Network Security Monitoring in Environments where Digital and Physical Safety are Critical

Guillaume Dupont

promotor: prof.dr. Sandro Etalle (TU/e)
co-promotor: dr. Jerry den Hartog (TU/e)
Eindhoven University of Technology
Date: 7 June, 2022
Thesis: PDF


Certain environments in the modern digital landscape present specific characteristics which expose them to a unique security challenge.
They are comprised of a broad diversity of connected devices, such as cyber-physical systems and IoT devices, networked together as ecosystems, while large volumes of users’ (personal) data are collected, processed and stored.
Cyber attacks on these environments can have critical impact on the physical and digital safety of their users through the exploitation of vulnerabilities in cyber-physical systems and the abuse and theft of data.

In this thesis we focus on the defence of these environments which we call safeness-critical, as we use the term safeness to encapsulate both the concepts of physical safety and digital privacy.
Protecting safeness-critical environments requires to be in control of the environment and its assets: one must have a thorough understanding of the infrastructure, as well as the ability to detect and respond to threats and intrusions.
Network security monitoring, a strategy focused on visibility, can help to obtain this control.
Although well-established in the information technology domain, it is unclear how current monitoring solutions perform in the context of safeness-critical environments.
We investigate two environments which can be regarded as safeness-critical: healthcare delivery organisations (e.g., hospitals) and modern cars.
Our objective is to identify the requirements for network security monitoring and intrusion detection, and to provide the means to create and evaluate detection systems for these environments.