Integrated data space randomization and control reconfiguration for securing cyber-physical systems

Non-control data attacks have become widely popular for circumventing authentication mechanisms in websites, servers, and personal computers. Moreover, in the context of Cyber-Physical Systems (CPS) attacks can be executed against not only authentication but also safety. With the tightly coupled nature between the cyber components and physical dynamics, any unauthorized change to safety-critical variables may cause damage or even catastrophic consequences. Moving target defense (MTD) techniques such as data space randomization (DSR) can be effective for protecting against various types of memory corruption attacks including non-control data attacks. However, in terms of CPS it is also critical to ensure the timely Cyber-Physical interactions after attacks thwarted by MTD. This paper addresses the problem of maintaining system stability and security properties of a CPS in the face of non-control data attacks by developing a DSR approach for randomizing binaries at runtime, creating a variable redundancy based detection algorithm for identifying variable integrity violations, and integrating a control reconfiguration architecture for maintaining safe and reliable operation. Our security framework is demonstrated utilizing an autonomous vehicle case study.

[1]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[2]  Danbing Seto,et al.  Case Study: Development of a Baseline Controller for Automatic Landing of an F-16 Aircraft Using Linear Matrix Inequalities (LMIs) , 2000 .

[3]  Naira Hovakimyan,et al.  VirtualDrone: Virtual Sensing, Actuation, and Communication for Attack-Resilient Unmanned Aerial Systems , 2017, 2017 ACM/IEEE 8th International Conference on Cyber-Physical Systems (ICCPS).

[4]  Xiaofeng Wang,et al.  L1Simplex: Fault-tolerant control of cyber-physical systems , 2013, 2013 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).

[5]  William W. Streilein,et al.  Finding Focus in the Blur of Moving-Target Techniques , 2014, IEEE Security & Privacy.

[6]  Marco Caccamo,et al.  S3A: secure system simplex architecture for enhanced security and robustness of cyber-physical systems , 2013, HiCoNS '13.

[7]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[8]  G. Ramalingam,et al.  The undecidability of aliasing , 1994, TOPL.

[9]  Lui Sha,et al.  Using Simplicity to Control Complexity , 2001, IEEE Softw..

[10]  Lui Sha,et al.  The System-Level Simplex Architecture for Improved Real-Time Embedded System Safety , 2009, 2009 15th IEEE Real-Time and Embedded Technology and Applications Symposium.

[11]  M. Castro,et al.  Data Randomization , 2008 .

[12]  Jingling Xue,et al.  SVF: interprocedural static value-flow analysis in LLVM , 2016, CC.

[13]  Christos Dimitrakakis,et al.  TORCS, The Open Racing Car Simulator , 2005 .

[14]  S. Bhatkar,et al.  Data Space Randomization , 2008, DIMVA.

[15]  R. Sekar,et al.  Eternal War in Memory , 2014, IEEE Security & Privacy.

[16]  Laura L. Pullum,et al.  Software Fault Tolerance Techniques and Implementation , 2001 .

[17]  Florian Märkl Case Study on LLVM as suitable intermediate language for binary analysis , 2017 .

[18]  Brian Randell,et al.  System structure for software fault tolerance , 1975, IEEE Transactions on Software Engineering.

[19]  Robert Charette Every move you make , 2009, IEEE Spectrum.

[20]  Algirdas Avizienis,et al.  The N-Version Approach to Fault-Tolerant Software , 1985, IEEE Transactions on Software Engineering.

[21]  Ahmad-Reza Sadeghi,et al.  Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications , 2015, 2015 IEEE Symposium on Security and Privacy.

[22]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[23]  Mikel Luján,et al.  MAMBO: A Low-Overhead Dynamic Binary Modification Tool for ARM , 2016, ACM Trans. Archit. Code Optim..

[24]  John Johansen,et al.  PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.

[25]  Lui Sha,et al.  NetSimplex: Controller Fault Tolerance Architecture in Networked Control Systems , 2013, IEEE Transactions on Industrial Informatics.

[26]  Algirdas Avizienis,et al.  Software Fault Tolerance , 1989, IFIP Congress.

[27]  Xenofon D. Koutsoukos,et al.  Integrated instruction set randomization and control reconfiguration for securing cyber-physical systems , 2018, HotSoS.