Dimitrios Serpanos - Academia.edu (original) (raw)

Papers by Dimitrios Serpanos

Research paper thumbnail of Sound and Complete Runtime Security Monitor for Application Software

ArXiv, 2016

Conventional approaches for ensuring the security of application software at run-time, through mo... more Conventional approaches for ensuring the security of application software at run-time, through monitoring, either produce (high rates of) false alarms (e.g. intrusion detection systems) or limit application performance (e.g. run-time verification). We present a runtime security monitor that detects both known and unknown cyber attacks by checking that the run-time behavior of the application is consistent with the expected behavior modeled in application specification. This is crucial because, even if the implementation is consistent with its specification, the application may still be vulnerable due to flaws in the supporting infrastructure (e.g. the language runtime system, libraries and operating system). This runtime security monitor is sound and complete, eliminating false alarms, as well as efficient, so that it does not limit runtime application performance and so that it supports real-time systems. The security monitor takes as input the application specification and the app...

Research paper thumbnail of CoppEnd - A Security System for Power Equipment

Research paper thumbnail of Scanning The Issue

Proceedings of the IEEE, 2018

The paper "Parameter-Invariant Monitor Design for Cyber-Physical Systems" by Weimer et al. descri... more The paper "Parameter-Invariant Monitor Design for Cyber-Physical Systems" by Weimer et al. describes techniques for online monitoring of CPSs that are robust in the face of sparse data and system variability. They motivate their work using the medical domain. The paper "SURE: A Modeling and Simulation Integration Platform for Evaluation of SecUre and REsilient Cyber-Physical Systems" by Koutsoukos et al. describes a modeling and simulation environment that can be used to evaluate attackerdefender behavior. The authors apply their techniques to smart transportation systems. The paper "A Framework for Attack-Resilient Industrial Control Systems: Attack Detection and Controller Reconfig uration" by Paridari et al. describes an industrial control systems policy that uses estimations to provide resiliency against attacks. The paper "ARMET: Behavior-Based Secure and Resilient Industrial Control Systems" by Khan et al. describes a reliable/secure by design methodology for industrial control systems and complementary online monitoring approach. The paper "Improving the Safety and Security of Wide-Area Cyber-Physical Systems Through a Resource-Aware, Service-Oriented Development Methodology" by Tariq et al. describes a service-oriented architecture for CPSs that preserves the quality-ofservice (QoS) requirements of realtime control. The authors illustrate their work on smart grid examples.

Research paper thumbnail of False Data Injection Attacks

Safe and Secure Cyber-Physical Systems and Internet-of-Things Systems

False data injection (FDI) attacks are malicious insertions of false data as sensor measurements ... more False data injection (FDI) attacks are malicious insertions of false data as sensor measurements in a cyber-physical system, in order to lead the system to take a wrong action. False data injection attacks do not attack the computational or network components of cyber-physical systems but the interface between the physical and the cyber part. Such attacks are powerful and can have catastrophic results. Defense against them can be achieved by limiting the attack surface through vulnerability analysis of the cyber-physical system design and by monitoring system operation in the field with monitors that observe system parameters and sensor measurements and detect abnormal operation early. In this chapter, we describe promising techniques for vulnerability analysis and dynamic monitoring, based on efficient SMT solvers and Kalman filter techniques, respectively.

Research paper thumbnail of Reshaping the Intelligent Transportation Scene: Challenges of an Operational and Safe Internet of Vehicles

Research paper thumbnail of Complex Engineering Systems as an enabler for security in Internet of Vehicles: The nIoVe approach

2019 First International Conference on Societal Automation (SA), 2019

Today's vehicles are increasingly "connected"; there is wireless data exchange with servers, infr... more Today's vehicles are increasingly "connected"; there is wireless data exchange with servers, infrastructure and other vehicles. Tomorrow's vehicles will be automated and autonomous, capable of sensing their environment and navigating through cities without human interference. Therefore, connected and autonomous vehicles come with the cost of a new set of threats pertaining to higher risks of cyberattacks. A cyber-attack in a Connected Vehicle (CV) can yield high recall costs, loss of property and even jeopardise human safety. Therefore, the need for cyber protection of CVs is becoming paramount. nIoVe introduces a holistic and multilayered cybersecurity solution for the Internet-of-Vehicles (IoV) by addressing secure-by-design aspects of CVs, along with cyber protection, threat response and attack recovery at vehicle, infrastructure and service/application layer of the whole IoV ecosystem at complex use cases.

