SOVEREIGN - Towards a Holistic Approach to Critical Infrastructure Protection
Authors: 
Georg Becker, Thomas Eisenbarth, Hannes Federrath, Mathias Fischer, Nils Loose, Simon Ott, Joana Pecholt, Stephan Marwedel, Dominik Meyer, Jan Stijohann, Anum Talpur, Matthias VallentinAuthors Info & Claims
Georg Becker, Thomas Eisenbarth, Hannes Federrath, Mathias Fischer, Nils Loose, Simon Ott, Joana Pecholt, Stephan Marwedel, Dominik Meyer, Jan Stijohann, Anum Talpur, Matthias VallentinAuthors Info & ClaimsARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security
Article No.: 144, Pages 1 - 9
Abstract
In the digital age, cyber-threats are a growing concern for individuals, businesses, and governments alike. These threats can range from data breaches and identity theft to large-scale attacks on critical infrastructure. The consequences of such attacks can be severe, leading to financial losses, threats to national security, and the loss of lives. This paper presents a holistic approach to increase the security of critical infrastructures. For that, we propose an open, self-configurable, and AI-based automated cyber-defense platform that runs on specifically hardened devices and own hardware, can be deeply embedded in critical infrastructures and provides full visibility on network, endpoints, and software. In this paper, starting from a thorough analysis of related work, we describe the vision of our SOVEREIGN platform in the form of an architecture, discuss individual building blocks, and evaluate it qualitatively with respect to our requirements.
References
[1]
AMD. 2020. SEV-SNP: Strengthening VM Isolation with Integrity Protection and more. White Paper.
[2]
Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’keeffe, Mark L Stillwell, 2016. SCONE: Secure linux containers with intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation. 689–703.
[3]
Pradipta Banerjee, Christophe de Dinechin, Ariel Adam, Jochen Schroder, and Martin Tessun. 2022. What is the Confidential Containers project?https://www.redhat.com/en/blog/what-confidential-containers-project
[4]
Ferdinand Brasser, Patrick Jauernig, Frederik Pustelnik, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2022. Trusted Container Extensions for Container-based Confidential Computing. arXiv preprint arXiv:2205.05747 (2022).
[5]
Pascal Brueckner, Amr Osman, Mathias Fischer, and Thorsten Strufe. 2019. Sandnet: Towards High Quality of Deception in Container-based Microservice Architectures. In International Conference on Communications (ICC) - Communications and Information Systems Security Symposium (CISS). IEEE.
[6]
Nathan Burow, Scott A Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, and Mathias Payer. 2017. Control-flow integrity: Precision, security, and performance. ACM Computing Surveys (CSUR) 50, 1 (2017), 1–33.
[7]
Nathan Burow, Xinping Zhang, and Mathias Payer. 2019. SoK: Shining light on shadow stacks. In IEEE Symposium on Security and Privacy (SP). IEEE, 985–999.
[8]
Saikat Chakraborty, Rahul Krishna, Yangruibo Ding, and Baishakhi Ray. 2022. Deep Learning Based Vulnerability Detection: Are We There Yet?IEEE Trans. Software Eng. 48, 9 (2022), 3280–3296.
[9]
Xiao Cheng, Haoyu Wang, Jiayi Hua, Guoai Xu, and Yulei Sui. 2021. DeepWukong: Statically Detecting Software Vulnerabilities Using Deep Graph Neural Network. ACM Trans. Softw. Eng. Methodol. 30, 3 (2021), 38:1–38:33.
[10]
Luigi Coppolino, Salvatore D’Antonio, Giovanni Mazzeo, and Luigi Romano. 2019. A comprehensive survey of hardware-assisted security: From the edge to the cloud. Internet of Things 6 (2019), 100055.
[11]
EUROCAE WG-72. 2018. ED-203A – Airworthiness Security Methods and Considerations. Technical Report. European Organization for Civil Aviation Equipment (EUROCAE).
