Abstract
Recently, the number of publicized attacks on IoT devices has noticeably grown. This is in part due to the increasing deployment of embedded systems into various domains, including critical infrastructure, which makes them a valuable asset and a compromise can cause significant damages. In this case, it is often required to send an engineer to manually recover the devices, as the attack leaves them out of reach of standard remote management solutions. To avoid this costly process, the concept of cyber resilience has gained traction in recent years in both academia and industry. Its core idea is to enable compromised devices to recover themselves to a trusted state without human intervention. Initial guidelines and architectures to realize cyber resilience have been published by standardization entities like NIST and TCG, and in multiple academic papers. While the initial works focused on guaranteed recovery, recent proposals included attack detection to speed up the recovery process. In this work, we build on top of these ideas and present an extended resilience architecture. We present new implementations of resilience engines with a focus on secure and reliable data acquisition for attack detection and classification. Our attack classification engine enables tailored, more efficient recovery responses.
Original language | English |
---|---|
Number of pages | 16 |
Journal | IEEE Transactions on Emerging Topics in Computing |
Early online date | 29 Dec 2022 |
DOIs | |
Publication status | E-pub ahead of print - 29 Dec 2022 |
Keywords
- Architecture
- Attack detection
- Cloud computing
- Computer architecture
- Cyber resilience
- Device recovery
- Engines
- Internet of Things
- Monitoring
- NIST
- Resilience
- Self-monitoring
- Trusted services