research-article

Public Access

Secure Autonomous Cyber-Physical Systems Through Verifiable Information Flow Control

Authors:

Joe Corbett-Davies,

Andrew Ferraiuolo,

Alexander Ivanov,

Andrew C. Myers,

Mark CampbellAuthors Info & Claims

CPS-SPC '18: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy

Pages 48 - 59

https://doi.org/10.1145/3264888.3264889

Published: 15 January 2018 Publication History

Abstract

Modern cyber-physical systems are complex networked computing systems that electronically control physical systems. Autonomous road vehicles are an important and increasingly ubiquitous instance. Unfortunately, their increasing complexity often leads to security vulnerabilities. Network connectivity exposes these vulnerable systems to remote software attacks that can result in real-world physical damage, including vehicle crashes and loss of control authority. We introduce an integrated architecture to provide provable security and safety assurance for cyber-physical systems by ensuring that safety-critical operations and control cannot be unintentionally affected by potentially malicious parts of the system. Fine-grained information flow control is used to design both hardware and software, determining how low-integrity information can affect high-integrity control decisions. This security assurance is used to improve end-to-end security across the entire cyber-physical system. We demonstrate this integrated approach by developing a mobile robotic testbed modeling a self-driving system and testing it with a malicious attack.

References

[1]

F. A. T. Abad, R. Mancuso, S. Bak, O. Dantsker, and M. Caccamo. Reset-based recovery for real-time cyber-physical systems with temporal safety constraints. In Emerging Technologies and Factory Automation (ETFA), 2016 IEEE 21st International Conference on, pages 1--8. IEEE, 2016.

[2]

F. Abdi, R. Tabish, M. Rungger, M. Zamani, and M. Caccamo. Application and system-level software fault tolerance through full system restarts. In Proceedings of the 8th International Conference on Cyber-Physical Systems, pages 197--206. ACM, 2017.

Digital Library

[3]

A. Anand and R. Knepper. Roscoq: Robots powered by constructive reals. In International Conference on Interactive Theorem Proving, pages 34--50. Springer, 2015.

[4]

M. Arroyo, H. Kobayashi, S. Sethumadhavan, and J. Yang. Fired: Frequent inertial resets with diversification for emerging commodity cyber-physical systems. arXiv preprint arXiv:1702.06595, 2017.

[5]

K. Asanović, R. Avižienis, J. Bachrach, S. Beamer, D. Biancolin, C. Celio, H. Cook, P. Dabbelt, J. Hauser, A. Izraelevitz, S. Karandikar, B. Keller, D. Kim, J. Koenig, Y. Lee, E. Love, M. Maas, A. Magyar, H. Mao, M. Moreto, A. Ou, D. Patterson, B. Richards, C. Schmidt, S. Twigg, H. Vo, and A. Waterman. The Rocket Chip generator. Technical Report UCB/EECS-2016--17, University of California Berkeley, Apr. 2016.

[6]

J. Barnes. High Integrity Software: The SPARK Approach to Safety and Security. Addison Wesley, Apr. 2003. ISBN 0321136160.

Digital Library

[7]

B. Berman. Whoever Owns the Maps Owns the Future of Self-Driving Cars, 2016.

[8]

N. Binkert, B. Beckmann, G. Black, S. K. Reinhardt, A. Saidi, A. Basu, J. Hestness, D. R. Hower, T. Krishna, S. Sardashti, R. Sen, K. Sewell, M. Shoaib, N. Vaish, M. D. Hill, and D. A. Wood. The gem5 simulator. SIGARCH Comput. Archit. News, 39(2):1--7, Aug. 2011.

Digital Library

[9]

R. Bishop. Intelligent Vehicle Technology and Trends. 2005.

[10]

B. Bohrer, Y. K. Tan, S. Mitsch, M. O. Myreen, and A. Platzer. Veriphy: verified controller executables from verified cyber-physical system models. In Proc. 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 617--630. ACM, 2018.

