COMING SOON! PQDT Open is getting a new home!

ProQuest Open Access Dissertations & Theses will remain freely available as part of a new and enhanced search experience at

Questions? Please refer to this FAQ.

Dissertation/Thesis Abstract

"Bolt-On" Network Security for Advanced Manufacturing Deployments
by McCormack, Matthew M., Ph.D., Carnegie Mellon University, 2020, 156; 28258526
Abstract (Summary)

Industry 4.0 is driving manufacturing centers to utilize networked devices, many of which are potentially deployed with security vulnerabilities. Unfortunately, these devices often lack effective host-level protections and may have service lives beyond the vendor's support. At the same time, traditional network security solutions, such as firewalls, often leave coverage gaps and lack the necessary trust to ensure they do not become launchpads for future attacks. Therefore, adopting Industry 4.0 potentially amplifies the manufacturing domain's attack surface, creating new ways for attackers to steal proprietary data, sabotage manufacturing operations by making defective parts, and deny users access to critical machines.

This dissertation aims to design a practical system for defending manufacturing deployments from network attacks. We leverage advances in software-defined networking to provide device-specific network protections that can be "bolted-on'' to existing manufacturing networks in the form of a security gateway. Such a bolt-on approach allows for protecting existing machines without requiring modifications to the machines or their software. For a security gateway to be effective it must (1) be able to identify and mitigate vulnerabilities present in manufacturing devices, and (2) be trusted to enforce these protections even when the gateway itself is under attack.

The key contributions of this thesis are the following. We build a vulnerability assessment tool, C3PO, for analyzing networked 3D printers and their deployments, which we then use to evaluate 13 networked 3D printers and 5 manufacturing center deployments. Our evaluation identified common vulnerabilities such as susceptibility to denial of service attacks, not encrypting sensitive data in transit, and a lack of network isolation. These identified vulnerabilities inform the device-specific network protections the security gateway must provide. Next, we design a low-cost, trusted security gateway system, Jetfire, by building on top of a micro-hypervisor root of trust. We use formal modeling to guide the application of micro-hypervisor provided capabilities to provide an end-to-end guarantee that all packets are processed by the correct network protection (e.g., those identified by C3PO). We then demonstrate how this trusted architecture can be used to secure networked 3D printers by mitigating identified vulnerabilities as well as providing more elaborate protections such as behavior-based anomaly detection.

Indexing (document details)
Advisor: Sekar, Vyas
Commitee: Lewis, Grace , Rowe, Anthony , DeVincent Wolf, Sandra
School: Carnegie Mellon University
Department: Electrical and Computer Engineering
School Location: United States -- Pennsylvania
Source: DAI-B 82/7(E), Dissertation Abstracts International
Subjects: Computer Engineering
Keywords: 3D printing, Network function virtualization, Network security, Software-defined networking
Publication Number: 28258526
ISBN: 9798569906826
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy