Security Testing Tools for Complex Cyber-Physical Systems
The modern world depends on the safe operation of infrastructure and vehicles for transport, communication, and power distribution. All these systems are increasingly computerized and interconnected. Connecting devices together into large systems creates new security vulnerabilities that conventional tests on single devices cannot find. To help find these vulnerabilities, we developed new tools to make testing complex systems easier. First, the Triton testbed provides a flexible way to test many interconnected devices that can include physical devices on real hardware, emulated devices running real software, and simulated devices that replicate the expected behavior of a physical device. Second, a Bus Driver device can modify messages on a wired communication bus to see how devices respond to modified messages. Finally, for part of the HyperScanner project, we adapted a low-cost software-defined radio to scan for Bluetooth devices more quickly by sending and receiving on many channels at the same time. The same approach could also be used to monitor wireless communication on many different protocols to detect problems with wireless security. These tools will enable more effective security testing to make complex cyber-physical systems safer and more reliable.