[12]
Xueyuan Han, Thomas Pasquier, Adam Bates, James Mickens, and Margo Seltzer. 2020. Unicorn: Runtime provenance-based detector for advanced persistent threats. arXiv preprint arXiv:2001.01525 (2020).
[13]
Wajih Ul Hassan, Shengjian Guo, Ding Li, Zhengzhang Chen, Kangkook Jee, Zhichun Li, and Adam Bates. 2019. Nodoze: Combatting threat alert fatigue with automated provenance triage. In network and distributed systems security symposium.
[14]
Jiyong Jang, Maverick Woo, and David Brumley. 2013. Towards automatic software lineage inference. In 22nd USENIX Security Symposium. 81–96.
[15]
Vaibhavi Kalgutkar, Ratinder Kaur, Hugo Gonzalez, Natalia Stakhanova, and Alina Matyukhina. 2019. Code authorship attribution: Methods and challenges. ACM Computing Surveys (CSUR) 52, 1 (2019), 1–36.
[16]
Per Larsen, Andrei Homescu, Stefan Brunthaler, and Michael Franz. 2014. SoK: Automated software diversity. In IEEE Symposium on Security and Privacy. IEEE, 276–291.
[17]
Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, and Yuyi Zhong. 2018. VulDeePecker: A Deep Learning-Based System for Vulnerability Detection. In 25th Annual Network and Distributed System Security Symposium, NDSS. The Internet Society.
[18]
Dominik Meyer, Jan Haase, Marcel Eckert, and Bernd Klauer. 2021. A Modern Approach to Application Specific Processors for Improving the Security of Embedded Devices. In 47th Annual Conference of the IEEE Industrial Electronics Society.
[19]
Sadegh M Milajerdi, Rigel Gjomemo, Birhanu Eshete, Ramachandran Sekar, and VN Venkatakrishnan. 2019. Holmes: real-time apt detection through correlation of suspicious information flows. In IEEE Symposium on Security and Privacy (SP). IEEE, 1137–1152.
[20]
MITRE. 2023. CWE Top 25 Most Dangerous Software Weaknesses. https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html
[21]
Mathias Morbitzer, Manuel Huber, Julian Horsch, and Sascha Wessel. 2018. Severed: Subverting amd’s virtual machine encryption. In Proceedings of the 11th European Workshop on Systems Security. 1–6.
[22]
Santosh Nagarakatte, Jianzhou Zhao, Milo MK Martin, and Steve Zdancewic. 2009. SoftBound: Highly compatible and complete spatial memory safety for C. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation. 245–258.
[23]
Santosh Nagarakatte, Jianzhou Zhao, Milo MK Martin, and Steve Zdancewic. 2010. CETS: compiler enforced temporal safety for C. In Proceedings of the international symposium on Memory management. 31–40.
[24]
NIST. [n. d.]. NIST SOFTWARE ASSURANCE REFERENCE DATASET. Retrieved Feburary 1, 2024 from https://samate.nist.gov/SARD
[25]
Vadim Okun, Aurelien Delaitre, and Paul Black. 2013. Report on the Static Analysis Tool Exposition (SATE) IV.
[26]
Simon Ott, Monika Kamhuber, Joana Pecholt, and Sascha Wessel. 2023. Universal Remote Attestation for Cloud and Edge Platforms. In Proceedings of the 18th International Conference on Availability, Reliability and Security. 1–11.
[27]
Vern Paxson. 1999. Bro: a system for detecting network intruders in real-time. In USENIX Security Symposium, Vol. 7. 1–22.
[28]
Joana Pecholt and Sascha Wessel. 2022. CoCoTPM: Trusted Platform Modules for Virtual Machines in Confidential Computing Environments. In Proceedings of the 38th Annual Computer Security Applications Conference. 989–998.
[29]
Erwin Quiring, Alwin Maier, and Konrad Rieck. 2019. Misleading authorship attribution of source code using adversarial learning. In 28th USENIX Security Symposium. 479–496.
