yuan xue vanderbilt university

25
Yuan Xue Vanderbilt University Integrated Modeling, Simulation and Emulation Environment for Security Assessment of Cyber- Physical Systems

Upload: gali

Post on 23-Feb-2016

76 views

Category:

Documents


0 download

DESCRIPTION

Integrated Modeling, Simulation and Emulation Environment for Security Assessment of Cyber-Physical Systems. Yuan Xue Vanderbilt University. Cyber-Physical Systems. CPS has extraordinary significance for the future of the U.S. industry and military superiority. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Yuan Xue Vanderbilt University

Yuan XueVanderbilt University

Integrated Modeling, Simulation and Emulation Environment for Security

Assessment of Cyber-Physical Systems

Page 2: Yuan Xue Vanderbilt University

Cyber-Physical Systems

CPS has extraordinary significance for the future of the U.S. industry and military

superiority. – A 2007 report of the President’s Council of Advisors on Science and Technology

highlights CPS as the number one priority for federal investments in networking and information technology.

Application Domains – Health-Care– Automotive Systems– Building and Process Controls– Defense and Aviation Systems– Critical Infrastructure

Cyber-physical systems (CPS) are tight integrations of communications, computational and physical processes

Page 3: Yuan Xue Vanderbilt University

3

Security Issues of CPS

Trustworthiness of cyber‐physical systems is an essential concern

Formal analysis of CPS behavior is hard

There is a pressing need to evaluate both cyber- and physical systems together and holistically using simulation and/or emulation.

Page 4: Yuan Xue Vanderbilt University

4

Need for Security Assessment Tool and Experiment Environment

Evaluation of CPS security requires a sophisticated modeling and simulation, experiment infrastructure – Realistic assessment – Early assessment– Automatic and rapidly configured experiments– Support for physical environment simulation– Support for convenient system measurement and

holistic CPS behavior analysis.

Page 5: Yuan Xue Vanderbilt University

Our Approach Integration at two levels

– Run-time: Integration of multiple tools/Environment Simulation, emulation, real testbed so that they can interact

in a coordinated way. – Modeling-time: Model integration

rapid configuration/deployment

Step I: Command and Control Wind Tunnel – Heterogeneous simulation integration

Step II, Integration of DeterLab and C2WT– Simulation and emulation integration

Page 6: Yuan Xue Vanderbilt University

C2 Wind Tunnel

Integration of multiple simulation tools– Matlab/Simulink, OMNeT++, DEVSJAVA, Delta3D, CPN, etc.

Follow HLA standard– Coordinate execution of distributed simulations via RTI

Run-Time Infrastructure (RTI)

C2 Wind Tunnel Integration Framework

Passive Federates- Data loggers- Monitors- Analysis- Prognostics- Projections

Live components-UAVs-Command & Control-Live deployment feedback

Simulation Tools- Simulink- Omnet- DEVSJAVA- OGRE- CPN Tools- Java/C/C++- etc.

Page 7: Yuan Xue Vanderbilt University

C2 Wind Tunnel Model-integrated approach

– Develop an overarching modeling environment based on GME– Integrate different platform-specific simulation models

Page 8: Yuan Xue Vanderbilt University

From Simulation to Emulation

Network components and policies are essential aspects of CPS The impact of network on CPS system need to be accurately

characterized– Think about the network attacks…

Limit of network simulator– Protocol implementation details are missing– Poor scalability

Network simulation is insufficient in providing the level of accuracy required by the evaluation of CPS.

