Date post: | 23-Dec-2015 |
Category: |
Documents |
Upload: | griffin-curtis |
View: | 218 times |
Download: | 0 times |
Annarita Giani, UC BerkeleyBruno Sinopoli & Aakash Shah, Carnegie Mellon University Gabor Karsai & Jon Wiley, Vanderbilt UniversityTRUST 2008 Autumn Conference, Nashville Tennessee
SCADA Systems and SecurityThe TRUST-SCADA Experimental
TestbedCurrent ImplementationFuture Directions
SCADA Systems and SecurityThe TRUST-SCADA Experimental
TestbedCurrent ImplementationFuture Directions
Supervisory Control And Data Acquisition systems are computer-based monitoring tools that are used to manage and control critical infrastructure functions in real time. Control Gas Utilities, Power Plants, Oil Refineries,
Power Utilities, Chemical Plants, Water Management, Traffic Control Systems, etc.
SCADA Master Provides overall monitoring and
control SCADA system SCADA Network
Provides communication between SCADA master and RTUs
Remote Terminal Units (RTUs) Local controllers that take
commands from SCADA masters Can perform simple PID control
Sensors and Actuators Provide means of measuring
infrastructure parameters and adjusting them
SCADA systems have significant lifetimes Most were designed without security in mind Most are now connected to new infrastructure SCADA Systems are difficult to upgrade
Adding security often means downtime SCADA systems contain embedded components SCADA networks are customized for each system
Need flexible, robust solutions that secure legacy SCADA systems and shape the design of the next generation
SCADA Systems and SecurityThe TRUST-SCADA Experimental
TestbedCurrent ImplementationFuture Directions
Assess vulnerabilities of current SCADA implementations
Provide and test solutions to address such vulnerabilities
Test innovative architectural and technological solutions for next generation SCADA
Provide an openly-documented, affordable, and highly flexible testbed for the TRUST community
Modularity: Must be able to model several SCADA
▪ Processes▪ Network architectures▪ Communications topologies, media, and protocols
Reconfigurability: Needs to be easily reconfigurable to test new
attack scenarios, solutions Remote access:
Should be available to remote users Accurate modeling:
Should be a realistic model of a real world process
Software SCADA Master
Software Communication
Simulation RTU Software Hardware
Simulation Plant Simulation
Hardware Servers SCADA Master
Controller Communications
Equipment RTUs
SCADA Systems and SecurityThe TRUST-SCADA Experimental
TestbedCurrent ImplementationFuture Directions
Simulink RTW Plant Model Simulation on xPC
High Speed I/O Interface
Robostix Microcontroller
12-bits of parallel digital data
8 channels of 12-bitanalog data
Gumstix/Linux Computer
sensor readingssetpoints
An adaptation of a publically available chemical plant model
Runs on xPC Target 4 processes 16 control loops 12 input variables 8 measured outputs Simulates 1 hour in
one second (controllable simulation speed)
Out 9
9
Out 8
8
Out 7
7
Out 6
6
Out 5
5
Out 4
4
Out 3
3
Out 2
2
Out 1
1
LogicalOperator 8
AND
LogicalOperator 7
AND
LogicalOperator 6
AND
LogicalOperator 5
AND
LogicalOperator 4
AND
LogicalOperator 3
AND
LogicalOperator 2
AND
LogicalOperator 1
AND
LogicalOperator
AND
HandshakeIn _87 _b37
PCI-DDA08 /12ComputerBoards
Digital Input4
HandshakeInScope
Target ScopeId : 1
DataScope
Target ScopeId : 4
DataBit 7_75 _b25
PCI-DDA08 /12ComputerBoards
Digital Input8
DataBit 6_76 _b26
PCI-DDA08 /12ComputerBoards
Digital Input7
DataBit 5_77 _b27
PCI-DDA08 /12ComputerBoards
Digital Input6
DataBit 4_78 _b28
PCI-DDA08 /12ComputerBoards
Digital Input5
DataBit 3_79 _b29
PCI-DDA08 /12ComputerBoards
Digital Input4
DataBit 2_80 _b30
PCI-DDA08 /12ComputerBoards
Digital Input3
DataBit 1_81 _b31
PCI-DDA08 /12ComputerBoards
Digital Input2
DataBit 0_82 _b32
PCI-DDA08 /12ComputerBoards
Digital Input1
ControlVar 9
In S/H
ControlVar 8
In S/H
ControlVar 7
In S/H
ControlVar 6
In S/H
ControlVar 5
In S/H
ControlVar 4
In S/H
ControlVar 3
In S/H
ControlVar 2
In S/H
ControlVar 1
In S/H
ControlScope
Target ScopeId : 3
ControlBit 3_83 _b33
PCI-DDA08 /12ComputerBoards
Digital Input8
ControlBit 2_84 _b34
PCI-DDA08 /12ComputerBoards
Digital Input7
ControlBit 1_85 _b35
PCI-DDA08 /12ComputerBoards
Digital Input6
ControlBit 0_86 _b36
PCI-DDA08 /12ComputerBoards
Digital Input5
CompareTo Constant 8
== 8
CompareTo Constant 7
== 7
CompareTo Constant 6
== 6
CompareTo Constant 5
== 5
CompareTo Constant 4
== 4
CompareTo Constant 3
== 3
CompareTo Constant 2
== 2
CompareTo Constant 1
== 1
CompareTo Constant
== 0
Bit to IntegerConverter 1
Bit to IntegerConverter
Bit to IntegerConverter
Bit to IntegerConverter
AckOut_58 _b8
PCI-DDA08 /12ComputerBoards
Digital Output1
Atmel ATMega128 Microcontroller8 channels of 10-bit A/D
Used for measuring analog sensor dataUp to 54 channels of digital I/O
Used for sending actuator setpoints to plant simulation
SCI, IICCan run simple
PID control loops
Gumstix 400MHz Linux ComputerRuns SCADA Master softwareReceives sensor and actuator
information from RTUsSends setpoints to RTUsSCI, IIC, Ethernet, Wifi
Locally controlled process
Remotely controlled process
Simulink RTW Plant Model Simulation on xPC
High Speed I/O Interface
Robostix Microcontroller
12-bits of parallel digital data
8 channels of 12-bitanalog data
Gumstix/Linux Computer
sensor readings(over Modbus)
setpoints(over Modbus)
Simulink RTW Plant Model Simulation on xPC
High Speed I/O Interface
Robostix Microcontroller
12-bits of parallel digital data
8 channels of 12-bitanalog data
Simulink RTW Plant Model Simulation on xPC
High Speed I/O Interface
Robostix
Gumstix Computer
Distributed controlusing Modbus
Distributed control using Ethernet
Robostix
Simulink RTW Plant Model Simulation on xPC
High Speed I/O Interface
Robostix
Gumstix Computer
Gumstix Computer
Robostix
SCADA Systems and SecurityThe TRUST-SCADA Experimental
TestbedCurrent ImplementationFuture Directions
Finish modular SCADA TestbedDevelop modeling tool for easy
configuration of testbedModel systems and demonstrate
vulnerabilities of current SCADA systems
Test solutions to address current vulnerabilities
Test new architectural solutions