short-paper

Open access

Secure Reboots for Real-Time Cyber-Physical Systems

Authors:

Vijay Banerjee,

Sena Hounsinou,

Habeeb Olufowobi,

Gedare BloomAuthors Info & Claims

CPSIoTSec '22: Proceedings of the 4th Workshop on CPS & IoT Security and Privacy

Pages 27 - 33

https://doi.org/10.1145/3560826.3563384

Published: 07 November 2022 Publication History

Abstract

Cyber-Physical Systems (CPS) such as industrial control systems, automobiles, and medical devices often consist of applications with real-time properties. Due to the safety-critical nature of the application domain, multiple security and fault tolerance approaches have been studied and used in safety-critical CPS. One of the popular approaches for CPS safety is the Simplex architecture, which has also been used recently to strengthen the security of the CPS. The simplex architecture supports the integration of safe controllers for dependable systems, and when combined with periodic restarts, the architecture can reset the CPS into a safe state after each restart. However, these restart-based systems do not protect the system against attacks that persist beyond a restart. Such attacks can be mitigated using secure boot, which is a widely used approach for securing general computing systems but is not used in real-time systems due to the overhead of the boot process. This paper presents an analytical framework and derives feasibility conditions to enable secure reboots in real-time applications. The schedulability conditions presented can be used to design and integrate secure reboot into Simplex-based CPS. Our analysis shows that secure boot adds a deterministic and low-performance overhead, which can be as low as 0.08%.

References

[1]

L. Sha, R. Rajkumar, and M. Gagliardi, "Evolving dependable real-time systems," in 1996 IEEE AeroConf., vol. 1. IEEE, 1996, pp. 335--346.

[2]

L. Sha et al., "Using simplicity to control complexity," IEEE Software, vol. 18, no. 4, pp. 20--28, 2001.

Digital Library

[3]

S. Bak, D. K. Chivukula, O. Adekunle, M. Sun, M. Caccamo, and L. Sha, "The system-level simplex architecture for improved real-time embedded system safety," in 2009 15th IEEE RTAS. IEEE, 2009, pp. 99--107.

[4]

N. Audsley, A. Burns, M. Richardson, K. Tindell, and A. J.Wellings, "Applying new scheduling theory to static priority pre-emptive scheduling," Software engineering journal, vol. 8, no. 5, pp. 284--292, 1993.

[5]

M. Joseph and P. Pandya, "Finding response times in a real-time system," The Computer Journal, vol. 29, no. 5, pp. 390--395, 1986.

[6]

R. Wilhelm, J. Engblom, A. Ermedahl, N. Holsti, S. Thesing, D. Whalley, G. Bernat, C. Ferdinand, R. Heckmann, T. Mitra et al., "The worst-case execution-time problem- overview of methods and survey of tools," ACM Transactions on Embedded Computing Systems (TECS), vol. 7, no. 3, pp. 1--53, 2008.

Digital Library

[7]

S. Hounsinou, V. Banerjee, C. Peng, M. Hasan, and G. Bloom, "Work-in-progress: Enabling secure boot for real-time restart-based cyber-physical systems," in 2021 IEEE Real-Time Systems Symposium (RTSS). IEEE, 2021, pp. 524--527.

[8]

F. Abdi, C.-Y. Chen, M. Hasan, S. Liu, S. Mohan, and M. Caccamo, "Restartbased security mechanisms for safety-critical embedded systems," arXiv preprint arXiv:1705.01520, 2017.

[9]

J. P. Lehoczky, "Fixed priority scheduling of periodic task sets with arbitrary deadlines," in [1990] Proceedings 11th Real-Time Systems Symposium. IEEE, 1990, pp. 201--209.

[10]

M. Gonzalez, H. Mark, H. Klein, and J. P. Lehoczky, "Fixed priority scheduling of periodic tasks with varying execution priority," in In Proceedings, IEEE Real-Time Systems Symposium. Citeseer, 1991.

[11]

G. Bloom, J. Sherrill, T. Hu, and I. C. Bertolotti, Real-Time Systems Development with RTEMS and Multicore Processors. CRC Press, Nov. 2020.

[12]

E. Bini and G. C. Buttazzo, "Measuring the performance of schedulability tests," Real-Time Systems, vol. 30, no. 1, pp. 129--154, 2005.

Digital Library

[13]

J. Lehoczky, L. Sha, and Y. Ding, "The rate monotonic scheduling algorithm: Exact characterization and average case behavior," in RTSS, vol. 89, 1989, pp. 166--171.

[14]

A. Bastoni, B. Brandenburg, and J. Anderson, "Cache-related preemption and migration delays: Empirical approximation and impact on schedulability," Proceedings of OSPERT, vol. 10, pp. 33--44, 2010.

[15]

S. Bak, D. K. Chivukula, O. Adekunle, M. Sun, M. Caccamo, and L. Sha, "The system-level simplex architecture for improved real-time embedded system safety," in 2009 15th IEEE RTAS. IEEE, 2009, pp. 99--107.

[16]

F. A. T. Abad, R. Mancuso, S. Bak, O. Dantsker, and M. Caccamo, "Reset-based recovery for real-time cyber-physical systems with temporal safety constraints," in 2016 IEEE 21st ETFA. IEEE, 2016, pp. 1--8.