Digital Library

[11]

S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, T. Kohno, et al. Comprehensive experimental analyses of automotive attack surfaces. In USENIX Security Symposium. San Francisco, 2011.

Digital Library

[12]

T. W. Chim, S. M. Yiu, L. C. K. Hui, and V. O. Li. Vspn: Vanet-based secure and privacy-preserving navigation. IEEE Transactions on Computers, 63(2):510--524, Feb 2014.

Digital Library

[13]

R. C. Coulter. Implementation of the pure pursuit path tracking algorithm. Technical report, Carnegie-Mellon University, 1992.

[14]

D.-I. Curiac, O. Banias, F. Dragan, C. Volosencu, and O. Dranga. Malicious node detection in wireless sensor networks using an autoregression technique. In Networking and Services, 2007. ICNS. Third International Conference on, pages 83--83. IEEE, 2007.

Digital Library

[15]

R. Descartes. Meditations on First Philosophy. 1641.

[16]

A. Ferraiuolo, R. Xu, D. Zhang, A. C. Myers, and G. E. Suh. Verification of a practical hardware security architecture through static information flow analysis. In Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems, 2017.

Digital Library

[17]

A. Ferraiuolo, Y. Zhao, A. C. Myers, and G. E. Suh. HyperFlow: A processor architecture for nonmalleable, timing-safe information flow security. In Proceedings of the 25th ACM Conference on Computer and Communications Security, Oct. 2018.

Digital Library

[18]

G. Frehse, A. Hamann, S. Quinton, and M. Woehrle. Formal analysis of timing effects on closed-loop properties of control software. In Real-Time Systems Symposium (RTSS), 2014 IEEE, pages 53--62. IEEE, 2014.

[19]

G. Frehse, C. Le Guernic, A. Donzé, S. Cotton, R. Ray, O. Lebeltel, R. Ripado, A. Girard, T. Dang, and O. Maler. SpaceEx: Scalable verification of hybrid systems. In International Conference on Computer Aided Verification, pages 379--395. Springer, 2011.

Digital Library

[20]

S. Garrido-Jurado, R. M. noz Salinas, F. Madrid-Cuevas, and M. Marín-Jiménez. Automatic generation and detection of highly reliable fiducial markers under occlusion. Pattern Recognition, 47(6):2280 -- 2292, 2014.

Digital Library

[21]

Q. Ge, Y. Yarom, D. Cock, and G. Heiser. A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. Journal of Cryptographic Engineering, pages 1--27, 2016.

[22]

P. E. Hart, N. J. Nilsson, and B. Raphael. A formal basis for the heuristic determination of minimum cost paths. IEEE transactions on Systems Science and Cybernetics, 4(2):100--107, 1968.

[23]

M. Hicks, C. Sturton, S. T. King, and J. M. Smith. SPECS: A Lightweight Runtime Mechanism for Protecting Software from Security-Critical Processor Bugs. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2015.

Digital Library

[24]

G. Irazoqui, T. Eisenbarth, and B. Sunar. Cross processor cache attacks. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pages 353--364. ACM, 2016.

Digital Library

[25]

T. Jeske. Floating car data from smartphones: What Google and Waze know about you and how hackers can control traffic. In Proc. BlackHat Europe, pages 1--12, 2013.

[26]

G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal verification of an OS kernel. In Proc. ACM 22nd Symp. on Operating System Principles (SOSP), pages 207--220, 2009.

Digital Library

[27]

P. Kocher, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom. Spectre attacks: Exploiting speculative execution. ArXiv e-prints, Jan. 2018.

[28]

X. Li, V. Kashyap, J. K. Oberg, M. Tiwari, V. R. Rajarathinam, R. Kastner, T. Sherwood, B. Hardekopf, and F. T. Chong. Sapper: A Language for Hardware-level Security Policy Enforcement. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2014.

Digital Library

[29]

X. Li, M. Tiwari, J. Oberg, F. T. Chong, T. Sherwood, and B. Hardekopf. Caisson: A hardware description language for secure information flow. In Proceedings of the 32nd ACM Conference on Programming Language Design and Implementation, San Jose, California, USA, June 2011.