Research paper thumbnail of Secure Memory for Embedded Tamper-proof Systems

2019 14th International Conference on Design & Technology of Integrated Systems In Nanoscale Era (DTIS), 2019

Data leakage and disclosure to attackers is a significant problem in embedded systems, considerin... more Data leakage and disclosure to attackers is a significant problem in embedded systems, considering the ability of attackers to get physical access to the systems. We present methods to protect memory data leakage in tamper-proof embedded systems. We present methods that exploit memory supply voltage manipulation to change the memory contents, leading to an operational and reusable memory or to destroy memory cell circuitry. For the case of memory data change, we present scenaria for data change to a known state and to a random state. The data change scenaria are effective against attackers who cannot detect the existence of the protection circuitry; furthermore, original data can be calculated in the case of data change to a known state, if the attacker identifies the protection circuitry and its operation. The methods that change memory contents to a random state or destroy memory cell circuitry lead to irreversible loss of the original data. However, since the known state can be used to calculate the original data.

Research paper thumbnail of Run-Time Security Assurance of Cyber Physical System Applications

Embedded, Cyber-Physical, and IoT Systems, 2019

We introduce a design methodology to assure run-time security of cyber physical system (CPS) appl... more We introduce a design methodology to assure run-time security of cyber physical system (CPS) applications. The methodology has two independent, but complementary, components that employ novel approaches to design run-time monitors that detect both computational and false data cyber-attacks to assure security of CPS at run-time. Based on the executable specification of a CPS application, the first component protects CPS computations through comparison of the application execution and the application-specification execution in real-time. The second component assures safety and integrity of CPS data through vulnerability analysis of the application specification for false data injection attacks based on non-linear verification techniques. We demonstrate our approach through its application to a typical CPS example application; we demonstrate that run-time monitors employing verification techniques are effective, efficient, and readily applicable to demanding real-time critical systems.

Research paper thumbnail of On the Formal Semantics of the Cognitive

The purpose of this work is two fold: on one hand we want to formalize the behavior of critical c... more The purpose of this work is two fold: on one hand we want to formalize the behavior of critical components of the self generating and adapting cognitive middleware AWDRAT such that the formalism not only helps to understand the semantics and technical details of the middleware but also opens an opportunity to extend the middleware to support other complex application domains of cybersecurity; on the other hand, the formalism serves as a pre-requisite for our proof of the behavioral correctness of the critical components to ensure the safety of the middleware itself. However, here we focus only on the core and critical component of the middleware, i.e. Execution Monitor which is a part of the module “Architectural Differencer” of AWDRAT. The role of the execution monitor is to identify inconsistencies between runtime observations of the target system and predictions of the System Architectural Model. Therefore, to achieve this goal, we first define the formal (denotational) semantics...

Research paper thumbnail of Proceedings - 2009 International Conference on Embedded Software and Systems, ICESS 2009: Preface

Research paper thumbnail of Welcome message from the general co-chairs: WESS 2009

Research paper thumbnail of Event-Driven System Analysis

Event-driven models provide a rich basis for the analysis of IoT systems. This chapter introduces... more Event-driven models provide a rich basis for the analysis of IoT systems. This chapter introduces event-driven analysis methods that allow us to characterize key design parameters for IoT systems. After surveying related work, the chapter describes an example that motivates our work. A model of IoT networks includes communication links and hubs and a timewheel to model the temporal relationships between events. Event analysis allows us to derive characteristics of the network’s event population over time.

Research paper thumbnail of Security and Safety

Safety is a critical requirement for IoT systems and services in numerous application domains, su... more Safety is a critical requirement for IoT systems and services in numerous application domains, such as health, transportation, energy, and manufacturing. Security is a prerequisite of safety, because its violation leads to unsafe systems. In this chapter, we review security technologies and challenges for IoT systems, from the device level to the application and process level.

