Stealthy Deception Attacks Against SCADA Systems

SCADA protocols for Industrial Control Systems (ICS) are vulnerable to network attacks such as session hijacking. Hence, research focuses on network anomaly detection based on meta--data (message sizes, timing, command sequence), or on the state values of the physical process. In this work we present a class of semantic network-based attacks against SCADA systems that are undetectable by the above mentioned anomaly detection. After hijacking the communication channels between the Human Machine Interface (HMI) and Programmable Logic Controllers (PLCs), our attacks cause the HMI to present a fake view of the industrial process, deceiving the human operator into taking manual actions. Our most advanced attack also manipulates the messages generated by the operator's actions, reversing their semantic meaning while causing the HMI to present a view that is consistent with the attempted human actions. The attacks are totaly stealthy because the message sizes and timing, the command sequences, and the data values of the ICS's state all remain legitimate. We implemented and tested several attack scenarios in the test lab of our local electric company, against a real HMI and real PLCs, separated by a commercial-grade firewall. We developed a real-time security assessment tool, that can simultaneously manipulate the communication to multiple PLCs and cause the HMI to display a coherent system--wide fake view. Our tool is configured with message-manipulating rules written in an ICS Attack Markup Language (IAML) we designed, which may be of independent interest. Our semantic attacks all successfully fooled the operator and brought the system to states of blackout and possible equipment damage

Decoherence, control, and encoding of coupled solid-state quantum bits

In this thesis the decoherence properties, gate performance, control of solid-state quantum bits (qubits), and novel design proposals for solid-state qubits analogous to quantum optics are investigated. The qubits are realized as superconducting nanocircuits or quantum dot systems. The thesis elucidates both very appealing basic questions, like the generation and detection of deeply nonclassical states of the electromagnetic field, i.e., single photon Fock states, in the solid-state, but also presents a broad range of different strategies to improve the scalability and decoherence properties of solid-state qubit setups

Integrating behavioural design into the virtual environment development process

A number of specifications formalisms have been developed (or applied) to support the abstract design of the behavioural component of the virtual environment interface. These formalisms subscribe to the philosophy that virtual environments should be viewed as hybrid systems which combine discrete and continuous behaviour. A significant deficiency in designing behaviour in this way is that the designs cannot be directly executed and explored in the same manner as an implementation. This limitation makes it di#cult for a designer to evaluate the suitability of designs. The thesis presents the Marigold toolset which supports two approaches to evaluating behaviour described using the Flownet hybrid formalism

Weakest Pre-Condition and Data Flow Testing

Current data flow testing criteria cannot be applied to test array elements for two reasons: 1. The criteria are defined in terms of graph theory which is insufficiently expressive to investigate array elements. 2. Identifying input data which test a specified array element is an unsolvable problem. We solve the first problem by redefining the criteria without graph theory. We address the second problem with the invention of the wp_du method, which is based on Dijkstra\u27s weakest pre-condition formalism. This method accomplishes the following: Given a program, a def-use pair and a variable (which can be an array element), the method computes a logical expression which characterizes all the input data which test that def-use pair with respect to that variable. Further, for any data flow criterion, this method can be used to construct a logical expression which characterizes all test sets which satisfy that data flow criterion. Although the wp_du method cannot avoid unsolvability, it does confine the presence of unsolvability to the final step in constructing a test set

Perturbation-minimized triangular bunch for high-transformer ratio using a double dogleg emittance exchange beam line

The longitudinal shape, i.e., the current profile, of an electron bunch determines the transformer ratio in a collinear wakefield accelerator and thus methods are sought to control the longitudinal bunch shape. The emittance exchange (EEX) appears to be promising for creating a precisely controlled longitudinal bunch shapes. The longitudinal shape is perturbed by two sources: higher-order terms in the beam line optics and collective effects and these perturbations can lead to a significant drop of the transformer ratio. In this paper, we analytically and numerically investigate the perturbation to an ideal triangular longitudinal bunch shape and propose methods to minimize it.1153Ysciescopu

Circuit QED and engineering charge based superconducting qubits

The last two decades have seen tremendous advances in our ability to generate and manipulate quantum coherence in mesoscopic superconducting circuits. These advances have opened up the study of quantum optics of microwave photons in superconducting circuits as well as providing important hardware for the manipulation of quantum information. Focusing primarily on charge-based qubits, we provide a brief overview of these developments and discuss the present state of the art. We also survey the remarkable progress that has been made in realizing circuit quantum electrodynamics (QED) in which superconducting artificial atoms are strongly coupled to individual microwave photons.Comment: Proceedings of Nobel Symposium 141: Qubits for Future Quantum Informatio