Simulating and Emulating network control systems on DETER

1. Simulating and Emulating network control systems on DETER Darrel Brower – Humboldt State University Graduate mentors: Saurabh Amin, Blaine Nelson, Suzanna Schmeelk • Introduction • Since public utilities must rely on the internet, they are vulnerable to cyber attacks. We test mitigation of network control system attacks by using the DETER testbed, which simulates & emulates vulnerabilities. We create a network topology, put plants & controllers on endpoints, attack them, and defend them by changing plant behavior. We examine developing, deploying, and modifying the plant & controller software, which is a major challenge of the project. • Project Goals • Plant Behavior • plants are physical systems designed to facilitate automation [1]. computers that behave like networked plants will: • hold a state.: e.g., temperature or electrical load. • update state at regular times. • send updated state to its controller. Plants update state through one of two ways: • scheduled orders from controllers. • regular time intervals. • be influenced by external input from its controller. • update state when its controller requests it. • Controller Behavior • A controller is a mechanism that regulates plants. Computers that behave like networked controllers will: • Always accept updated plant states. • Find plant future state from the plants updated state. • Use the future state to calculate a control value. • Send the control value to the plant as plant input. • Methods • To create credible experiments, we take these steps, in this order: • Model the Abilene topology on DETER. • Add nodes to the endpoints to be plants & controllers. • Install plant & controller software on selected nodes. • Make plants & controllers look for initial values at startup, to facilitate testing various network control system behaviors. • Make the plant handshake with its controller. • Start normal plant & controller behavior. • Allow multiple plants to connect to one controller simultaneously • If the state is too large, have the plant quit. • Implementation of Methods • Simulation • We simulate a system by imitating its functions [2]. • We started by finding and using simulated plant & control software. • Simulated software runs on one node. It simulates one controller & several plants. Generated traffic is logged by ns-2, a simulation platform. • Goal: make a plant connect to a controller on another DETER node • Problem: After installation, the plant & controller simulation runs correctly, but cannot communicate outside of ns-2. • Solution: Emulate the plant & controller software. • Emulation • We emulate by mixing real components with simulated components [3]. • Emulated Plant and Controller • We test emulating plants & controllers by porting the simulation software to python [3], which is on all the nodes. • The result: an emulated version that fulfills the methods criteria. • Bonus: the emulation exceeds experimentation requirements by being easy to customize and having real network traffic communication. • Result: tests on network control systems could begin. • Improved Emulated Plant and Controller • We find software customization speeds up research significantly • We add a way to run lists of custom plants for specific durations. • We improve logging for easier data filtering. • These improvements also allow researching plant behavioral aspects. • Conclusions • Over the course of this research, we find that it is possible to create a simulation and an emulation of a network control system on DETER. We also find that the software is customizable to facilitate speedy and proper experimentation. As a result of using emulation, we are able to conduct a larger variety of experiments faster. • Future Work • The network control system can be improved. Below are recommendations • Compare the simulation software’s behavior, which is proven to be like a scalar plant & controller, to the emulated plant & controller • Find a way to integrate the simulation software to the emulated. • Integrate the emulated plant & controller with a DETER OS image • Find more plant software and add it for alternative experiments • References • [1] Liberatore, V. (2002, December 9). Network control Systems. Cleveland, Ohio, United States. • [2] Merriam-Webster. (n.d.). simulation definition. Retrieved July 28, 2010, from http://www.merriam-webster.com/netdict/simulation • [3] ShashiGuruprasad, R. R. (n.d.). Integrated Network Experimentation using Simulation and Emulation. Logan, Utah, United States. • [4] Zappala, D. a. (n.d.). Python Network Programming. Provo, Utah, United States Figure 3. emulation improvements. Shown here is the ability to run plants for limited time intervals before changing plant settings and restarting [1] Fig 2. Plant and controller software emulated on DETER using Python [1] Figure 1. A schematic of a network control system [1]