Research paper thumbnail of Security Testing and Run-Time Monitoring

Testing and monitoring constitute two required technologies for robust cyber-physical and IoT sys... more Testing and monitoring constitute two required technologies for robust cyber-physical and IoT systems. Testing is fundamental to the system design process as well as to its certification for meeting specified security and safety requirements. Despite availability of a tested and certified system, its operation in the field requires continuous monitoring, considering potential unanticipated or unknown attacks and failures. In this chapter, we address testing for security and especially fuzzing, for cyber-physical and IoT systems as well as run-time monitoring for safety and security. We describe an example fuzzer for the Modbus industrial protocol and an example run-time monitor for industrial applications.

Research paper thumbnail of The 12 Flavors of Cyberphysical Systems

Research paper thumbnail of Safe and Secure Cyber-Physical Systems and Internet-of-Things Systems

Research paper thumbnail of Secure and Safe IIoT Systems via Machine and Deep Learning Approaches

Security and Quality in Cyber-Physical Systems Engineering, 2019

This chapter reviews security and engineering system safety challenges for Internet of Things (Io... more This chapter reviews security and engineering system safety challenges for Internet of Things (IoT) applications in industrial environments. On the one hand, security concerns arise from the expanding attack surface of long-running technical systems due to the increasing connectivity on all levels of the industrial automation pyramid. On the other hand, safety concerns magnify the consequences of traditional security attacks. Based on the thorough analysis of potential security and safety issues of IoT systems, the chapter surveys machine learning and deep learning (ML/DL) methods that can be applied to counter the security and safety threats that emerge in this context. In particular, the chapter explores how ML/DL methods can be leveraged in the engineering phase for designing more secure and safe IoT-enabled long-running technical systems. However, the peculiarities of IoT environments (e.g., resource-constrained devices with limited memory, energy, and computational capabilities) still represent a barrier to the adoption of these methods. Thus, this chapter also discusses the limitations of ML/DL methods for IoT security and how they might be overcome in future work by pursuing the suggested research directions.

Research paper thumbnail of A combined cyber and physical attack resilience scheme for Health Services Critical Infrastructure

MATEC Web of Conferences, 2018

This work focuses on proposing the basic components of a resilience scheme that can be used for t... more This work focuses on proposing the basic components of a resilience scheme that can be used for the protection of Health Services Critical Infrastructure (HSCI) and the protection of its key assets based on combined protection against cyber and physical attacks.

Research paper thumbnail of Systems Science of Secure and Resilient Cyberphysical Systems

Computer, 2020

ccording to one of the widely accepted definitions, cyberphysical systems (CPSs) are engineered s... more ccording to one of the widely accepted definitions, cyberphysical systems (CPSs) are engineered systems where functionality emerges from the networked interaction of computational and physical processes. The tight integration creates novel systems with revolutionary impacts. This is evident in autonomous vehicles, military platforms, intelligent buildings, smart energy systems, robots, and smart medical devices. Emerging industrial platforms such as the Internet of Things (IoT) are triggering a gold rush toward new markets and creating societal-scale systems that, in addition to the synergy of computational and physical components, interact closely with humans (H-CPSs). A profound revolution driven by technology and market forces is turning whole industrial sectors into producers of CPSs. This innovation is not about adding computing and communication equipment to conventional products where both sides maintain separate identities. It is about merging computing and networking with physical systems to create new capabilities and product qualities. Whether we recognize it or not, we are at the center of this overwhelming change. Complex H-CPSs abound in modern society, and it is not surprising that they are a target for attacks. High-profile attacks have been reported in a broad range of systems. For example, researchers have demonstrated the ability to compromise modern automobiles with cyberattacks that can lead to catastrophic physical consequences. 1 Even

Research paper thumbnail of Nonlinear optimal control for ship propulsion with the use of an induction motor and a drivetrain

MATEC Web of Conferences, 2018

A nonlinear optimal (H-infinity) control method is proposed for an electric ship's propulsion sys... more A nonlinear optimal (H-infinity) control method is proposed for an electric ship's propulsion system that consists of an induction motor, a drivetrain and a propeller. The control method relies on approximate linearization of the propulsion system's dynamic model using Taylor-series expansion and on the computation of the state-space description's Jacobian matrices. The linearization takes place around a temporary equilibrium which is recomputed at each time-step of the control method. For the approximately linearized model of the ship's propulsion system, an H-infinity (optimal) feedback controller is developed. For the computation of the controller's gains an algebraic Riccati equation is solved at each iteration of the control algorithm.The stability properties of the control method are proven through Lyapunov analysis,

