Barriers to the Use of Intrusion Detection Systems in Safety-Critical Applications

Johnson, C.W. (2015) Barriers to the Use of Intrusion Detection Systems in Safety-Critical Applications. In: 34th International Conference, Safecomp, Delft, The Netherlands, 23-25 Sep 2015, pp. 375-384. ISBN 9783319242545 (doi: 10.1007/978-3-319-24255-2_27)

[img]
Preview
Text
111814.pdf - Accepted Version

233kB

Abstract

Intrusion detection systems (IDS) provide valuable tools to monitor for, and militate against, the impact of cyber-attacks. However, this paper identifies a range of theoretical and practical concerns when these systems are integrated into safety-critical systems. White-list approaches enumerate the processes that can legitimately exploit system resources and any other access requests are interpreted to indicate the presence of malware. They cannot easily be used in safety-related applications where the use of legacy applications and Intellectual Property (IP) barriers associated with the extensive use of subcontracting can make it different to enumerate the resource requirements for all valid processes. In contrast, blacklist intrusion detection systems characterize the behavior of known malware. In order to be effective, blacklist IDS must be updated at regular intervals. This raises enormous concerns in safety-critical systems where extensive validation and verification requirements ensure that software updates must be rigorously tested. In other words, there is a concern that an IDS signature update might itself introduce bugs into a safety-related system. Isolation between an IDS and a safety related application can minimize this threat, for instance, using information diodes. However, further problems arise when IDS false positives compromise the reliability of safety-related applications.

Item Type:Conference Proceedings
Additional Information:Lecture Notes in Computer Science: 9337. The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-319-24255-2_27
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Johnson, Professor Chris
Authors: Johnson, C.W.
College/School:College of Science and Engineering > School of Computing Science
Publisher:Springer International Publishing
ISSN:0302-9743
ISBN:9783319242545
Copyright Holders:Copyright © 2015 Springer International Publishing Switzerland
Publisher Policy:Reproduced in accordance with the copyright policy of the publisher

University Staff: Request a correction | Enlighten Editors: Update this record