research-article

Guaranteed physical security with restart-based design for cyber-physical systems

Authors:

Chien-Ying Chen,

Marco CaccamoAuthors Info & Claims

ICCPS '18: Proceedings of the 9th ACM/IEEE International Conference on Cyber-Physical Systems

Pages 10 - 21

https://doi.org/10.1109/ICCPS.2018.00010

Published: 11 April 2018 Publication History

Abstract

Physical plants that form the core of the Cyber-Physical Systems (CPS) often have stringent safety requirements. Recent attacks have shown that cyber intrusions can result in the safety of such plants being compromised - thus leading to physical damage. In this paper, we demonstrate how to ensure safety of the plant even when the system gets compromised. We leverage the fact that due to inertia, an adversary cannot destabilize the physical system (even with complete control of the software) in an instantaneous manner; in fact, it often takes finite (even considerable time). This property, coupled with system-wide restarts is used to enforce a secure (and safe) operational window for the system. A hardware root-of-trust, further decreases the ability for attackers to compromise our mechanisms. We demonstrate our approach using two realistic systems - a 3 degree of freedom (3-DoF) helicopter and a simulated warehouse temperature control unit. We also show that our system is robust against multiple emulated attacks - essentially the attackers are not able to compromise the safety of the CPS.

References

[1]

FreeRTOS. http://www.freertos.org, 2016. Accessed: Sep. 2016.

[2]

https://github.com/emsoft2017restart/restart-based-framework-demo, 2017.

[3]

F. Abdi, M. Hasan, S. Mohan, D. Agarwal, and M. Caccamo. ReSecure: A restart-based security protocol for tightly actuated hard real-time systems. In IEEE CERTS, pages 47--54, 2016.

[4]

F. Abdi, R. Mancuso, S. Bak, O. Dantsker, and M. Caccamo. Reset-based recovery for real-time cyber-physical systems with temporal safety constraints. In IEEE 21st Conference on Emerging Technologies Factory Automation (ETFA 2016), 2016.

[5]

F. Abdi, R. Tabish, M. Rungger, M. Zamani, and M. Caccamo. Application and system-level software fault tolerance through full system restarts. In Proceedings of the 8th International Conference on Cyber-Physical Systems, ICCPS '17, pages 197--206, New York, NY, USA, 2017. ACM.

Digital Library

[6]

M. Arroyo, H. Kobayashi, S. Sethumadhavan, and J. Yang. FIRED: frequent inertial resets with diversification for emerging commodity cyber-physical systems. CoRR, abs/1702.06595, 2017.

[7]

AVNET. Zedboard hardware user's guide. http://zedboard.org/sites/default/files/documentations/ZedBoard_HW_UG_v2_2.pdf. Accessed: Apr. 2017.

[8]

S. Bak, D. K. Chivukula, O. Adekunle, M. Sun, M. Caccamo, and L. Sha. The system-level simplex architecture for improved real-time embedded system safety. In Real-Time and Embedded Technology and Applications Symposium, 2009. RTAS 2009. 15th IEEE, pages 99--107. IEEE, 2009.

Digital Library

[9]

S. Bak, T. T. Johnson, M. Caccamo, and L. Sha. Real-time reachability for verified simplex design. In Real-Time Systems Symposium (RTSS), 2014 IEEE, pages 138--148. IEEE, 2014.

[10]

S. Bak, K. Manamcheri, S. Mitra, and M. Caccamo. Sandboxing controllers for cyber-physical systems. In Proceedings of the 2011 IEEE/ACM Second International Conference on Cyber-Physical Systems, ICCPS '11, pages 3--12, Washington, DC, USA, 2011. IEEE Computer Society.

Digital Library

[11]

E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanović. Randomized instruction set emulation. ACM Trans. Inf. Syst. Secur., 8(1):3--40, Feb. 2005.

Digital Library

[12]

E. D. Berger and B. G. Zorn. Diehard: Probabilistic memory safety for unsafe languages. In Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '06, pages 158--168, New York, NY, USA, 2006. ACM.

Digital Library

[13]

G. Candea and A. Fox. Recursive restartability: Turning the reboot sledgehammer into a scalpel. In Hot Topics in Operating Systems, 2001. Proceedings of the Eighth Workshop on, pages 125--130. IEEE, 2001.

Digital Library

[14]

G. Candea and A. Fox. Crash-only software. In HotOS IX: The 9th Workshop on Hot Topics in Operating Systems, pages 67--72, 2003.

Digital Library

[15]

G. Candea, S. Kawamoto, Y. Fujiki, G. Friedman, and A. Fox. Microreboot-a technique for cheap recovery. In Proceedings of the 6th Conference on Symposium on Opearting Systems Design & Implementation - Volume 6, OSDI'04, pages 31--44, 2004.

Digital Library

[16]

G. Candea, E. Kiciman, S. Zhang, P. Keyani, and A. Fox. Jagr: An autonomous self-recovering application server. In Autonomic Computing Workshop. 2003. Proceedings of the, pages 168--177. IEEE, 2003.