Research paper thumbnail of Sound and Complete Runtime Security Monitor for Application Software

ArXiv, 2016

Conventional approaches for ensuring the security of application software at run-time, through mo... more Conventional approaches for ensuring the security of application software at run-time, through monitoring, either produce (high rates of) false alarms (e.g. intrusion detection systems) or limit application performance (e.g. run-time verification). We present a runtime security monitor that detects both known and unknown cyber attacks by checking that the run-time behavior of the application is consistent with the expected behavior modeled in application specification. This is crucial because, even if the implementation is consistent with its specification, the application may still be vulnerable due to flaws in the supporting infrastructure (e.g. the language runtime system, libraries and operating system). This runtime security monitor is sound and complete, eliminating false alarms, as well as efficient, so that it does not limit runtime application performance and so that it supports real-time systems. The security monitor takes as input the application specification and the app...

Research paper thumbnail of CoppEnd - A Security System for Power Equipment

Research paper thumbnail of Scanning The Issue

Proceedings of the IEEE, 2018

The paper "Parameter-Invariant Monitor Design for Cyber-Physical Systems" by Weimer et al. descri... more The paper "Parameter-Invariant Monitor Design for Cyber-Physical Systems" by Weimer et al. describes techniques for online monitoring of CPSs that are robust in the face of sparse data and system variability. They motivate their work using the medical domain. The paper "SURE: A Modeling and Simulation Integration Platform for Evaluation of SecUre and REsilient Cyber-Physical Systems" by Koutsoukos et al. describes a modeling and simulation environment that can be used to evaluate attackerdefender behavior. The authors apply their techniques to smart transportation systems. The paper "A Framework for Attack-Resilient Industrial Control Systems: Attack Detection and Controller Reconfig uration" by Paridari et al. describes an industrial control systems policy that uses estimations to provide resiliency against attacks. The paper "ARMET: Behavior-Based Secure and Resilient Industrial Control Systems" by Khan et al. describes a reliable/secure by design methodology for industrial control systems and complementary online monitoring approach. The paper "Improving the Safety and Security of Wide-Area Cyber-Physical Systems Through a Resource-Aware, Service-Oriented Development Methodology" by Tariq et al. describes a service-oriented architecture for CPSs that preserves the quality-ofservice (QoS) requirements of realtime control. The authors illustrate their work on smart grid examples.

Research paper thumbnail of False Data Injection Attacks

Safe and Secure Cyber-Physical Systems and Internet-of-Things Systems

False data injection (FDI) attacks are malicious insertions of false data as sensor measurements ... more False data injection (FDI) attacks are malicious insertions of false data as sensor measurements in a cyber-physical system, in order to lead the system to take a wrong action. False data injection attacks do not attack the computational or network components of cyber-physical systems but the interface between the physical and the cyber part. Such attacks are powerful and can have catastrophic results. Defense against them can be achieved by limiting the attack surface through vulnerability analysis of the cyber-physical system design and by monitoring system operation in the field with monitors that observe system parameters and sensor measurements and detect abnormal operation early. In this chapter, we describe promising techniques for vulnerability analysis and dynamic monitoring, based on efficient SMT solvers and Kalman filter techniques, respectively.

Research paper thumbnail of Reshaping the Intelligent Transportation Scene: Challenges of an Operational and Safe Internet of Vehicles

Research paper thumbnail of Complex Engineering Systems as an enabler for security in Internet of Vehicles: The nIoVe approach

2019 First International Conference on Societal Automation (SA), 2019

Today's vehicles are increasingly "connected"; there is wireless data exchange with servers, infr... more Today's vehicles are increasingly "connected"; there is wireless data exchange with servers, infrastructure and other vehicles. Tomorrow's vehicles will be automated and autonomous, capable of sensing their environment and navigating through cities without human interference. Therefore, connected and autonomous vehicles come with the cost of a new set of threats pertaining to higher risks of cyberattacks. A cyber-attack in a Connected Vehicle (CV) can yield high recall costs, loss of property and even jeopardise human safety. Therefore, the need for cyber protection of CVs is becoming paramount. nIoVe introduces a holistic and multilayered cybersecurity solution for the Internet-of-Vehicles (IoV) by addressing secure-by-design aspects of CVs, along with cyber protection, threat response and attack recovery at vehicle, infrastructure and service/application layer of the whole IoV ecosystem at complex use cases.

