Security in Mixed Time and Event Triggered Cyber-Physical Systems using Moving Target Defense

Memory corruption attacks such as code injection, code reuse, and non-control data attacks have become widely popular for compromising safety-critical Cyber-Physical Systems (CPS). Moving target defense (MTD) techniques such as instruction set randomization (ISR), address space randomization (ASR), and data space randomization (DSR) can be used to protect systems against such attacks. CPS often use time-triggered architectures to guarantee predictable and reliable operation. MTD techniques can cause time delays with unpredictable behavior. To protect CPS against memory corruption attacks, MTD techniques can be implemented in a mixed time and event-triggered architecture that provides capabilities for maintaining safety and availability during an attack. This paper presents a mixed time and event-triggered MTD security approach based on the ARINC 653 architecture that provides predictable and reliable operation during normal operation and rapid detection and reconfiguration upon detection of attacks. We leverage a hardware-in-the-loop testbed and an advanced emergency braking system (AEBS) case study to show the effectiveness of our approach.

[1]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[2]  Danbing Seto,et al.  Case Study: Development of a Baseline Controller for Automatic Landing of an F-16 Aircraft Using Linear Matrix Inequalities (LMIs) , 2000 .

[3]  Mikel Luján,et al.  MAMBO: A Low-Overhead Dynamic Binary Modification Tool for ARM , 2016, ACM Trans. Archit. Code Optim..

[4]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[5]  Gabor Karsai,et al.  Application of software health management techniques , 2011, SEAMS '11.

[6]  Naira Hovakimyan,et al.  VirtualDrone: Virtual Sensing, Actuation, and Communication for Attack-Resilient Unmanned Aerial Systems , 2017, 2017 ACM/IEEE 8th International Conference on Cyber-Physical Systems (ICCPS).

[7]  Lui Sha,et al.  TaskShuffler: A Schedule Randomization Protocol for Obfuscation against Timing Inference Attacks in Real-Time Systems , 2016, 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS).

[8]  Gabor Karsai,et al.  Enabling Strong Isolation for Distributed Real-Time Applications in Edge Computing Scenarios , 2019, IEEE Aerospace and Electronic Systems Magazine.

[9]  Ahmad-Reza Sadeghi,et al.  Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization , 2013, 2013 IEEE Symposium on Security and Privacy.

[10]  Sotiris Ioannidis,et al.  ASIST: architectural support for instruction set randomization , 2013, CCS.

[11]  Marco Caccamo,et al.  S3A: secure system simplex architecture for enhanced security and robustness of cyber-physical systems , 2013, HiCoNS '13.

[12]  Wenke Lee,et al.  ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks , 2015, CCS.

[13]  P.J. Prisaznuk,et al.  ARINC 653 role in Integrated Modular Avionics (IMA) , 2008, 2008 IEEE/AIAA 27th Digital Avionics Systems Conference.

[14]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.

[15]  Nathanael Paul,et al.  Where's the FEEB? The Effectiveness of Instruction Set Randomization , 2005, USENIX Security Symposium.

[16]  Per Larsen,et al.  Selfrando: Securing the Tor Browser against De-anonymization Exploits , 2016, Proc. Priv. Enhancing Technol..

[17]  Xenofon D. Koutsoukos,et al.  Integrated instruction set randomization and control reconfiguration for securing cyber-physical systems , 2018, HotSoS.

[18]  Lui Sha,et al.  The System-Level Simplex Architecture for Improved Real-Time Embedded System Safety , 2009, 2009 15th IEEE Real-Time and Embedded Technology and Applications Symposium.

[19]  William W. Streilein,et al.  Survey of Cyber Moving Target Techniques , 2013 .

[20]  Gerhard Fohler,et al.  Handling sporadic tasks in off-line scheduled distributed real-time systems , 1999, Proceedings of 11th Euromicro Conference on Real-Time Systems. Euromicro RTS'99.

[21]  Thomas Thurner,et al.  Time-triggered architecture for safety-related distributed real-time systems in transportation systems , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[22]  Gabor Karsai,et al.  A component model for hard real‐time systems: CCM with ARINC‐653 , 2011, Softw. Pract. Exp..

[23]  S. Bhatkar,et al.  Data Space Randomization , 2008, DIMVA.

[24]  Florian Märkl Case Study on LLVM as suitable intermediate language for binary analysis , 2017 .

[25]  Jingling Xue,et al.  SVF: interprocedural static value-flow analysis in LLVM , 2016, CC.

[26]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[27]  Xenofon D. Koutsoukos,et al.  Integrated data space randomization and control reconfiguration for securing cyber-physical systems , 2019, HotSoS.

[28]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[29]  Lui Sha,et al.  NetSimplex: Controller Fault Tolerance Architecture in Networked Control Systems , 2013, IEEE Transactions on Industrial Informatics.

[30]  Gerhard Fohler,et al.  Improving Security for Time-Triggered Real-Time Systems against Timing Inference Based Attacks by Schedule Obfuscation , 2017 .

[31]  Lui Sha,et al.  Using Simplicity to Control Complexity , 2001, IEEE Softw..

[32]  Germán Ros,et al.  CARLA: An Open Urban Driving Simulator , 2017, CoRL.

[33]  Ahmad-Reza Sadeghi,et al.  Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications , 2015, 2015 IEEE Symposium on Security and Privacy.