[17]

M. Castro and B. Liskov. Practical byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst., 20(4):398--461, Nov. 2002.

Digital Library

[18]

M. Chew and D. Song. Mitigating buffer overflows by operating system randomization. Technical report, School of Computer Science, Carnegie Mellon University, 2002.

[19]

D. Cotroneo, R. Natella, R. Pietrantuono, and S. Russo. A survey of software aging and rejuvenation studies. J. Emerg. Technol. Comput. Syst., 10(1):8:1--8:34, Jan. 2014.

Digital Library

[20]

S. Forrest, A. Somayaji, and D. H. Ackley. Building diverse computer systems. In Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133), pages 67--72, May 1997.

Digital Library

[21]

S. Garg, A. Puliafito, M. Telek, and K. S. Trivedi. Analysis of software rejuvenation using markov regenerative stochastic petri net. In Software Reliability Engineering, 1995. Proceedings., Sixth International Symposium on, pages 180--187. IEEE, 1995.

[22]

M. Grottke, R. Matias, and K. S. Trivedi. The fundamentals of software aging. In 2008 IEEE International Conference on Software Reliability Engineering Workshops (ISSRE Wksp), pages 1--6, Nov 2008.

[23]

D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W. H. Maisel. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In 2008 IEEE Symposium on Security and Privacy (sp 2008), pages 129--142, May 2008.

Digital Library

[24]

Y. Huang, C. Kintala, N. Kolettis, and N. D. Fulton. Software rejuvenation: Analysis, module and applications. In Fault-Tolerant Computing, 1995. FTCS-25. Digest of Papers., Twenty-Fifth International Symposium on, pages 381--390. IEEE, 1995.

Digital Library

[25]

K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, et al. Experimental security analysis of a modern automobile. In IEEE Symposium on Security and Privacy, pages 447--462. IEEE, 2010.

Digital Library

[26]

Make Linux. Super fast boot of embedded linux. http://www.makelinux.com/emb/fastboot/omap, 2017. Accessed: June 2017.

[27]

S. Mohan, S. Bak, E. Betti, H. Yun, L. Sha, and M. Caccamo. S3a: Secure system simplex architecture for enhanced security and robustness of cyber-physical systems. In Proceedings of the 2nd ACM international conference on High confidence networked systems, pages 65--74. ACM, 2013.

Digital Library

[28]

Quanser Inc. 3-DOF helicopter reference manual. Document Number 644, Revision 2.1.

[29]

Quanser Inc. Research papers related to quanser inc. http://www.quanser.com/research_papers/?Sort=Year-DESC. Accessed: June 2017.

[30]

Quanser Inc. Q8 data acquisition board. http://www.quanser.com/products/q8, 2016. Accessed: September 2016.

[31]

D. Seto, E. Ferreira, and T. F. Marz. Case study: Development of a baseline controller for automatic landing of an f-16 aircraft using linear matrix inequalities (lmis). Technical report, DTIC Document, 2000.

[32]

D. Seto and L. Sha. A case study on analytical analysis of the inverted pendulum real-time control system. Technical report, DTIC Document, 1999.

[33]

L. Sha. Using simplicity to control complexity. IEEE Software, 18(4):20--28, Jul 2001.

Digital Library

[34]

P. Sousa, A. N. Bessani, M. Correia, N. F. Neves, and P. Verissimo. Highly available intrusion-tolerant services with proactive-reactive recovery. IEEE Transactions on Parallel and Distributed Systems, 21(4):452--465, April 2010.

Digital Library

[35]

P. Sousa, N. F. Neves, and P. Verissimo. Proactive resilience through architectural hybridization. In Proceedings of the 2006 ACM Symposium on Applied Computing, SAC '06, pages 686--690, New York, NY, USA, 2006. ACM.

Digital Library

[36]

Texas Instruments. Msp-exp430g2 launchpad development kit. http://www.ti.com/lit/ug/slau318g/slau318g.pdf, 2016. Accessed: April 2017.

[37]

S. H. Trapnes. Optimal temperature control of rooms for minimum energy cost. Master's thesis, Institutt for kjemisk prosessteknologi, Norway, 2013.

[38]

K. Vaidyanathan and K. S. Trivedi. A comprehensive model for software rejuvenation. Dependable and Secure Computing, IEEE Transactions on, 2(2):124--137, 2005.

Digital Library

[39]

P. Veríssimo. Future directions in distributed computing. chapter Uncertainty and Predictability: Can They Be Reconciled?, pages 108--113. Springer-Verlag, Berlin, Heidelberg, 2003.

[40]

P. E. Veríssimo, N. F. Neves, and M. P. Correia. Intrusion-tolerant architectures: Concepts and design. In Architecting Dependable Systems, pages 3--36. Springer Berlin Heidelberg, 2003.

