Strategic network security for critical infrastructures

Palani, Kartik

Permalink

https://hdl.handle.net/2142/121396 Copy

Description

Title

Strategic network security for critical infrastructures

Author(s)

Palani, Kartik

Issue Date

2023-05-10

Director of Research (if dissertation) or Advisor (if thesis)

Nicol, David M

Doctoral Committee Chair(s)

Nicol, David M

Committee Member(s)

• Smith, Sean W
• Borisov, Nikita
• Srikant, Rayadurgam

Department of Study

Electrical & Computer Eng

Discipline

Electrical & Computer Engr

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

Ph.D.

Degree Level

Dissertation

Keyword(s)

• Optimization
• cybersecurity, cyber-physical systems
• algorithms
• computer networks

Abstract

The safety and integrity of critical infrastructures are of utmost importance to a nation's economy and security. In order to guarantee operational availability and service metrics, these infrastructures rely on automation provided by an underlying network of computers. In recent years, these automation systems have been used by attackers to gain access to and disrupt the physical processes being controlled. This dissertation aims to provide quantifiable methods to assess the risk added to the system by this extended attack surface and to design automated mechanisms for mitigating the system risk by selecting and deploying the right countermeasures. Any countermeasure strategy must account for the operational constraints that the system has in place for service guarantees and must make trade-offs between system availability and cybersecurity. The risk mitigation work presented in this dissertation generates countermeasure strategies that account for the strict communication deadlines between networked controllers, the regulatory requirements demanded by national regulators, and the security budgets of the infrastructure operators. Regarding risk assessment, we propose quantifiable metrics that can be used with operator expertise. We describe metrics that can be computed with or without knowledge about the attacker. We also provide a tool for measuring the monetary impact of a successful attack campaign. Regarding risk mitigation, we describe algorithms to select and deploy countermeasures. Since firewalls are used as a primary network security mechanism, we provide a detailed analysis of mitigating the risk allowed by the network access policy. We also show how we can rank countermeasure strategies that prioritize security against certain adversary groups under assumptions about attacker capabilities. Finally, we also design a new countermeasure that tackles one of the most commonly used attacker tactics.

Graduation Semester

2023-08

Type of Resource

Thesis

Copyright and License Information

Copyright 2023 Kartik Palani

Owning Collections