1. Resilient Smart City Services
Salim Hariri, Director
NSF Center for Cloud and Autonomic Computing
The University of Arizona
nsfcac.arizona.edu
email: hariri@ece.arizona.edu
(520) 977-7954
2. Presentation Outline
UA NSF Center for Cloud and Autonomic Computing –
Introduction, and what we do?
Enabling Technologies for Smart City Services
Cybersecurity Motivation and Challenges
UA Autonomic Autonomic Cyber Security (ACS)
Methodology
– Methodology to Develop Resilient Smart City Services
Conclusions
3. What is an IUCRC?
• A Partnership: A mechanism to enable industrially-relevant, pre-competitive
research via a sustained partnership among industry, universities, and
government.
• Centers bring together
(1) IUCRC Sites (Academic Institutions)
• Faculty and students from different academic institutions
(2) IUCRC Industry Members
• Companies, State/Federal/Local government, and non-profits
• Focus
– Perform cutting-edge pre-competitive fundamental research in science,
engineering, technology area(s) of interest to industry and that can drive
innovation and the U.S. economy.
– Members guide the direction of Center research through active
involvement and mentoring.
3
5. NSF Funded Centers – A key investment
STC: Science and Technology Centers
MRSEC: Materials Research Science and Engineering Centers
CCI: Centers for Chemical Innovation
ERC: Engineering Research Centers
IUCRC: Industry/University Cooperative Research Centers
STC MRSEC
CCI
ERC IUCRC
Basic
Research
Applied
Use-inspired
19731987
1994, ‘98
1985
6. Advanced Electronics and Photonics (7 centers)
Advanced Manufacturing 6
Advanced Materials 11
Biotechnology 6
Civil Infrastructure Systems 1
Energy and Environment 12
Health and Safety 6
IT, Communication, and Computing 24 (CAC)
System Design and Simulation 3
75+ IUCRC Centers
225 University sites, 876 Industry members
Broad Research Themes
*Data from 2015
7. • Autonomic Cyber Security (ACS)
• Tactical Cyber Immune System (TCIS)
• Autonomic Monitoring, Analysis and Protection (AMAP)
• Anomaly based Detection of Attacks on Wireless Ad Hoc Networks
• Resilient Cyber Services
• Hacker Web: Securing Cyber Space: Understanding the Cyber Attackers
and Attacks via Social Media Analytics
• IoT Security Framework
• Big Data Analytics
• Intelligent Cyber Security Assistant
• Heart Modeling, Analysis, Diagnosis and Prediction
• Digital Patient Assistant (DPA)
• High Performance Distributed Computing and Applications
• Just-In-Time Architecture (JITA) for Composable High Performance Data
Centers
• Heart Cyber Expert System (HeartCyPert)
• Well Data Analytics and Protection (WDAP)
• Hurricane Continuous Modeling and Simulation Environment
On Going UA CAC Projects
8. The Need for Resilience Technology:
Motivation -
Emerging Technologies/Services:
Problems and Opportunities
8
10. Starting from the Internet
Internet appears to connect people every where,
Internet of People (IoP)
11. What is the Internet of Things?
If we put every things on the internet, and get them connected, we end up with
what we call “the Internet of Things” (IoT) or Internet of Everything (IoE)
13. The Rising Problem/Opportunity - 1
• Smart devices are proliferating with
the promise to make human lives
better. Everything from smart
wearables, phones, watches to
shoes, glasses and many other
accessories.
• The machines are monitoring almost
every aspect of our lives. Problems
arise because these technologies use
proprietary underlying infrastructure
that enforces brand controls.
• Security in all these devices are after
thought, never was one a primary
design issue
14. 14
Sink
node
Gateway
Core network
e.g. InternetGateway
End-user
Computer services
- The networks typically run Low Power Devices
- Consist of one or more sensors, could be different type of sensors (or actuators)
-They cannot run sophisticated security tools and algorithms
The Rising Problem/Opportunity - 2
15. The Rising Problem/Opportunity –
Smart Cities
Smart
Technology
Smart
Government
Smart
Healthcare
Smart
Grid
Smart
Building
Smart
Homes
Smart
Auto Services
Smart
Critical Infrastructure
Command/Control
Center
Data
Command
22. 22
Detection techniques
Signature-based (Misuse):
Models the attacks
– Pros:
Fast, easy to implement.