Digital Library

[41]

M.-K. Yoon, S. Mohan, C.-Y. Chen, and L. Sha. TaskShuffler: A schedule randomization protocol for obfuscation against timing inference attacks in real-time systems. In IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pages 1--12. IEEE, 2016.

Cited By

Lu PZhang LLiu MSridhar KSokolsky OKong FLee I(2024)Recovery from Adversarial Attacks in Cyber-physical Systems: Shallow, Deep, and Exploratory WorksACM Computing Surveys10.1145/365397456:8(1-31)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3653974
Hasan MKashinath AChen CMohan S(2024)SoK: Security in Real-Time SystemsACM Computing Surveys10.1145/364949956:9(1-31)Online publication date: 25-Apr-2024
https://dl.acm.org/doi/10.1145/3649499
Al Maruf ANiu LClark AMertoguno JPoovendran R(2023)A Timing-Based Framework for Designing Resilient Cyber-Physical Systems under Safety ConstraintACM Transactions on Cyber-Physical Systems10.1145/35946387:3(1-25)Online publication date: 13-Jul-2023
https://dl.acm.org/doi/10.1145/3594638
Show More Cited By

Recommendations

Security analysis for cyber-physical systems against stealthy cyber attacks
CERIAS '13: Proceedings of the 14th Annual Information Security Symposium

Security of Cyber-Physical Systems (CPS) against cyber attacks is an important yet challenging problem. Since most cyber attacks happen in erratic ways, it is difficult to describe them systematically. In this paper, instead of identifying a specific ...
Cyber Security of Cyber Physical Systems: Cyber Threats and Defense of Critical Infrastructures
VLSID '16: Proceedings of the 2016 29th International Conference on VLSI Design and 2016 15th International Conference on Embedded Systems (VLSID)

Summary form only. Most critical infrastructures such as the power grid, railway or air traffic control, industrial automation in manufacturing, water/sewage infrastructure, banking system, etc., are cyber physical systems (CPS). Since continued ...
Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights
- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
Abstract
Cyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ICCPS '18: Proceedings of the 9th ACM/IEEE International Conference on Cyber-Physical Systems

April 2018

369 pages

ISBN:9781538653012

General Chairs:
Chris Gill
Washington University in St. Louis
,
Bruno Sinopoli
Carnegie Mellon University
,
Program Chairs:
Xue Liu
McGill University, Canada
,
Paulo Tabuada
University of California at Los Angeles

Sponsors

SIGBED: ACM Special Interest Group on Embedded Systems
IEEE-CS IRTS: IEEE CS Internet, Real Time Systems

Publisher

IEEE Press

Publication History

Published: 11 April 2018

Check for updates

Qualifiers

Research-article

Conference

ICCPS '18

Sponsor:

SIGBED
IEEE-CS IRTS

ICCPS '18: ACM/IEEE 9th International Conference on Cyber-Physical Systems

April 11 - 13, 2018

Porto, Portugal

Acceptance Rates

Overall Acceptance Rate 25 of 91 submissions, 27%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
193
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lu PZhang LLiu MSridhar KSokolsky OKong FLee I(2024)Recovery from Adversarial Attacks in Cyber-physical Systems: Shallow, Deep, and Exploratory WorksACM Computing Surveys10.1145/365397456:8(1-31)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3653974
Hasan MKashinath AChen CMohan S(2024)SoK: Security in Real-Time SystemsACM Computing Surveys10.1145/364949956:9(1-31)Online publication date: 25-Apr-2024
https://dl.acm.org/doi/10.1145/3649499
Al Maruf ANiu LClark AMertoguno JPoovendran R(2023)A Timing-Based Framework for Designing Resilient Cyber-Physical Systems under Safety ConstraintACM Transactions on Cyber-Physical Systems10.1145/35946387:3(1-25)Online publication date: 13-Jul-2023
https://dl.acm.org/doi/10.1145/3594638
Niu LMaruf AClark AMertoguno JPoovendran R(2023)POSTER: A Common Framework for Resilient and Safe Cyber-Physical System DesignProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3592826(1025-1027)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3592826
Burbano LGarg KLeudo SCardenas ASanfelice R(2023)Online Attack Recovery in Cyberphysical SystemsIEEE Security and Privacy10.1109/MSEC.2023.326857321:4(20-28)Online publication date: 1-Jul-2023
https://dl.acm.org/doi/10.1109/MSEC.2023.3268573
Chen CSanyal DMohan SKim YKim JVigna GShi E(2021)Indistinguishability Prevents Scheduler Side Channels in Real-Time SystemsProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484769(666-684)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484769
de Niz DAndersson BKlein MLehoczky JVasudevan AKim HMoreno G(undefined)Mixed-Trust Computing: Safe and Secure Real-Time SystemsACM Transactions on Cyber-Physical Systems10.1145/3635162
https://dl.acm.org/doi/10.1145/3635162

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents