A Security Evaluation of a Platform Intended for Critical Infrastructure - A Case Study for Sinusoidal Systems
Hämtar...
Ladda ner
Publicerad
Författare
Typ
Examensarbete för masterexamen
Master's Thesis
Master's Thesis
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
The Digital Measurement Platform (DMP) is a safety-critical system designed for
digital substations. It uses software applications to replicate the functionality of
traditional physical power meters by processing data directly from the IEC61850
process bus. This allows multiple virtual meters to operate efficiently on a single
hardware unit. While the operational feasibility and precision of the DMP have
been carefully tested, its cybersecurity resilience remains unexplored. Given its
deployment in critical infrastructure, this lack of security analysis is a significant
gap.
This thesis addresses that gap by performing a purple-team security assessment of the
DMP. Through threat modeling, baseline security evaluation, and controlled attack
experiments, we evaluate the resilience of the platform against an attacker controlling
code inside an unprivileged container. We find that the DMP demonstrates resilience
against container escapes, SQL injection, and Confused Deputy attacks. However,
several Denial of Service vulnerabilities were successfully exploited. Flooding shared
bind mounts and stdout/stderr bypasses cgroup resource limits to exhaust the host
storage, while architectural weaknesses in the framework’s message handling enable
OOM crashes within seconds. Mitigations are proposed for all successful exploits.
Beskrivning
Ämne/nyckelord
container security, critical infrastructure, purple teaming, digital measurement platform