– Cons:
Cannot detect new or modified attacks,
Manual Update
Anomaly-based
Models the normal behavior
– Pros:
Detects any attack, scalable
– Cons:
High false positive
Signature
Matching
Engine
Attack Signature
Data Base
Manual
Update
Signature Based
Known
Attack
UnKnown
Attack
Detected
UnDetected
Anomaly
Detection
Engine
Normal Model
Anomaly Based
Known
Attack
UnKnown
Attack
Detected
Automatic
Learning
Detected
23. Intrusion Detection System
(Challenge)
23
Each protocol has its own
specification which is defined in its
RFC document as:
• Protocol message format (Syntax)
• Communication Rules (Semantic)
Source: www.tcpipguide.com
Solution: Apply multiple customized Micro
Intrusion Detection engines for each
protocol and aggregate the results for final
detection.
It is hard to come up with a single intrusion detection
system which accurately works for all protocols.
25. ABA Methodology
Need to define:
• U: The event set
• R: The representation map
• f: The anomaly characterization function
• M: The Normal model (memory)
• ԏ : The detection threshold
27. Main Cybersecurity Challenges
Insider Threats Detection and Protection
Resilient Cyber Operations
Resilience is a promising solution
– You do not need to worry about detecting, and reacting to attacks
– You just make these attacks insignificance; that means you build
Intrusion Tolerance capabilities
Our Solution: Autonomic Cyber Security (ACS)
– Full visibility
– Continuous monitoring, analysis and mitigation
5/8/2018 27
29. Autonomic Cyber Security (ACS)
Analogous to
Human autonomic
nervous system
ACS continuously
monitors, analyzes,
and diagnoses the
user-cyber behavior
and then takes
proactive actions
36. 3) Automated and Integrated Management (AIM)
Observer
Controller
Anomaly
BAU
Knowledg
e
Monitorin
g
Executio
n
PoliciesPlanning
Resource
Activities
CPU
Memory
I/O
Network
Interactions
Task Activities
CPU
Memory
I/O
Interactions
39. IP Fluxing
Resilient
Communication
System (RCS)
Resilient
Server
Resilient Command and Control
System (RCCS)
Engineering
workstation
Database
Server
HMI
Data
Acquisition
Server
Historian
Reports
Actuators/Effector
s
Sensors
Physical System
IP Fluxing
Resilient and Intelligent City Ecosystem (RICE)
41. Moving Target Defense Strategies
Address Space Randomization
Instruction Set Randomization
Data Randomization
Execution Environment Randomization
– Change Programming Language
– Change OS and Middleware
– Change Resources
42. Diversity
– Hot Shuffling software variants at runtime
– Variants are functionally equivalent, behaviorally
different
Redundancy
– Multiple replicas on different physical hardware
Random Selection and Shuffling of Variants
Software Behavior Encryption (SBE)
42
44. Input
Output
Resilient Algorithm
Autonomic
Management
Resilient Server
VM App 1
Primary:
Version 1
Secondary:
Version 2
Smart City
Applications
VM App 2
Primary:
Version 1
Secondary:
Version 2
Application Repository
App 1 Version 1, 2, ..
App n Version 1, 2, ..
VM Image Repository
VM Type 1 2, ..
