4,900 research outputs found
Building Resilient Cloud Over Unreliable Commodity Infrastructure
Cloud Computing has emerged as a successful computing paradigm for
efficiently utilizing managed compute infrastructure such as high speed
rack-mounted servers, connected with high speed networking, and reliable
storage. Usually such infrastructure is dedicated, physically secured and has
reliable power and networking infrastructure. However, much of our idle compute
capacity is present in unmanaged infrastructure like idle desktops, lab
machines, physically distant server machines, and laptops. We present a scheme
to utilize this idle compute capacity on a best-effort basis and provide high
availability even in face of failure of individual components or facilities.
We run virtual machines on the commodity infrastructure and present a cloud
interface to our end users. The primary challenge is to maintain availability
in the presence of node failures, network failures, and power failures. We run
multiple copies of a Virtual Machine (VM) redundantly on geographically
dispersed physical machines to achieve availability. If one of the running
copies of a VM fails, we seamlessly switchover to another running copy. We use
Virtual Machine Record/Replay capability to implement this redundancy and
switchover. In current progress, we have implemented VM Record/Replay for
uniprocessor machines over Linux/KVM and are currently working on VM
Record/Replay on shared-memory multiprocessor machines. We report initial
experimental results based on our implementation.Comment: Oral presentation at IEEE "Cloud Computing for Emerging Markets",
Oct. 11-12, 2012, Bangalore, Indi
Stealthy Deception Attacks Against SCADA Systems
SCADA protocols for Industrial Control Systems (ICS) are vulnerable to
network attacks such as session hijacking. Hence, research focuses on network
anomaly detection based on meta--data (message sizes, timing, command
sequence), or on the state values of the physical process. In this work we
present a class of semantic network-based attacks against SCADA systems that
are undetectable by the above mentioned anomaly detection. After hijacking the
communication channels between the Human Machine Interface (HMI) and
Programmable Logic Controllers (PLCs), our attacks cause the HMI to present a
fake view of the industrial process, deceiving the human operator into taking
manual actions. Our most advanced attack also manipulates the messages
generated by the operator's actions, reversing their semantic meaning while
causing the HMI to present a view that is consistent with the attempted human
actions. The attacks are totaly stealthy because the message sizes and timing,
the command sequences, and the data values of the ICS's state all remain
legitimate.
We implemented and tested several attack scenarios in the test lab of our
local electric company, against a real HMI and real PLCs, separated by a
commercial-grade firewall. We developed a real-time security assessment tool,
that can simultaneously manipulate the communication to multiple PLCs and cause
the HMI to display a coherent system--wide fake view. Our tool is configured
with message-manipulating rules written in an ICS Attack Markup Language (IAML)
we designed, which may be of independent interest. Our semantic attacks all
successfully fooled the operator and brought the system to states of blackout
and possible equipment damage
Recommended from our members
MobileTrust: Secure Knowledge Integration in VANETs
Vehicular Ad hoc NETworks (VANET) are becoming popular due to the emergence of the Internet of Things and ambient intelligence applications. In such networks, secure resource sharing functionality is accomplished by incorporating trust schemes. Current solutions adopt peer-to-peer technologies that can cover the large operational area. However, these systems fail to capture some inherent properties of VANETs, such as fast and ephemeral interaction, making robust trust evaluation of crowdsourcing challenging. In this article, we propose MobileTrust—a hybrid trust-based system for secure resource sharing in VANETs. The proposal is a breakthrough in centralized trust computing that utilizes cloud and upcoming 5G technologies to provide robust trust establishment with global scalability. The ad hoc communication is energy-efficient and protects the system against threats that are not countered by the current settings. To evaluate its performance and effectiveness, MobileTrust is modelled in the SUMO simulator and tested on the traffic features of the small-size German city of Eichstatt. Similar schemes are implemented in the same platform to provide a fair comparison. Moreover, MobileTrust is deployed on a typical embedded system platform and applied on a real smart car installation for monitoring traffic and road-state parameters of an urban application. The proposed system is developed under the EU-founded THREAT-ARREST project, to provide security, privacy, and trust in an intelligent and energy-aware transportation scenario, bringing closer the vision of sustainable circular economy
AUTOMATED CYBER OPERATIONS MISSION DATA REPLAY
The Persistent Cyber Training Environment (PCTE) has been developed as the joint force solution to provide a single training environment for cyberspace operations. PCTE offers a closed network for Joint Cyberspace Operations Forces, which provides a range of training solutions from individual sustainment training to mission rehearsal and post-operation analysis. Currently, PCTE does not have the ability to replay previously executed training scenarios or external scenarios. Replaying cyber mission data on a digital twin virtual network within PCTE would support operator training as well as enable development and testing of new strategies for offensive and defensive cyberspace operations. A necessary first step in developing such a tool is to acquire network specifications for a target network, or to extract network specifications from a cyber mission data set. This research developed a program design and proof-of-concept tool, Automated Cyber Operations Mission Data Replay (ACOMDR), to extract a portion of the network specifications necessary to instantiate a digital twin network within PCTE from cyber mission data. From this research, we were able to identify key areas for future work to increase the fidelity of the network specification and replay cyber events within PCTE.Captain, United States Marine CorpsApproved for public release. Distribution is unlimited
Automated Speed and Lane Change Decision Making using Deep Reinforcement Learning
This paper introduces a method, based on deep reinforcement learning, for
automatically generating a general purpose decision making function. A Deep
Q-Network agent was trained in a simulated environment to handle speed and lane
change decisions for a truck-trailer combination. In a highway driving case, it
is shown that the method produced an agent that matched or surpassed the
performance of a commonly used reference model. To demonstrate the generality
of the method, the exact same algorithm was also tested by training it for an
overtaking case on a road with oncoming traffic. Furthermore, a novel way of
applying a convolutional neural network to high level input that represents
interchangeable objects is also introduced
- …