[30]
Fahmida Y Rashid. 2020. The rise of confidential computing: Big tech companies are adopting a new security model to protect data while it’s in use. IEEE Spectrum 57, 6 (2020), 8–9.
[31]
Rebecca L. Russell, Louis Y. Kim, Lei H. Hamilton, Tomo Lazovich, Jacob Harer, Onur Ozdemir, Paul M. Ellingwood, and Marc W. McConley. 2018. Automated Vulnerability Detection in Source Code Using Deep Representation Learning. In 17th IEEE International Conference on Machine Learning and Applications, ICMLA. 757–762.
[32]
M Sardar, Thomas Fossati, and Simon Frost. 2023. SoK: Attestation in confidential computing. ResearchGate pre-print (2023).
[33]
Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A fast address sanity checker. In USENIX annual technical conference. 309–318.
[34]
Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. 2004. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM conference on Computer and communications security. 298–307.
[35]
Paria Shirani, Lingyu Wang, and Mourad Debbabi. 2017. Binshape: Scalable and robust binary library function identification using function shape. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 301–324.
[36]
Florian Skopik and Timea Pahi. 2020. Under false flag: using technical artifacts for cyber attack attribution. Cybersecurity 3 (2020), 1–20.
[37]
Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, and Michael Franz. 2019. SoK: Sanitizing for security. In IEEE Symposium on Security and Privacy (SP). IEEE, 1275–1295.
[38]
National Telecommunications and Information Administration. 2021. Software Bill of Materials. https://www.ntia.gov/page/software-bill-materials
[39]
Emmanouil Vasilomanolakis, Shankar Karuppayah, Max Mühlhäuser, and Mathias Fischer. 2015. Taxonomy and survey of collaborative intrusion detection. ACM Computing Surveys (CSUR) 47, 4 (2015), 1–33.
[40]
David A Wheeler and Gregory N Larsen. 2003. Techniques for cyber attack attribution. Institute for Defense Analysis (2003), 2.
[41]
Florian Wilkens, Felix Ortmann, Steffen Haas, Matthias Vallentin, and Mathias Fischer. 2021. Multi-Stage Attack Detection via Kill Chain State Machines. In Workshop on Cyber-Security Arms Race, co-located with ACM Conference on Computer and Communications Security (CCS).
[42]
Ru Zhang, Yanyu Huo, Jianyi Liu, Fangyu Weng, 2017. Constructing APT attack scenarios based on intrusion kill chain and fuzzy clustering. Security and Communication Networks (2017).
[43]
Xu Zhang, Yong Xu, Qingwei Lin, Bo Qiao, Hongyu Zhang, Yingnong Dang, Chunyu Xie, Xinsheng Yang, Qian Cheng, Ze Li, 2019. Robust log-based anomaly detection on unstable log data. In 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 807–817.
[44]
Yaqin Zhou, Shangqing Liu, Jing Kai Siow, Xiaoning Du, and Yang Liu. 2019. Devign: Effective Vulnerability Identification by Learning Comprehensive Program Semantics via Graph Neural Networks. In Annual Conference on Neural Information Processing Systems, NeurIPS. 10197–10207.
Index Terms
- SOVEREIGN - Towards a Holistic Approach to Critical Infrastructure Protection
Recommendations
Defending Critical Infrastructure
We apply new bilevel and trilevel optimization models to make critical infrastructure more resilient against terrorist attacks. Each model features an intelligent attacker (terrorists) and a defender (us), information transparency, and sequential ...
Comments
Information & Contributors
Information
Published In
July 2024
2032 pages
ISBN:9798400717185
DOI:10.1145/3664476
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ARES 2024
ARES 2024: The 19th International Conference on Availability, Reliability and Security
July 30 - August 2, 2024
Vienna, Austria
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 83Total Downloads
- Downloads (Last 12 months)83
- Downloads (Last 6 weeks)9
Reflects downloads up to 20 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format