Browse > Article
http://dx.doi.org/10.14248/JKOSSE.2016.12.2.101

A Systems Engineering Approach to Implementing Hardware Cybersecurity Controls for Non-Safety Data Network  

Ibrahim, Ahmad Salah (Department of NPP Engineering, KEPCO International Nuclear Graduate School)
Jung, Jaecheon (Department of NPP Engineering, KEPCO International Nuclear Graduate School)
Publication Information
Journal of the Korean Society of Systems Engineering / v.12, no.2, 2016 , pp. 101-114 More about this Journal
Abstract
A model-based systems engineering (MBSE) approach to implementing hardware-based network cybersecurity controls for APR1400 non-safety data network is presented in this work. The proposed design was developed by implementing packet filtering and deep packet inspection functions to control the unauthorized traffic and malicious contents. Denial-of-Service (DoS) attack was considered as a potential cybersecurity issue that may threaten the data availability and integrity of DCS gateway servers. Logical design architecture was developed to simulate the behavior of functions flow. HDL-based physical architecture was modelled and simulated using Xilinx ISE software to verify the design functionality. For effective modelling process, enhanced function flow block diagrams (EFFBDs) and schematic design based on FPGA technology were together developed and simulated to verify the performance and functional requirements of network security controls. Both logical and physical design architectures verified that hardware-based cybersecurity controls are capable to maintain the data availability and integrity. Further works focus on implementing the schematic design to an FPGA platform to accomplish the design verification and validation processes.
Keywords
APR1400; Data Communication Network, Cybersecurity, Denial-of-Service; Model-based Systems Engineering;
Citations & Related Records
연도 인용수 순위
  • Reference
1 KEPCO and KHNP, APR1400 Design Control Document Tier 2, "Chapter 7 Instrumentation and Controls", Revision 0, December 2014.
2 US Department of Homeland Security, NCCIC/ICS-CERT. Year in Review FY 2015. [Cited 2016 July 20] Available from: https://ics-cert.us-cert.gov/
3 E. Knapp et al., "Industrial Network Security", Second Edition, Elsevier Inc., 2015.
4 U.S.NRC 10 CFR 73.54, "Protection of digital computer and communication systems and networks" [Last update: 2015, December 2] available from: http://www.nrc.gov/
5 U.S.NRC Regulatory Guide 5.71, "Cyber Security Programs for Nuclear Facilities", January 2010.
6 J. C. Jung and I. S. Choi, "Lecture on DCS Gateway Server: Design and Function", KEPCO International Nuclear Graduate School, July 2016.
7 A. Kayssi et al., "FPGA-based Internet protocol firewall chip", The 7th IEEE International Conference on Electronics, Circuits and Systems, 2000.
8 A. Goodney et al., Pattern based packet filtering using NetFPGA in DETER infrastructure. 1st Asia NetFPGA developers workshop. Daejeon, Korea. 2010.
9 Y. H Cho, and William H. Mangione-Smith, Deep network packet filter design for reconfigurable devices, 2004. FCCM 2004. 12th Annual IEEE Symposium on. IEEE, 2004.
10 T. Holland, Understanding IPS and IDS: Using IPS and IDS together for Defense in Depth, SANS Institute, 2004.
11 Vitech COREsim User Guide, CORE 9 Version. [Cited 2016 August 16] Available from: http://www.vitechcorp.com/
12 Xilinx ISE Design Suite, software manuals, and tutorials, http://www.xilinx.com/
13 NetFPGA Project, http://netfpga.org/