Research paper thumbnail of Secure Memory for Embedded Tamper-proof Systems

2019 14th International Conference on Design & Technology of Integrated Systems In Nanoscale Era (DTIS), 2019

Data leakage and disclosure to attackers is a significant problem in embedded systems, considerin... more Data leakage and disclosure to attackers is a significant problem in embedded systems, considering the ability of attackers to get physical access to the systems. We present methods to protect memory data leakage in tamper-proof embedded systems. We present methods that exploit memory supply voltage manipulation to change the memory contents, leading to an operational and reusable memory or to destroy memory cell circuitry. For the case of memory data change, we present scenaria for data change to a known state and to a random state. The data change scenaria are effective against attackers who cannot detect the existence of the protection circuitry; furthermore, original data can be calculated in the case of data change to a known state, if the attacker identifies the protection circuitry and its operation. The methods that change memory contents to a random state or destroy memory cell circuitry lead to irreversible loss of the original data. However, since the known state can be used to calculate the original data.

Research paper thumbnail of Run-Time Security Assurance of Cyber Physical System Applications

Embedded, Cyber-Physical, and IoT Systems, 2019

We introduce a design methodology to assure run-time security of cyber physical system (CPS) appl... more We introduce a design methodology to assure run-time security of cyber physical system (CPS) applications. The methodology has two independent, but complementary, components that employ novel approaches to design run-time monitors that detect both computational and false data cyber-attacks to assure security of CPS at run-time. Based on the executable specification of a CPS application, the first component protects CPS computations through comparison of the application execution and the application-specification execution in real-time. The second component assures safety and integrity of CPS data through vulnerability analysis of the application specification for false data injection attacks based on non-linear verification techniques. We demonstrate our approach through its application to a typical CPS example application; we demonstrate that run-time monitors employing verification techniques are effective, efficient, and readily applicable to demanding real-time critical systems.

Research paper thumbnail of On the Formal Semantics of the Cognitive

The purpose of this work is two fold: on one hand we want to formalize the behavior of critical c... more The purpose of this work is two fold: on one hand we want to formalize the behavior of critical components of the self generating and adapting cognitive middleware AWDRAT such that the formalism not only helps to understand the semantics and technical details of the middleware but also opens an opportunity to extend the middleware to support other complex application domains of cybersecurity; on the other hand, the formalism serves as a pre-requisite for our proof of the behavioral correctness of the critical components to ensure the safety of the middleware itself. However, here we focus only on the core and critical component of the middleware, i.e. Execution Monitor which is a part of the module “Architectural Differencer” of AWDRAT. The role of the execution monitor is to identify inconsistencies between runtime observations of the target system and predictions of the System Architectural Model. Therefore, to achieve this goal, we first define the formal (denotational) semantics...

Research paper thumbnail of Proceedings - 2009 International Conference on Embedded Software and Systems, ICESS 2009: Preface

Research paper thumbnail of Welcome message from the general co-chairs: WESS 2009

Research paper thumbnail of Event-Driven System Analysis

Event-driven models provide a rich basis for the analysis of IoT systems. This chapter introduces... more Event-driven models provide a rich basis for the analysis of IoT systems. This chapter introduces event-driven analysis methods that allow us to characterize key design parameters for IoT systems. After surveying related work, the chapter describes an example that motivates our work. A model of IoT networks includes communication links and hubs and a timewheel to model the temporal relationships between events. Event analysis allows us to derive characteristics of the network’s event population over time.

Research paper thumbnail of Security and Safety

Safety is a critical requirement for IoT systems and services in numerous application domains, su... more Safety is a critical requirement for IoT systems and services in numerous application domains, such as health, transportation, energy, and manufacturing. Security is a prerequisite of safety, because its violation leads to unsafe systems. In this chapter, we review security technologies and challenges for IoT systems, from the device level to the application and process level.