Digital Library

[30]

M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg. Meltdown. ArXiv e-prints, Jan. 2018.

[31]

J. Liu, J. Corbett-Davies, A. Ferraiuolo, M. Campbell, G. E. Suh, and A. C. Myers. Videos of demo of self-driving robot with map verification. Online, http://hdl.handle.net/1813/52638, Oct. 2017.

[32]

D. Majumdar. Iran Claims Successful Test Flight of Stealth UAV, 2014.

[33]

M. Mathews, M. Song, S. Shetty, and R. McKenzie. Detecting compromised nodes in wireless sensor networks. In Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, 2007. SNPD 2007. Eighth ACIS International Conference on, volume 1, pages 273--278. IEEE, 2007.

Digital Library

[34]

R. McMillan. Siemens: Stuxnet worm hit industrial systems, 2010.

[35]

C. Miller and C. Valasek. Remote exploitation of an unaltered passenger vehicle. 2015.

[36]

E. R. Morris, C. G. Murguia, and M. Ochoa. Design-time quantification of integrity in cyber-physical systems. In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), pages 63--74, 2017.

Digital Library

[37]

T. Moscibroda and O. Mutlu. Memory performance attacks: Denial of memory service in multi-core systems. In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, 2007.

Digital Library

[38]

A. C. Myers. JFlow: Practical mostly-static information flow control. In 26textsuperscriptth ACM Symp. on Principles of Programming Languages (POPL), pages 228--241, Jan. 1999.

Digital Library

[39]

OpenCV. textttwww.opencv.org.

[40]

M. Pajic, I. Lee, and G. J. Pappas. Attack-resilient state estimation for noisy dynamical systems. IEEE Transactions on Control of Network Systems, 4(1):82--92, 2017.

[41]

J. Petit and S. E. Shladover. Potential cyberattacks on automated vehicles. IEEE Transactions on Intelligent Transportation Systems, 16(2):546--556, 2015.

Digital Library

[42]

J. Petit, B. Stottelar, M. Feiri, and F. Kargi. Remote attacks on automated vehicles sensors: Experiments on camera and LiDAR. In Black Hat Europe, 2015.

[43]

PointGrey. textttwww.ptgrey.com.

[44]

S. Poslad. Ubiquitous computing: smart devices, environments and interactions. John Wiley & Sons, 2011.

Digital Library

[45]

D. Ricketts, G. Malecha, and S. Lerner. Modular deductive verification of sampled-data systems. In Proceedings of the 13th International Conference on Embedded Software, page 17. ACM, 2016.

Digital Library

[46]

Robot Operating System. textttwww.ros.org.

[47]

P. Rosenfeld, E. Cooper-Balis, and B. Jacob. DRAMSim2: A cycle accurate memory system simulator. Computer Architecture Letters, 2011.

Digital Library

[48]

A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on selected areas in communications, 21(1):5--19, 2003.

Digital Library

[49]

L. Sha. Using simplicity to control complexity. IEEE Software, 18(4):20--28, 2001.

Digital Library

[50]

SICK, Inc. textttwww.sick.com.

[51]

J. Singh, T. Pasquier, J. Bacon, H. Ko, and D. Eyers. Twenty security considerations for cloud-supported Internet of Things. IEEE Internet of Things Journal, 3(3):269--284, 2016.

[52]

S. Skorobogatov and C. Woods. Breakthrough silicon scanning discovers backdoor in military chip. In Cryptographic Hardware and Embedded Systems Workshop, September 2012.

Digital Library

[53]

The Coq Development Team. The Coq proof assistant, version 8.8.0, Apr. 2018.

[54]

S. Thrun, W. Burgard, and D. Fox. Probabilistic robotics. 2005.

Digital Library

[55]

D. Tian, Y. Wang, G. Lu, and G. Yu. A vehicular ad hoc networks intrusion detection system based on busnet. In Future Computer and Communication (ICFCC), 2010 2nd International Conference on, volume 1, pages V1--225. IEEE, 2010.