[17]

P. Jagtap, F. Abdi, M. Rungger, M. Zamani, and M. Caccamo, "Software fault tolerance for cyber-physical systems via full system restart," ACM Transactions on Cyber-Physical Systems, vol. 4, no. 4, pp. 1--20, 2020.

Digital Library

[18]

F. Abdi, M. Hasan, S. Mohan, D. Agarwal, and M. Caccamo, "Resecure: A restartbased security protocol for tightly actuated hard real-time systems," IEEE CERTS, pp. 47--54, 2016.

[19]

F. Abdi, C.-Y. Chen, M. Hasan, S. Liu, S. Mohan, and M. Caccamo, "Guaranteed physical security with restart-based design for cyber-physical systems," in 2018 ACM/IEEE 9th International Conference on Cyber-Physical Systems (ICCPS). IEEE, 2018, pp. 10--21.

[20]

F. A. T. Abad, R. Mancuso, S. Bak, O. Dantsker, and M. Caccamo, "Reset-based recovery for real-time cyber-physical systems with temporal safety constraints," in 2016 IEEE 21st ETFA, 2016, pp. 1--8.

[21]

R. Romagnoli, B. H. Krogh, and B. Sinopoli, "Design of software rejuvenation for cps security using invariant sets," in 2019 American Control Conference (ACC). IEEE, 2019, pp. 3740--3745.

[22]

S. Bak, K. Manamcheri, S. Mitra, and M. Caccamo, "Sandboxing controllers for cyber-physical systems," in 2011 IEEE/ACM Second International Conference on Cyber-Physical Systems. IEEE, 2011, pp. 3--12.

[23]

S. Bak, T. T. Johnson, M. Caccamo, and L. Sha, "Real-time reachability for verified simplex design," in 2014 IEEE RTSS. IEEE, 2014, pp. 138--148.

[24]

F. Abdi, R. Tabish, M. Rungger, M. Zamani, and M. Caccamo, "Application and system-level software fault tolerance through full system restarts," in 2017 ACM/IEEE 8th ICCPS. IEEE, 2017, pp. 197--206.

[25]

M. Arroyo, H. Kobayashi, S. Sethumadhavan, and J. Yang, "Fired: frequent inertial resets with diversification for emerging commodity cyber-physical systems," arXiv preprint arXiv:1702.06595, 2017.

[26]

M. A. Arroyo, M. T. I. Ziad, H. Kobayashi, J. Yang, and S. Sethumadhavan, "Yolo: frequently resetting cyber-physical systems for security," in Autonomous Systems: Sensors, Processing, and Security for Vehicles and Infrastructure 2019, vol. 11009. International Society for Optics and Photonics, 2019, p. 110090P.

Cited By

Knapp AWamuo ERahat MTorres-Arias SBloom GZhuang Y(2024)Should Smart Homes Be Afraid of Evil Maids? : Identifying Vulnerabilities in IoT Device Firmware2024 IEEE 14th Annual Computing and Communication Workshop and Conference (CCWC)10.1109/CCWC60891.2024.10427780(0467-0473)Online publication date: 8-Jan-2024
https://doi.org/10.1109/CCWC60891.2024.10427780

Index Terms

Secure Reboots for Real-Time Cyber-Physical Systems
1. Computer systems organization
  1. Embedded and cyber-physical systems
  2. Real-time systems
2. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Trusted computing

Recommendations

Cyber-physical systems security: Limitations, issues and future trends
Abstract
Typically, Cyber-Physical Systems (CPS) involve various interconnected systems, which can monitor and manipulate real objects and processes. They are closely related to Internet of Things (IoT) systems, except that CPS focuses on the ...
Architectural Support for Cyber-Physical Systems
ASPLOS'15

Cyber-physical systems are integrations of computation, communication networks, and physical dynamics. Although time plays a central role in the physical world, all widely used software abstractions lack temporal semantics. The notion of correct ...
Time-based intrusion detection in cyber-physical systems
ICCPS '10: Proceedings of the 1st ACM/IEEE International Conference on Cyber-Physical Systems

Embedded systems, particularly real-time systems with temporal constraints, are increasingly deployed in every day life. Such systems that interact with the physical world are also referred to as cyber-physical systems (CPS). These systems commonly find ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CPSIoTSec '22: Proceedings of the 4th Workshop on CPS & IoT Security and Privacy

November 2022

77 pages

ISBN:9781450398763

DOI:10.1145/3560826

Program Chairs:
Earlence Fernandes
University of California, San Diego, USA
,
Cristina Alcaraz
University of Malaga, Spain

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2022

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

Colorado State
NSF (National Science Foundation)

Conference

CCS '22

Sponsor:

SIGSAC

CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security

November 7, 2022

CA, Los Angeles, USA

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
311
Total Downloads

Downloads (Last 12 months)161
Downloads (Last 6 weeks)11

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Knapp AWamuo ERahat MTorres-Arias SBloom GZhuang Y(2024)Should Smart Homes Be Afraid of Evil Maids? : Identifying Vulnerabilities in IoT Device Firmware2024 IEEE 14th Annual Computing and Communication Workshop and Conference (CCWC)10.1109/CCWC60891.2024.10427780(0467-0473)Online publication date: 8-Jan-2024
https://doi.org/10.1109/CCWC60891.2024.10427780

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents