TY - JOUR
T1 - Data space randomization for securing cyber-physical systems
AU - Potteiger, Bradley
AU - Cai, Feiyang
AU - Zhang, Zhenkai
AU - Koutsoukos, Xenofon
N1 - Funding Information:
This work was funded in part by the National Security Agency (H98230-18-D-0010), the National Science Foundation (CNS-1739328), and by the National Institute of Standards and Technology (70NANB17H266). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of NSA, NSF, or NIST.
Publisher Copyright:
© 2021, The Author(s), under exclusive licence to Springer-Verlag GmbH, DE.
PY - 2021
Y1 - 2021
N2 - Non-control data attacks have become widely popular for circumventing authentication mechanisms in websites, servers, and personal computers. These attacks can be executed against cyber-physical systems (CPSs) in which not only authentication is an issue, but safety is at risk. Furthermore, any unauthorized change to safety-critical variables within the software may cause damage or even catastrophic consequences. Moving target defense techniques such as data space randomization (DSR) have become popular for protecting against memory corruption attacks such as non-control data attacks. However, current DSR implementations rely on source code transformations and do not stop critical variables from being overwritten, only that the new overwritten value will be vastly different than expected by the attacker. As such, these implementations are often ineffective for legacy CPS software in which only a binary is available. The problem addressed in this paper is how do we protect against non-control data attacks in legacy CPS software while ensuring that we can detect instances of variable integrity violations. We solve this problem by combining DSR at the binary level with variable comparison checks to ensure that we can detect and mitigate any attacker attempt to overwrite safety-critical variables. Our security approach is demonstrated utilizing an autonomous emergency braking system case study.
AB - Non-control data attacks have become widely popular for circumventing authentication mechanisms in websites, servers, and personal computers. These attacks can be executed against cyber-physical systems (CPSs) in which not only authentication is an issue, but safety is at risk. Furthermore, any unauthorized change to safety-critical variables within the software may cause damage or even catastrophic consequences. Moving target defense techniques such as data space randomization (DSR) have become popular for protecting against memory corruption attacks such as non-control data attacks. However, current DSR implementations rely on source code transformations and do not stop critical variables from being overwritten, only that the new overwritten value will be vastly different than expected by the attacker. As such, these implementations are often ineffective for legacy CPS software in which only a binary is available. The problem addressed in this paper is how do we protect against non-control data attacks in legacy CPS software while ensuring that we can detect instances of variable integrity violations. We solve this problem by combining DSR at the binary level with variable comparison checks to ensure that we can detect and mitigate any attacker attempt to overwrite safety-critical variables. Our security approach is demonstrated utilizing an autonomous emergency braking system case study.
KW - Autonomous vehicles
KW - Cyber-physical systems
KW - Data space randomization
KW - Moving target defenses
KW - Resiliency
UR - http://www.scopus.com/inward/record.url?scp=85118541388&partnerID=8YFLogxK
U2 - 10.1007/s10207-021-00568-1
DO - 10.1007/s10207-021-00568-1
M3 - Article
AN - SCOPUS:85118541388
JO - International Journal of Information Security
JF - International Journal of Information Security
SN - 1615-5262
ER -