulinkmodels…
20Simulink model integration (Plant and Controller Dynamics) Original modelGME integration modelAdd input-output bindingsInput bindingCode generationOutput bindingModified modelGenerated .m Receiver and SenderS-function code+Java code for representingSimulink federateRTI runtime communicationSignal flowSignal flowHLA Run-Time Infrastructure (RTI)
21Omnet++ integration (Network simulation) Simulates communication networkOmnet++, INet packagesOmnet is a generic discrete event simulation package (module specification with .ned files, implementation in c++, modular, customizable plug-in architecture)Inet: network protocols for omnet (ip, wireless, etc)Faithful model of the full network protocol stackProbabilistic model for physical layerChallenges of integrationTime management (replace Omnet++ scheduler)Scalability (avoid overloading the RTI bus but capture interesting behavior)Provides a set protocols with HLA mappingHeavy message traffic kept inside Omnet++High level application layer interface provided for HLA (light message traffic)ProtocolsReliable message send (tcp)Best effort message send (udp)Streaming (udp, e.g.: video streaming)Network interceptsConfigurationNetwork topologyDetailed parameters of full network stackExperimentation modulesAttack models (flood, DOS attack)…# uavs**.uav[*].udpAppType="StreamingUDPApp"**.uav[*].udpApp[*].local_port=6000**.uav[*].udpApp[*].dest_port=6000**.uav[*].udpApp[*].buffer_size = -1**.uav[*].udpApp[*].lost_frame_update_rate = 4
22Early Results Prototype TRUST SCADA-SIM Testbed that includes: Simulink/Stateflow for plant and controller modeling & simulationOmnet++ for network modeling & simulationExample experiment built using the testbed:Simulink model for chemical process plant (Tennessee Eastman)Simulink model for robust controllerOmnet++ model for network and DDOS network attackProcess ModelControllerPlant