Enforcing Full-Stack Memory-Safety in Cyber-Physical Systems

Memory-safety attacks are one of the most critical threats against Cyber-Physical Systems (CPS). As opposed to mainstream systems, CPS often impose stringent timing constraints. Given such timing constraints, how can we protect CPS from memory-safety attacks? In this paper, we propose a full-stack memory-safety attack detection method to address this challenge. We also quantify the notion of tolerability of memory-safety overheads (MSO) in terms of the expected real-time constraints of a typical CPS. We implemented and evaluated our proposed solution on a real-world Secure Water Treatment (SWaT) testbed. Concretely, we show that our proposed solution incurs a memory-safety overhead of 419.91 µs, which is tolerable for the real-time constraints imposed by the SWaT system. Additionally, We also discuss how different parameters of a typical CPS will impact the execution time of the CPS computational logic and memory safety overhead.

[1]  Mohsen Guizani,et al.  Securing Cognitive Radio Networks against Primary User Emulation Attacks , 2016, IEEE Network.

[2]  Guru Venkataramani,et al.  Comprehensively and efficiently protecting the heap , 2006, ASPLOS XII.

[3]  Qin Zhao,et al.  Practical memory checking with Dr. Memory , 2011, International Symposium on Code Generation and Optimization (CGO 2011).

[4]  Vinny Cahill,et al.  Language-independent aspect-oriented programming , 2003, OOPSLA 2003.

[5]  Sridhar Adepu,et al.  Limitations of state estimation based cyber attack detection schemes in industrial control systems , 2016, 2016 Smart City Security and Privacy Workshop (SCSP-W).

[6]  Úlfar Erlingsson,et al.  Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM , 2014, USENIX Security Symposium.

[7]  Rajeev Barua,et al.  MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime , 2010, 2010 10th IEEE Working Conference on Source Code Analysis and Manipulation.

[8]  Lui Sha,et al.  Cyber-Physical Systems: A New Frontier , 2008, 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008).

[9]  Milo M. K. Martin,et al.  CETS: compiler enforced temporal safety for C , 2010, ISMM '10.

[10]  Emery D. Berger,et al.  DieHard: probabilistic memory safety for unsafe languages , 2006, PLDI '06.

[11]  Milo M. K. Martin,et al.  SoftBound: highly compatible and complete spatial memory safety for c , 2009, PLDI '09.

[12]  David K. Y. Yau,et al.  Enforcing Memory Safety in Cyber-Physical Systems , 2017, CyberICPS/SECPRE@ESORICS.

[13]  Martín Abadi,et al.  Control-flow integrity , 2005, CCS '05.

[14]  Eric Eide,et al.  Efficient memory safety for TinyOS , 2007, SenSys '07.

[15]  Derek Bruening,et al.  AddressSanitizer: A Fast Address Sanity Checker , 2012, USENIX Annual Technical Conference.

[16]  Emery D. Berger,et al.  DieHarder: securing the heap , 2010, CCS '10.

[17]  George Loukas,et al.  Performance Evaluation of Cyber-Physical Intrusion Detection on a Robotic Vehicle , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[18]  Philip Levis,et al.  The nesC language: a holistic approach to networked embedded systems , 2003, SIGP.

[19]  Alexandru Stefanov,et al.  SCADA modeling for performance and vulnerability assessment of integrated cyber–physical systems , 2015 .

[20]  Edward A. Lee Cyber Physical Systems: Design Challenges , 2008, 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC).

[21]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy software , 2005, TOPL.

[22]  Mingwei Zhang,et al.  Control Flow Integrity for COTS Binaries , 2013, USENIX Security Symposium.

[23]  Jiming Chen,et al.  Privacy and performance trade-off in cyber-physical systems , 2016, IEEE Network.

[24]  Zhenkai Liang,et al.  Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks , 2016, 2016 IEEE Symposium on Security and Privacy (SP).