A product machine model for anomaly detection of interposition attacks on cyber-physical systems

IFIP International Federation for Information Processing

Volumn 278, Issue , 2008, Pages 285-299

  Bellettini, Carlo ^a   Rrushi, Julian L ^a  

^a UNIVERSITY OF MILAN   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

ANOMALY DETECTION; CONTROL SYSTEMS; CYBER PHYSICAL SYSTEM; EMBEDDED SYSTEMS; INTRUSION DETECTION;

ANOMALY INTRUSION DETECTION; ELECTRICAL SUBSTATIONS; EXPERIMENTAL EVALUATION; INTERPROCESS COMMUNICATION; LIBRARY FUNCTIONS; REPRESENTATION OF FUNCTIONS; STATE-OF-THE-ART APPROACH; STRONG REGULARITIES;

ELECTRIC POWER SYSTEM CONTROL;

EID: 48249143566     PISSN: 15715736     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-09699-5_19     Document Type: Conference Paper

References (21)

1. Albanowski K, Dionne DJ Embedded Linux/Microcontroller Project. http://www.uclinux.org/pub/uClinux/ports/arm7tdmi/ Cited 14 Jan 2008
2. ARM Limited, ARM Technical Reference Manuals. http://www.arm.com/ documentation/ARMProcessor_Cores/Cited 14 Jan 2008
3. Bellettini C, Rrushi JL (2007) Vulnerability Analysis of SCADA Protocol Binaries through Detection of Memory Access Taintedness. In: Proceedings of the 8th IEEE SMC Information Assurance Workshop, United States Military Academy,West Point, New York, USA, pp. 341-348
4. Chen Sh, Xu J, Nakka N, Kalbarczyk Z, Iyer RK (2005) Defeating Memory Corruption Attacks via Pointer Taintedness Detection. In: Proceedings of IEEE International Conference on Dependable Systems and Networks, Japan
5. Diekert V, Mètivier Y (1997) Partial commutation and traces, Handbook on Formal Languages, 3rd volume, Springer: 457-533
6. Feng H, Kolesnikov O.M., Fogla P., Lee W, Gong W (2003) Anomaly Detection Using Call Stack Information. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, California, USA
7. Gao D, Reiter MK, Song D (2004) Gray-box extraction of execution graphs for anomaly detection. In: ACM CCS
8. iDefense (2007) Livedata protocol server heap overflow vulnerability. http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=523 Cited 14 Jan 2008
9. Jedrzejowicz J (1999) Structural properties of shuffle automata. In: Grammars 2, number 1, 1999.
10. Kruegel C, Kirda E, Mutz D, RobertsonW, Vigna G (2005) Automating mimicry attacks using static binary analysis. In: Proceedings of 14th Usenix Security Symposium, Baltimore, USA
11. Lucas PJ, Riccardi F Concurrent Hierarchical State Machine. http://chsm.sourceforge.org Cited 14 Jan 2008
12. Modbus Organization (2004) MODBUS Application Protocol Specification V 1.1a. http://www.modbus.org/docs/Modbus_Application_protocol_V1_1a.pdf Cited 14 Jan 2008
13. Mora L (2007) OPC server security considerations. In: Proceedings of SCADA Security Scientific Symposium, Miami, Florida, USA
14. Miller BP, Christodorescu M, Iverson R, Kosar T, Mirgordskii A, Popovici F (2001) Playing inside the black box: Using dynamic instrumentation to create security holes. In: Parallel Processing Letters
15. Parampalli C, Sekar R, Johnson R (2007) A Practical Mimicry Attack Against Powerful System-Call Monitors. Technical Report SECLAB07-01, Secure Systems Laboratory, Stony Brook University, USA
16. Peacock C uClinux - BFLT Binary Flat Format. http://www.beyondlogic.org/ uClinux/bflt.htm Cited 14 Jan 2008
17. Rrushi JL, Rosti E (2005) Function Call Tracing Attacks to Kerberos 5. A presentation of Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Vienna, Austria
18. Stamp J, Dillinger J, Young W, DePoy J (2003) Common Vulnerabilities in Critical Infrastructure Control Systems. A Technical Report of Sandia National Laboratories, Albuquerque, NM
19. US-CERT (2006) LiveData ICCP Server heap buffer overflow vulnerability. Vulnerability note VU#190617
20. US-CERT (2007) Takebishi Electric DeviceXPlorer OPC Server fails to properly validate OPC server handles. Vulnerability note VU#926551
21. Walter C FreeMODBUS library". http://www.freemodbus.org/ Cited 14 Jan 2008