Research paper thumbnail of Security Testing and Run-Time Monitoring

Testing and monitoring constitute two required technologies for robust cyber-physical and IoT sys... more Testing and monitoring constitute two required technologies for robust cyber-physical and IoT systems. Testing is fundamental to the system design process as well as to its certification for meeting specified security and safety requirements. Despite availability of a tested and certified system, its operation in the field requires continuous monitoring, considering potential unanticipated or unknown attacks and failures. In this chapter, we address testing for security and especially fuzzing, for cyber-physical and IoT systems as well as run-time monitoring for safety and security. We describe an example fuzzer for the Modbus industrial protocol and an example run-time monitor for industrial applications.

Research paper thumbnail of The 12 Flavors of Cyberphysical Systems

Research paper thumbnail of Safe and Secure Cyber-Physical Systems and Internet-of-Things Systems

Research paper thumbnail of Secure and Safe IIoT Systems via Machine and Deep Learning Approaches

Security and Quality in Cyber-Physical Systems Engineering, 2019

This chapter reviews security and engineering system safety challenges for Internet of Things (Io... more This chapter reviews security and engineering system safety challenges for Internet of Things (IoT) applications in industrial environments. On the one hand, security concerns arise from the expanding attack surface of long-running technical systems due to the increasing connectivity on all levels of the industrial automation pyramid. On the other hand, safety concerns magnify the consequences of traditional security attacks. Based on the thorough analysis of potential security and safety issues of IoT systems, the chapter surveys machine learning and deep learning (ML/DL) methods that can be applied to counter the security and safety threats that emerge in this context. In particular, the chapter explores how ML/DL methods can be leveraged in the engineering phase for designing more secure and safe IoT-enabled long-running technical systems. However, the peculiarities of IoT environments (e.g., resource-constrained devices with limited memory, energy, and computational capabilities) still represent a barrier to the adoption of these methods. Thus, this chapter also discusses the limitations of ML/DL methods for IoT security and how they might be overcome in future work by pursuing the suggested research directions.

Research paper thumbnail of A combined cyber and physical attack resilience scheme for Health Services Critical Infrastructure

MATEC Web of Conferences, 2018

This work focuses on proposing the basic components of a resilience scheme that can be used for t... more This work focuses on proposing the basic components of a resilience scheme that can be used for the protection of Health Services Critical Infrastructure (HSCI) and the protection of its key assets based on combined protection against cyber and physical attacks.

Research paper thumbnail of Systems Science of Secure and Resilient Cyberphysical Systems

Computer, 2020

ccording to one of the widely accepted definitions, cyberphysical systems (CPSs) are engineered s... more ccording to one of the widely accepted definitions, cyberphysical systems (CPSs) are engineered systems where functionality emerges from the networked interaction of computational and physical processes. The tight integration creates novel systems with revolutionary impacts. This is evident in autonomous vehicles, military platforms, intelligent buildings, smart energy systems, robots, and smart medical devices. Emerging industrial platforms such as the Internet of Things (IoT) are triggering a gold rush toward new markets and creating societal-scale systems that, in addition to the synergy of computational and physical components, interact closely with humans (H-CPSs). A profound revolution driven by technology and market forces is turning whole industrial sectors into producers of CPSs. This innovation is not about adding computing and communication equipment to conventional products where both sides maintain separate identities. It is about merging computing and networking with physical systems to create new capabilities and product qualities. Whether we recognize it or not, we are at the center of this overwhelming change. Complex H-CPSs abound in modern society, and it is not surprising that they are a target for attacks. High-profile attacks have been reported in a broad range of systems. For example, researchers have demonstrated the ability to compromise modern automobiles with cyberattacks that can lead to catastrophic physical consequences. 1 Even

Research paper thumbnail of Nonlinear optimal control for ship propulsion with the use of an induction motor and a drivetrain

MATEC Web of Conferences, 2018

A nonlinear optimal (H-infinity) control method is proposed for an electric ship's propulsion sys... more A nonlinear optimal (H-infinity) control method is proposed for an electric ship's propulsion system that consists of an induction motor, a drivetrain and a propeller. The control method relies on approximate linearization of the propulsion system's dynamic model using Taylor-series expansion and on the computation of the state-space description's Jacobian matrices. The linearization takes place around a temporary equilibrium which is recomputed at each time-step of the control method. For the approximately linearized model of the ship's propulsion system, an H-infinity (optimal) feedback controller is developed. For the computation of the controller's gains an algebraic Riccati equation is solved at each iteration of the control algorithm.The stability properties of the control method are proven through Lyapunov analysis,