Talk Title:
Cyber-Security Architectures for Control Systems
Abstract:
Increasingly, physical systems are being monitored and controlled using networked computers. Examples of this trend include smart buildings, in which computers control building functions like door locks and lighting, and electric power grids, in which computers control relays in transformer substations. This talk examines the tradeoff in such systems between physical isolation or perimeter security using proxies versus end-to-end connectivity using enterprise networks or the Internet. Smart buildings and the electric power grid will be used to contrast these strategies. Our discussion of smart buildings will focus on robust perimeter protection based on an assumption-of-risk principle that aims to protect non-users of advanced building services from being affected by security compromises. We illustrate with a discussion of the Building Automation Middleware (BAM) project, which has designed such a system for the Siebel Center for Computer Science at the University of Illinois. Our discussion of the power grid will focus on end-to-end protections for grid elements such as substation relays and home meters. We describe work on security for Advanced Meter Infrastructure (AMI) and present a technology for continuous remote attestation of meter software.
Bio:
Carl A. Gunter received his BA from the University of Chicago in 1979 and his PhD from the University of Wisconsin at Madison in 1985. He worked as a postdoctoral researcher at Carnegie-Mellon University and the University of Cambridge in England before joining the faculty of the University of Pennsylvania in 1987 and the University of Illinois 2004. He is a professor, director of Illinois Security Lab, member of the Information Trust Institute (ITI) steering committee, and head of the Systems and Networking Area of the Computer Science Department. He is the chair of the steering committee for the ACM Conference on Computer and Communications Security (CCS) and an editor for IEEE Transactions on Computers. Gunter has made research contributions in the semantics of programming languages, formal analysis of networks and security, and privacy.
His contributions to the semantics of programming languages include the interpretation of subtypes using implicit coercions, type inference for continuations and prompts, the use of Grothendieck fibrations as a model of parametric polymorphism, the mixed powerdomain, and the use of Petri nets as a model of linear logic. His 1992 textbook and his chapter in the Handbook of Theoretical Computer Science are standard references on the semantics of programming languages. He has also served extensively as research consultant and expert witness on programming languages. Gunters contributions to the formal analysis of networks and security include the Packet Language for Active Networks (PLAN), the WRSPM reference model for requirements and specifications, the first formal analyses of Internet and ad hoc routing protocols, the Verisim system for analyzing network simulations, and the use of bandwidth as a DoS countermeasure. His work on privacy includes the first research on certificate retrieval for trust management and the formal analysis of regulatory privacy rules. He founded Probaris Technologies, a company in the Philadelphia area that provides credentials for employees of government agencies such as the Social Security Administration and the Patent and Trade Office.
His most recent research directions include the security of control systems, including Building Automation Systems (BASs), power substations, and Advanced Meter Infrastructure (AMI). He is also developing the use of attribute-based systems for messaging and security.
|
