ETD PDF

Analysis of Software-Defined Networks as a Mechanism for Enforcing Corporate Security Policies in OT Networks

Citation

Gogineni Ravindrababu, Sandeep. (2022-05). Analysis of Software-Defined Networks as a Mechanism for Enforcing Corporate Security Policies in OT Networks. Theses and Dissertations Collection, University of Idaho Library Digital Collections. https://www.lib.uidaho.edu/digital/etd/items/gogineniravindrababu_idaho_0089e_12391.html

Title:
Analysis of Software-Defined Networks as a Mechanism for Enforcing Corporate Security Policies in OT Networks
Author:
Gogineni Ravindrababu, Sandeep
Date:
2022-05
Keywords:
Consistency ICS OT Policies SDN Security
Program:
Computer Science
Subject Category:
Computer science
Abstract:

Cyber Security has been given a high priority for operational technology systems in recent years after specific cyber-incidents targeting them. Previously, these systems were primarily concerned with reliability; however, cyber security is now viewed as a critical aspect in avoiding production damage and financial losses. According to certain studies, replacing traditional networks in OT systems with software-defined networks (SDN) minimizes cyber-attacks due to the features provided by these networks. SDN networks have various advantages over traditional networks, due to the separation of the data plane and control plane. The concern is whether SDN networks are more dependable than existing traditional networks, and whether we can take advantage of all of SDN's characteristics when connecting with OT systems. Furthermore, deploying cyber security on a network infrastructure necessitates the creation and implementation of security policies that define the authorized communication between network devices. There is, however, a distinction to be made between security policies and the technologies that implement them. There is also often a distinction between intended policy and deployed or configured policy. Therefore there is a need to confirm compliance between policy and reality in a network. This is especially true in operational technology systems where there is a lot of network infrastructure and special purpose devices which can not be scanned or analyzed using traditional cyber security tools.

To address the cyber security issues in operational technology systems, this dissertation reviews cyber-incidents reported on them and summarizes possible attacks on each of their sub-systems to gain broader insight into vulnerabilities present in them and uses the common vulnerability exposure database to enumerate trends. Then, a process is formally developed and evaluated through a proof of concept tool to detect the security policy implemented in the control rules of an SDN switch deployed in an industrial control system network. These rules were analyzed to determine if this security policy is compliant with the organization's high-level policies.

Description:
doctoral, Ph.D., Computer Science -- University of Idaho - College of Graduate Studies, 2022-05
Major Professor:
Alves-Foss, Jim
Committee:
Song, Jia; Conte de Leon, Daniel; Chakhchoukh, Yacine; Soule, Terry
Defense Date:
2022-05
Identifier:
GogineniRavindrababu_idaho_0089E_12391
Type:
Text
Format Original:
PDF
Format:
application/pdf

Contact us about this record

Rights
Rights:
In Copyright - Educational Use Permitted. For more information, please contact University of Idaho Library Special Collections and Archives Department at libspec@uidaho.edu.
Standardized Rights:
http://rightsstatements.org/vocab/InC-EDU/1.0/