[56]

M. Tiwari, J. Oberg, X. Li, J. K. Valamehr, T. Levin, B. Hardekopf, R. Kastner, F. T. Chong, and T. Sherwood. Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security. In ISCA'11, June 2011.

Digital Library

[57]

Vicon Motion Systems, Ltd. textttwww.vicon.com.

[58]

R. Wojtczuk and J. Rutkowska. Attacking SMM Memory via Intel CPU Cache Poisoning. invisiblethingslab.com/resources/misc09/smm_cache_fun.pdf, 2009.

[59]

R. Wojtczuk and J. Rutkowska. Following the White Rabbit: Software Attacks Against Intel VT-d Technology. http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html, 2011.

[60]

M. Xie, S. Han, B. Tian, and S. Parvin. Anomaly detection in wireless sensor networks: A survey. Journal of Network and Computer Applications, 34(4):1302--1325, 2011.

Digital Library

[61]

T. K. Yaakov Bar-Shalom, Xiao-Rong Li. Estimation with Applications to Tracking and Navigation. Wiley, New York, 1st edition, 2001.

Digital Library

[62]

S. Zdancewic, L. Zheng, N. Nystrom, and A. C. Myers. Secure program partitioning. ACM Trans. on Computer Systems, 20(3):283--328, Aug. 2002.

Digital Library

[63]

ZedBoard. textttwww.zedboard.org.

[64]

K. C. Zeng, Y. Shu, S. Liu, Y. Dou, and Y. Yang. A practical gps location spoofing attack in road navigation scenario. In Proceedings of the 18th International Workshop on Mobile Computing Systems and Applications, pages 85--90, 2017.

Digital Library

[65]

K. Zetter. Headline: Hackers could commandeer new planes through passenger wi-fi, April 2015.

[66]

C. Zhang, R. Lu, X. Lin, P.-H. Ho, and X. Shen. An efficient identity-based batch verification scheme for vehicular sensor networks. In IEEE INFOCOM 2008 - The 27th Conference on Computer Communications, pages 246--250, April 2008.

[67]

D. Zhang, Y. Wang, G. E. Suh, and A. C. Myers. A Hardware Design Language for Timing-Sensitive Information-Flow Security. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2015.

Digital Library

[68]

D. Ziegenbein and A. Hamann. Timing-aware control software design for automotive systems. In Proceedings of the 52nd Annual Design Automation Conference, page 56. ACM, 2015.

Digital Library

Cited By

Mohammadi AMalik H(2023)Generation of Time-Varying Feedback-Based Wheel Lock Attack Policies with Minimal Knowledge of the Traction DynamicsIntelligent Computing10.1007/978-3-031-37963-5_87(1268-1281)Online publication date: 20-Aug-2023
https://doi.org/10.1007/978-3-031-37963-5_87
Ouyang ZDong XZhang CCui JHu QNiu J(2022)Fast 3D Point Cloud Target Tracking based on Polar-Voxel Encoding2022 IEEE International Conference on Systems, Man, and Cybernetics (SMC)10.1109/SMC53654.2022.9945125(2439-2445)Online publication date: 9-Oct-2022
https://doi.org/10.1109/SMC53654.2022.9945125
Amir-Mohammadian SCao JHo Au MConti MTippenhauer N(2021)A Semantic Framework for Direct Information Flows in Hybrid-Dynamic SystemsProceedings of the 7th ACM on Cyber-Physical System Security Workshop10.1145/3457339.3457981(5-15)Online publication date: 24-May-2021
https://dl.acm.org/doi/10.1145/3457339.3457981
Show More Cited By

Index Terms

Secure Autonomous Cyber-Physical Systems Through Verifiable Information Flow Control
1. Computer systems organization
  1. Embedded and cyber-physical systems
    1. Robotics
2. Security and privacy
  1. Formal methods and theory of security
    1. Logic and verification
  2. Security in hardware
    1. Hardware security implementation

