Because of the scale and heterogeneity of many cyber-physical systems (CPS), applying defense-in-depth strategies is extremely challenging. Defense in depth aims to build multiple somewhat redundant security layers for critical assets. It requires an organization to have a comprehensive and accuracy knowledge of its assets, their individual properties, and how they interact.
However, in reality this basic requirement is hard to achieve, in particular for massive-scale industrial control systems (ICS) and legacy CPS systems (e.g., weapon systems). In this talk, I will use examples to illustrate the technical challenges and realistic security goals associated with defending complex CPS systems.
There are promising directions for researchers to contribute towards achieving defense in depth in CPS, e.g., quantitative and precise asset inventory, patch management, risk management in legacy systems, and benchmarking. Prioritizing these tasks with deployment constraints in mind is the key.
Dr. Danfeng (Daphne) Yao is a Professor of Computer Science at Virginia Tech. She is an Elizabeth and James E. Turner Jr. ’56 Faculty Fellow and CACI Faculty Fellow. Her research interests are on building deployable and proactive cyber defenses, focusing on detection accuracy and scalability.
She creates new models, algorithms, techniques, and deployment-quality tools for securing large-scale software and systems. Her tool CryptoGuard helps large software companies and Apache projects harden their cryptographic code. She systematized program anomaly detection in the book Anomaly Detection as a Service. She has multiple US patents for her inventions on network causal analysis for forensics.
Her enterprise data-loss prevention papers are among top downloaded articles in IEEE SPS and Wiley WIREs. Dr. Yao received the NSF CAREER Award for her work on human-behavior driven malware detection and ARO Young Investigator Award for her semantic reasoning for mission-oriented security work. Dr. Yao is the ACM SIGSAC Treasurer/Secretary and is a member of the ACM SIGSAC executive committee since 2017. Daphne received her Ph.D. degree from Brown University, M.S. degrees from Princeton University and Indiana University, Bloomington, B.S. degree from Peking University in China.
|Wednesday, 01 July 2020|
|14:45 - 15:00||Opening remarks (Room: Virtual)|
|S1 Security in Cyber-Physical Systems (Room: Virtual)|
|15:00 - 15:20||
Secure End-to-End Sensing in Supply Chains
Jan Pennekamp, Roman Matzutt, Klaus Wehrle (RWTH Aachen University, Germany);
|15:20 - 15:40||
Modelling Adversarial Flow in Software-Defined Industrial Control Networks Using Queueing Network model
Livinus O. Nweke(NTNU, Norway), Stephen Wolthusen (University of London, UK).
|15:40 - 16:00||
On the Feasibility of Exploiting Traffic Collision Avoidance System Vulnerabilities
Paul Berges, Timothy Graziano, Ryan M. Gerdes (Virginia Tech, United States); Basavesh Ammanaghatta Shivakumar, Z. Berkay Celik (Purdue University, United States).
|Keynote talk (Room: Virtual)|
|16:10 - 17:10||
Defense in Depth for CPS Security: What Does It Take and How Can Researchers Help?
Speaker: Danfeng Yao - Professor of Computer Science at Virginia Tech University
|S2 Security in Military Applications (Room: Virtual)|
|17:20 - 17:40||
Autonomous Space Resupply Vehicle Systems Security Design Principle Case Study
Logan Mailloux, Robert F. Mills (AFIT, United States).
|17:40 - 18:00||
A Security Reference Model for Autonomous Vehicles in Military Operations
Federico Mancini, Solveig Bruvoll (FFI, Norway);
|18:00 - 18:10||Closing remarks (Room: Virtual)|