Namasudra Advances in Computers

Chapter Two A Survey of Research on Data Corruption in Cyber–Physical Critical Infrastructure Systems
Mark Woodard*; Sahra Sedigh Sarvestani*; Ali R. Hurson*    * Missouri University of Science and Technology, Rolla, Missouri, USA Abstract
Computer systems are present in every aspect of modern life. In many of these systems, corruption of data is unavoidable as a result of both intentional and unintentional means. In many systems, this erroneous data can result in severe consequences including financial loss, injury, or death. Critical infrastructure cyber–physical systems utilize intelligent control to improve performance; however, they are heavily data dependent. These systems have the potential to propagate corrupted data, leading to failure. This chapter presents a survey of work related to the propagation of corrupted data within critical infrastructure cyber–physical systems, including the sources of corrupted data and the structure of critical infrastructure cyber–physical systems. In addition, it presents a comparative analysis of various data corruption detection and mitigation techniques. Additionally, we discuss a number of studies on the negative effects of system execution on corrupted data. These key topics are essential to understanding how undetected corrupted data propagates through a critical infrastructure cyber–physical system. Keywords Data corruption Critical infrastructure Cyber–physical systems 1 Introduction
Advances in computer technology and reduced hardware cost have caused almost all modern systems to rely heavily on stored computer data. However, the corruption of data in many systems is unavoidable. Erroneous data can be created within a system through unintentional means, such as failures in sensors, processors, storage, or communication hardware, or through intentional means such as an attack. Corrupted data in many of these systems can have severe consequences. One example is the stock market and other financial systems, as described by Kirilenko et al. [1]. One notable example of financial computing system failure occurred in August 2012, where a software error ended up costing Knight Capital, a mid-size financial firm, $10 million/min. In addition to economic consequences, failures in other systems such as critical infrastructure and manufacturing systems could result in the loss of life. Critical infrastructure systems have evolved from purely physical systems into critical infrastructure cyber–physical systems (CPSs) to meet performance requirements and growing demands. In a CPS, the physical infrastructure's functionality is enhanced by utilizing intelligent embedded systems, communication capabilities, distributed computing, and intelligent control [2]. Examples of these complex CPSs include smart power grids, intelligent water distribution networks, smart transportation systems, and cyber-enabled manufacturing systems. The intelligent control provided by CPSs requires access to real-time and previously recorded data from the control entities’ immediate area and system-wide information to calculate optimal control settings. Drawing data from system-wide sources allows the system to avoid adverse consequences caused by localized control. An example of improved CPS control is presented by Bakken et al. [3], who discuss how the major challenges of power generation and distribution in the smart grid can be addressed with the use of real-time measurements. Buttyán et al. [4] discuss the design and protection challenges of CPS, examining the importance of fault tolerance, security, and privacy in many components of CPS required to provided real-time field data including sensor nodes, networking protocols, and operating systems. Given CPSs’ reliance on real-time field data, the protection of critical infrastructures provides a fascinating application for database and sensor networks. The motivation for the survey presented in this chapter are the numerous critical infrastructure failures in recent history. One of these failures is presented by Miller et al. [5]. In June 1999, Bellingham, WA, a gas pipeline ruptured and leaked 237,000 gallons of gasoline from a 16-inch pipe into a creek that flowed through Whatcom Falls Park. After 1 1/2 h, the gasoline ignited and burned approximately 1 1/2 miles of forest along the creek resulting in three deaths and eight documented injuries. The failure was exacerbated by the control systems being unable to react due to the company's practice of performing database development work on the system while it was operating, making the real-time data unavailable. Another failure of note was in Italy on September 28, 2003, which resulted in half of Italy being without power for multiple days. Berizzi [6] and Buldyrev et al. [7] describe in detail the cascading failure, which was triggered by a single line failure near the Swiss-Italian border. However, this local failure led to the failure of nodes in the Internet communication network, which in turn caused further breakdown of power stations. While these examples are not the result of corrupted data, they demonstrate CPSs’ reliance on accurate real-time data and the need for fault-tolerant database systems. This chapter presents a survey of research related to the propagation of corrupted data. Figure 1 is a taxonomy of the topics presented in this chapter drawn from recent papers shown in Fig. 2. This work also serves as a foundation for future work in understanding and modeling the propagation of corrupted data through a CPS. Figure 1 Taxonomy of data corruption research. Figure 2 Histogram of papers cited. The remainder of this chapter is structured as follows. In Section 2, we address the sources of corrupted data. In Section 3, we discuss the structure of CPS and present an example application for comparison of techniques. Additionally, we discuss how data propagates through the example system, as undetected corrupted data will propagate in the same manner. In Section 4, we present a variety of data corruption detection methods that can be employed in a CPS. Section 5 is intended to address a variety of mitigation techniques that can be employed in a CPS. In Section 6, we discuss how corrupted data propagates through a system and its potential effects. Lastly, Section 7 addresses future directions for this research. 2 Sources of Corrupted Data
An understanding of fault tolerance and dependability is necessary in order to discuss the sources of data corruption. Avizienis et al. [8] define a number of terms in the field of dependability used to describe the state of a system in the presence of a disruptive event in terms of the system's ability to provide its specified service. The most general terms used to describe the threats to system operation are failure, error, and fault. A system failure occurs when the system does not comply with the system specifications. An error is a system state that may cause a subsequent failure, i.e., a failure occurs when an error alters the service. A fault is the cause of an error. Faults can be classified based on a number of factors including persistence, activity, and intent. Corrupted data can be a failure, error, or fault depending on its location in the system. Producing corrupted data in a system is a failure; processing corrupted data is a system error; corrupted data as an input to the system is a fault. Erroneous data can be created within a system in a number of different ways, both deliberate and nondeliberate. Deliberate data corruption is the result of an attack. Attacks can be classified as cyber, physical, or cyber–physical depending on the source of the attack. Mo et al. [9] describe both purely cyber and purely physical attacks on critical infrastructure. Purely cyber attacks are attacks that remotely compromise the confidentiality, integrity, or availability of data. Cyber attacks include denial of service and malware designed to disrupt a control system. Purely physical attacks utilize physical tampering of either the system or the environment to disrupt operation. An example of this is power meter bypassing which allows a customer to steal power by bypassing the meter. Cyber–physical attacks are more complex and involve coordinated attacks on cyber and physical systems to produce undetectable adverse effects. Pasqualetti et al. [10] and Amin et al. [11] describe cyber–physical attacks on power and water critical infrastructures, respectively. Nondeliberate data corruption is the result of corruption during communication, processing, or storage as well as inaccurate sensor readings. Aggarwal et al. [12] present the case for “data cleaning” of sensor readings. Sensor readings are often created by converting a measured quantity such as voltage into another measured quantities such as temperature. This process can produce very noisy data because it may not be precise. Other errors can be introduced by external conditions or sensor aging. Recalibrating the sensor can reduce these errors but cannot prevent these errors. Additionally, data may be incomplete due to periodic failures of sensors. Some sensor types can be even...