Recommendations

Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights
- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
Abstract
Cyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...
Cyber physical systems security

Cyber Physical Systems (CPS) are networked systems of cyber (computation and communication) and physical (sensors and actuators) components that interact in a feedback loop with the possible help of human intervention, interaction and utilization. These ...
Securing Cyber-Physical Systems

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CPS-SPC '18: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy

October 2018

114 pages

ISBN:9781450359924

DOI:10.1145/3264888

General Chairs:
David Lie
University of Toronto, Canada
,
Mohammad Mannan
Concordia University, Canada
,
Program Chairs:
Awais Rashid
University of Bristol, UK
,
Nils Ole Tippenhaeur
CISPA Helmholtz-Zentrum I.G., Saarbrücken, Germany

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 January 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

NSF
NASA

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15 - 19, 2018

Toronto, Canada

Acceptance Rates

CPS-SPC '18 Paper Acceptance Rate 22 of 10 submissions, 220%;

Overall Acceptance Rate 53 of 66 submissions, 80%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
706
Total Downloads

Downloads (Last 12 months)94
Downloads (Last 6 weeks)9

Reflects downloads up to 17 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mohammadi AMalik H(2023)Generation of Time-Varying Feedback-Based Wheel Lock Attack Policies with Minimal Knowledge of the Traction DynamicsIntelligent Computing10.1007/978-3-031-37963-5_87(1268-1281)Online publication date: 20-Aug-2023
https://doi.org/10.1007/978-3-031-37963-5_87
Ouyang ZDong XZhang CCui JHu QNiu J(2022)Fast 3D Point Cloud Target Tracking based on Polar-Voxel Encoding2022 IEEE International Conference on Systems, Man, and Cybernetics (SMC)10.1109/SMC53654.2022.9945125(2439-2445)Online publication date: 9-Oct-2022
https://doi.org/10.1109/SMC53654.2022.9945125
Amir-Mohammadian SCao JHo Au MConti MTippenhauer N(2021)A Semantic Framework for Direct Information Flows in Hybrid-Dynamic SystemsProceedings of the 7th ACM on Cyber-Physical System Security Workshop10.1145/3457339.3457981(5-15)Online publication date: 24-May-2021
https://dl.acm.org/doi/10.1145/3457339.3457981
Hu WArdeshiricham AKastner R(2021)Hardware Information Flow TrackingACM Computing Surveys10.1145/344786754:4(1-39)Online publication date: 3-May-2021
https://dl.acm.org/doi/10.1145/3447867
Xiang JFulton NChong S(2021)Relational Analysis of Sensor Attacks on Cyber-Physical Systems2021 IEEE 34th Computer Security Foundations Symposium (CSF)10.1109/CSF51468.2021.00035(1-16)Online publication date: Jun-2021
https://doi.org/10.1109/CSF51468.2021.00035
Banfi JZhang YSuh GMyers ACampbell M(2020)Path Planning Under Malicious Injections and Removals of Perceived Obstacles: A Probabilistic Programming ApproachIEEE Robotics and Automation Letters10.1109/LRA.2020.30213825:4(6884-6891)Online publication date: Oct-2020
https://doi.org/10.1109/LRA.2020.3021382
Banfi JCampbell MElkind EVeloso MAgmon NTaylor M(2019)High-Level Path Planning in Hostile Dynamic EnvironmentsProceedings of the 18th International Conference on Autonomous Agents and MultiAgent Systems10.5555/3306127.3331923(1799-1801)Online publication date: 8-May-2019
https://dl.acm.org/doi/10.5555/3306127.3331923
Kabiri PChavoshi M(2019)Destructive Attacks Detection and Response System for Physical Devices in Cyber-Physical Systems2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)10.1109/CyberSecPODS.2019.8884999(1-6)Online publication date: Jun-2019
https://doi.org/10.1109/CyberSecPODS.2019.8884999

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten