With the rapid growth of network technology, the methods and types of cyber-attacks are increasing rapidly. Traditional static passive defense technologies focus on external security and known threats to the target sy...With the rapid growth of network technology, the methods and types of cyber-attacks are increasing rapidly. Traditional static passive defense technologies focus on external security and known threats to the target system and cannot resist advanced persistent threats. To solve the situation that cyberspace security is easy to attack and difficult to defend, Chinese experts on cyberspace security proposed an innovative theory called mimic defense, it is an active defense technology that employs “Dynamic, Heterogeneous, Redundant” architecture to defense attacks. This article first briefly describes the classic network defense technology and Moving Target Defense (MTD). Next, it mainly explains in detail the principles of the mimic defense based on the DHR architecture and analyzes the attack surface of DHR architecture. This article also includes applications of mimic defense technology, such as mimic routers, and mimic web defense systems. Finally, it briefly summarizes the existing research on mimic defense, expounds the problems that need to be solved in mimic defense, and looks forward to the future development of mimic defense.展开更多
Safety and security are interrelated and both essential for connected automated vehicles(CAVs).They are usually investigated independently,followed by standards ISO 26262 and ISO/SAE 21434,respectively.However,more fu...Safety and security are interrelated and both essential for connected automated vehicles(CAVs).They are usually investigated independently,followed by standards ISO 26262 and ISO/SAE 21434,respectively.However,more functional safety and security fea-tures of in-vehicle components make existing safety mechanisms weaken security mechanisms and vice versa.This results in a dilemma that the safety-critical and security-critical in-vehicle components cannot be protected.In this paper,we propose a dynamic heterogeneous redundancy(DHR)architecture to enhance the safety and security of CAVs simultaneously.We first investigate the current status of integrated safety and security analysis and explore the relationship between safety and security.Then,we propose a new taxonomy of in-vehicle components based on safety and security features.Finally,a dynamic heterogeneous redun-dancy(DHR)architecture is proposed to guarantee integrated functional safety and cyber security of connected vehicles for the first time.A case study on an automated bus shows that DHR architecture can not only detect unknown failures and ensure functional safety but also detect unknown attacks to protect cyber security.Furthermore,we provide an in-depth analysis of quantification for CAVs performance using DHR architecture and identify chal-lenges and future research directions.Overall,integrated safety and security enhancement is an emerging research direction.展开更多
The common endogenous security problems in cyberspace and related attack threats have posed subversive challenges to conventional theories and methods of functional safety.In the current design of the cyber physical s...The common endogenous security problems in cyberspace and related attack threats have posed subversive challenges to conventional theories and methods of functional safety.In the current design of the cyber physical system(CPS),functional safety and cyber security are increasingly intertwined and inseparable,which evolve into the generalized functional safety(S&S)problem.The conventional reliability and cybersecurity technologies are unable to provide security assurance with quanti able design and veri cation metrics in response to the cyberattacks in hardware and software with common endogenous security problems,and the functional safety of CPS facilities or device has become a frightening ghost.The dynamic heterogeneity redundancy(DHR)architecture and coding channel theory(CCT)proposed by the cyberspace endogenous security paradigm could handle random failures and uncertain network attacks in an integrated manner,and its generalized robust control mechanism can solve the universal problem of quantitative design for functional safety under probability or improbability perturbation.As a generalized functional safety enabling structure,DHR opens up a new direction to solve the common endogenous security problems in the cross-disciplinary elds of cyberspace.展开更多
文摘With the rapid growth of network technology, the methods and types of cyber-attacks are increasing rapidly. Traditional static passive defense technologies focus on external security and known threats to the target system and cannot resist advanced persistent threats. To solve the situation that cyberspace security is easy to attack and difficult to defend, Chinese experts on cyberspace security proposed an innovative theory called mimic defense, it is an active defense technology that employs “Dynamic, Heterogeneous, Redundant” architecture to defense attacks. This article first briefly describes the classic network defense technology and Moving Target Defense (MTD). Next, it mainly explains in detail the principles of the mimic defense based on the DHR architecture and analyzes the attack surface of DHR architecture. This article also includes applications of mimic defense technology, such as mimic routers, and mimic web defense systems. Finally, it briefly summarizes the existing research on mimic defense, expounds the problems that need to be solved in mimic defense, and looks forward to the future development of mimic defense.
基金supported by the Shanghai Sailing Program(21YF1413800 and 20YF1413700)the National Science Foundation of China(no.62002213)+1 种基金the Program of Industrial Internet Visualized Asset Management and Operation Technology and Products,Shanghai Science and Technology Innovation Action Plan(No.21511102502,No.21511102500)Henan Science and Technology Major Project(No.221100240100).
文摘Safety and security are interrelated and both essential for connected automated vehicles(CAVs).They are usually investigated independently,followed by standards ISO 26262 and ISO/SAE 21434,respectively.However,more functional safety and security fea-tures of in-vehicle components make existing safety mechanisms weaken security mechanisms and vice versa.This results in a dilemma that the safety-critical and security-critical in-vehicle components cannot be protected.In this paper,we propose a dynamic heterogeneous redundancy(DHR)architecture to enhance the safety and security of CAVs simultaneously.We first investigate the current status of integrated safety and security analysis and explore the relationship between safety and security.Then,we propose a new taxonomy of in-vehicle components based on safety and security features.Finally,a dynamic heterogeneous redun-dancy(DHR)architecture is proposed to guarantee integrated functional safety and cyber security of connected vehicles for the first time.A case study on an automated bus shows that DHR architecture can not only detect unknown failures and ensure functional safety but also detect unknown attacks to protect cyber security.Furthermore,we provide an in-depth analysis of quantification for CAVs performance using DHR architecture and identify chal-lenges and future research directions.Overall,integrated safety and security enhancement is an emerging research direction.
基金the National Natural Science Foundation Innovation Group Project(61521003).
文摘The common endogenous security problems in cyberspace and related attack threats have posed subversive challenges to conventional theories and methods of functional safety.In the current design of the cyber physical system(CPS),functional safety and cyber security are increasingly intertwined and inseparable,which evolve into the generalized functional safety(S&S)problem.The conventional reliability and cybersecurity technologies are unable to provide security assurance with quanti able design and veri cation metrics in response to the cyberattacks in hardware and software with common endogenous security problems,and the functional safety of CPS facilities or device has become a frightening ghost.The dynamic heterogeneity redundancy(DHR)architecture and coding channel theory(CCT)proposed by the cyberspace endogenous security paradigm could handle random failures and uncertain network attacks in an integrated manner,and its generalized robust control mechanism can solve the universal problem of quantitative design for functional safety under probability or improbability perturbation.As a generalized functional safety enabling structure,DHR opens up a new direction to solve the common endogenous security problems in the cross-disciplinary elds of cyberspace.