University of Illinois Urbana-Champaign

Strategic network security for critical infrastructures

Palani, Kartik

Permalink

https://hdl.handle.net/2142/121396

Description

Title
Strategic network security for critical infrastructures
Author(s)
Palani, Kartik
Issue Date
2023-05-10
Director of Research (if dissertation) or Advisor (if thesis)
Nicol, David M
Doctoral Committee Chair(s)
Nicol, David M
Committee Member(s)
  • Smith, Sean W
  • Borisov, Nikita
  • Srikant, Rayadurgam
Department of Study
Electrical & Computer Eng
Discipline
Electrical & Computer Engr
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
Ph.D.
Degree Level
Dissertation
Keyword(s)
  • Optimization
  • cybersecurity, cyber-physical systems
  • algorithms
  • computer networks
Abstract
The safety and integrity of critical infrastructures are of utmost importance to a nation's economy and security. In order to guarantee operational availability and service metrics, these infrastructures rely on automation provided by an underlying network of computers. In recent years, these automation systems have been used by attackers to gain access to and disrupt the physical processes being controlled. This dissertation aims to provide quantifiable methods to assess the risk added to the system by this extended attack surface and to design automated mechanisms for mitigating the system risk by selecting and deploying the right countermeasures. Any countermeasure strategy must account for the operational constraints that the system has in place for service guarantees and must make trade-offs between system availability and cybersecurity. The risk mitigation work presented in this dissertation generates countermeasure strategies that account for the strict communication deadlines between networked controllers, the regulatory requirements demanded by national regulators, and the security budgets of the infrastructure operators. Regarding risk assessment, we propose quantifiable metrics that can be used with operator expertise. We describe metrics that can be computed with or without knowledge about the attacker. We also provide a tool for measuring the monetary impact of a successful attack campaign. Regarding risk mitigation, we describe algorithms to select and deploy countermeasures. Since firewalls are used as a primary network security mechanism, we provide a detailed analysis of mitigating the risk allowed by the network access policy. We also show how we can rank countermeasure strategies that prioritize security against certain adversary groups under assumptions about attacker capabilities. Finally, we also design a new countermeasure that tackles one of the most commonly used attacker tactics.
Graduation Semester
2023-08
Type of Resource
Thesis
Copyright and License Information
Copyright 2023 Kartik Palani

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois