A Security Evaluation of a Platform Intended for Critical Infrastructure - A Case Study for Sinusoidal Systems

Hämtar...
Bild (thumbnail)

Publicerad

Typ

Examensarbete för masterexamen
Master's Thesis

Modellbyggare

Tidskriftstitel

ISSN

Volymtitel

Utgivare

Sammanfattning

The Digital Measurement Platform (DMP) is a safety-critical system designed for digital substations. It uses software applications to replicate the functionality of traditional physical power meters by processing data directly from the IEC61850 process bus. This allows multiple virtual meters to operate efficiently on a single hardware unit. While the operational feasibility and precision of the DMP have been carefully tested, its cybersecurity resilience remains unexplored. Given its deployment in critical infrastructure, this lack of security analysis is a significant gap. This thesis addresses that gap by performing a purple-team security assessment of the DMP. Through threat modeling, baseline security evaluation, and controlled attack experiments, we evaluate the resilience of the platform against an attacker controlling code inside an unprivileged container. We find that the DMP demonstrates resilience against container escapes, SQL injection, and Confused Deputy attacks. However, several Denial of Service vulnerabilities were successfully exploited. Flooding shared bind mounts and stdout/stderr bypasses cgroup resource limits to exhaust the host storage, while architectural weaknesses in the framework’s message handling enable OOM crashes within seconds. Mitigations are proposed for all successful exploits.

Beskrivning

Ämne/nyckelord

container security, critical infrastructure, purple teaming, digital measurement platform

Citation

Arkitekt (konstruktör)

Geografisk plats

Byggnad (typ)

Byggår

Modelltyp

Skala

Teknik / material

Index

Endorsement

Review

Supplemented By

Referenced By