Page 9: Yuan Xue Vanderbilt University

From Simulation to Emulation

Benefit of network emulation– Greater realism and accuracy with truthful protocol implementation and

real network traffic delivery– Providing a computing platform where prototypes of software

components can be deployed Network emulation platform

– Emulab – DETERNet

Tools available for emulate network attacks

Page 10: Yuan Xue Vanderbilt University

Architecture

Run-Time Infrastructure (RTI)

Model Integration Layer

Experiment Specification

NetworkModels

Controller Models

Organization Models

Environment Models

FusionModels

EmulationFederate

SimulinkFederate

CPNFederate

Delta3DFederate

DEVSFederate

Simulation Platform

Simulation-Emulation Tunnel

ModelRun-time

NetworkApplications

Emulation Platform

Emulab

Data communication Layer (TCP/IP)

Page 11: Yuan Xue Vanderbilt University

Design Consideration

Communication between simulated objects and real network objects

Time synchronization between simulated objects and real network objects

Page 12: Yuan Xue Vanderbilt University

Meta-Model and Models

Network Topology Model Network Application Process Deployment and

Communication Model Network Interaction Model

Page 13: Yuan Xue Vanderbilt University

Meta-Model for Network Topology

Page 14: Yuan Xue Vanderbilt University

UAV1

UAV2

Access Point

Control Station

11M bps wireless link

11M bps wireless link

10M bps

Topology Model

Bandwidth: 10MbpsDelay: 10msLoss: 0.02

Capacity: 11MbpsPropagation Model: Free spaceMAC: IEEE 802.11

Bandwidth: 2MbpsLoss: 0.2Delay: 20ms

Bandwidth: 11MbpsLoss: 0.01Delay: 20ms

Page 15: Yuan Xue Vanderbilt University

Deployment MetaModel

Page 16: Yuan Xue Vanderbilt University

Deployment Model Example

UAV1

SendImage

RecvCommand ControlStation

RecvImage

SendCommandUAV2

SendImage

RecvCommand

UDP

UDP

TCP

TCP

Page 17: Yuan Xue Vanderbilt University

Network Interaction MetaModel

Page 18: Yuan Xue Vanderbilt University

SendCommandToNetworkNodeName: TBD (ControalStation)ProcName: SendCommandTimestamp:TBDParameter: Command (String)

RecvCommandFromNetworkNodeName: TBD (UAV1)ProcName: RecvCommandTimestamp: TBDPeerNodeName: TBD (ControlStation)PeerProcPort: TBDParameter: Command (String)

SendImageToNetworkNodeName: TBD (UAV1)ProcName: SendImageTimestamp: TBDParameter: ImageURL (String):

RecvImageFromNetworkNodeName: TBD (ControlStation)ProcName: RecvImageTimestamp: TBDPeerNodeName: TBD (UAV 1)PeerProcPort:TBDParameter: PacketDelay(double)

Page 19: Yuan Xue Vanderbilt University

Topology Model

Network Interaction Model

Modeling Environment ModelInterpreter Run-Time Environment

TCL script

Configuration/Control Environment

Host Assignment

Deterlab Emulation Environment

C2WT Simulation Environment

Tap Client

EmuGatewayFederate

RTI

SimulinkFederate

Tap Client

Tap Client

Tap Server

FederatesInvolving network communication

Network File System

Network Application Code

Deployment Model

Page 20: Yuan Xue Vanderbilt University

UAV federate

ControlStationfederate

EmuGateway federate

Tap Client Tap Client

Tap Server

HostMapNodeName: HostIP

SendImage RecvImageUDP

Emulation Host for UAV1

Interaction Delivery Protocol

Emulation Host for ControlStation

RecvCommand SendCommandTCP

Taskbuffer

Taskbuffer

LocalTaskbuffer

Interaction Handler

Emulation Env

Simulation Env

Time converter

RTI

Time converter

HostMapHostMap

Page 21: Yuan Xue Vanderbilt University

21

Page 22: Yuan Xue Vanderbilt University

Our Experiment Setup

UAV Sim*• SimulinkPhysics Simulation• Delta3D

Simulated Applications

Deterlab

Network Object

Network Object

Page 23: Yuan Xue Vanderbilt University

Finally, a short demo

emulation.avi

Page 24: Yuan Xue Vanderbilt University

24

Acknowledgement

NSF TRUST NSF SDCI

C2WT team at Vanderbilt– Gabor Karsai, Janos Sztipanovits, Himanshu

Neema Collaborators from AFRL

– Timothy Busch

Page 25: Yuan Xue Vanderbilt University

Thank you

Questions?

25