VM Type n
Configuration Engine
Diversity Level
Redundancy Level
Shuffling Rate
Resilient Computations/Applications
47. RCS Experimental Results and
Evaluation
• Developed an experimental environment
• MapReduce Application
• Linear Equation Solver Application
• Mibench
G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud
services using DDDAS and moving target defence”, IJCC 2(2/3): 171-190, 2013
49. AIM SDN Controller
OF Switch
Resilient Communication
Anomaly Behavior
Analysis (ABA
Network
Model
Monitoring
Service
Resilient Computation
Wired/WirelessNetwork
(Radio,Cellular,WiFi,Internet)
OF Switch
Command and
Control Center
Resilient
Servers
OF
Switch
54. The system resilience 𝑅 is the ability of the system to continue providing
its normal operations as long as the impact of the attacks is bellow the
minimum threshold 𝑅.
The impact 𝑖 𝑣 𝑡 of a vulnerability 𝑣 is:
𝑖 𝑣 𝑡 =
0, 𝑡 < 𝑇𝑣
𝐼 𝑉, 𝑡 ≥ 𝑇𝑣
Where 𝑇𝑣 is the time required for discovering the vulnerability and
exploiting it, and 𝐼𝑣 is the impact of exploiting the vulnerability.
Resilience Analysis
55. Probability of Successful Attack
Erik Blasch, Youssif Al-Nashif , Salim Hariri, Static versus Dynamic Data Information Fusion analysis
using DDDAS for Cyber Trust, ICCS 2014.
56. Resilient Crisis Management
56
Decision
Makers Domain Experts
Air Force
First Medical
Responders
Police
Firemen
Actions
Sensors
Measurements
Management Domain
Operations Domain
• Battle Management
• Nuclear Disaster
Management
• Terrorist/Accident
Management
• Analytics for
Cybersecurity
57. Command and Controls
Actions
Logger
Tool 2
Current StatesRecommended actions
Smart City Operations Center (SCOC): Integrated Modeling, Analysis and Simulation
Response AnalysisAgent based Simulation Risk Impact Analysis
Resilient Water
Application
Resilient Power
Grid Application
Resilient
Applications and
Communications
Resilient
Communications
Resilient
Computations
Sensors,
Devices,
Resources
Monitoring,
Filtering, and
Characterization
Resource
Behavior
Abstraction
Normal Behavior
Characterization
Requirements
Biosphere 2: A Smart City
Test Bed
58. Conclusions
We cannot build perfect cyber systems and services
Resilient paradigm provides us the methodology to make attacks
ineffective, so we can continue to operate normally in spite of attacks,
malicious accidents, failures, or disasters
Autonomic computing provides a promising paradigm to self manage
Cyber operations and services
Big Data Analytics and smart data structures will enable us to
effectively address the cybersecurity challenges
Ultimate goal is the development of Intelligent Cybersecurity Assistant
(ICSA) (like Siri for cybersecurity) technologies that can proactively
self-protect cyber resources, data and applications
58
61. MapReduce provides
– Automatic parallelization & distribution
Application 1 – MapReduce (MR)
G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud
services using DDDAS and moving target defense”, IJCC 2(2/3): 171-190, 2013
62. MapReduce – Attack Scenarios
During validation, SM checks
current environment and if
okay, contoler starts the
application execution cycle
Case 1: During validation, SM
detects an error in V4 and it
selects the first error free
output from v5 or v12
Case 2: During validation, SM
detects compromised results
of V9 and it selects the first
error free result from V3 or V7
G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud
services using DDDAS and moving target defence”, IJCC 2(2/3): 171-190, 2013
63. Case 1: Resilience against DoS Attacks
Denial of Service attack on Windows VM-6
Response Time (in seconds)
Without DoS
attack
With DoS
attack
Without RCS 95 615
With RCS 105 105
G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud
services using DDDAS and moving target defence”, IJCC 2(2/3): 171-190, 2013
64. Case 2: Resilience against Insider
Attacks
Response Time (in seconds)
Without Insider attack With Insider attack
Without RCS 95 No response
With RCS 105 105
% increase in response
time with RCS 11%
Compromise attack on Linux VM-1
G. Dsouza, G. Rodríguez, Y. B. Al-Nashif, S. Hariri, “Building resilient cloud
services using DDDAS and moving target defence”, IJCC 2(2/3): 171-190, 2013