If you have any problems related to the accessibility of any content (or if you want to request that a specific publication be accessible), please contact us at firstname.lastname@example.org.
Implementation of a Testbed with SDN-enabled Communication Networks to Experiment on Physical Function Virtualization that Disrupts Reconnaissance of Cyber-Physical Infrastructures
AltmetricsView Usage Statistics
Industrial control systems (ICSs) have been extensively deployed in the real world. Large ICSs, such as smart power grids, consist of the supervisory control and data acquisition (SCADA) systems and the programmable logic controllers (PLCs). PLCs and SCADA exchange control signals and measurement data through a communication network. As an ICS scales, the geographical span of the communication network increases dramatically such that it is impossible to deploy a closed local area network (LAN) to support the communication network, and the communication network has to be connected to the Internet. However, such connection introduces vulnerabilities to ICS because of the exposure of the network to sophisticated adversaries, who may be capable of causing severe physical damage to ICS after extensive reconnaissance. One intuitive defense idea is to disrupt the reconnaissance or to increase the cost of such reconnaissance.To achieve this, we propose physical function virtualization (PFV), in which we introduce a certain amount of lightweight virtual nodes. The virtual nodes are designed to follow the actual implementation of network stacks, system invariants, and physical state variations: they work just like real nodes from adversaries’ perspective.In order to measure the effectiveness of the proposed defense mechanism, we implemented PFV in a testbed based on software-defined networking (SDN). We implemented ONOS network operating system, and use this testbed to measure the performance of the proposed defense mechanism. The experimental results show that PFV can accurately follow the behavior of real nodes with negligible overhead. The author of this thesis has contributed in the building of the testbed from scratch, the operation of the experiments and the analysis of experimental data. In the present thesis, I will elaborate the implementation of the testbed as well as related experiments.