TY - GEN
T1 - Integrated data space randomization and control reconfiguration for securing cyber-physical systems
AU - Potteiger, Bradley
AU - Zhang, Zhenkai
AU - Koutsoukos, Xenofon
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/4/1
Y1 - 2019/4/1
N2 - Non-control data attacks have become widely popular for circumventing authentication mechanisms in websites, servers, and personal computers. Moreover, in the context of Cyber-Physical Systems (CPS) attacks can be executed against not only authentication but also safety. With the tightly coupled nature between the cyber components and physical dynamics, any unauthorized change to safety-critical variables may cause damage or even catastrophic consequences. Moving target defense (MTD) techniques such as data space randomization (DSR) can be effective for protecting against various types of memory corruption attacks including non-control data attacks. However, in terms of CPS it is also critical to ensure the timely Cyber-Physical interactions after attacks thwarted by MTD. This paper addresses the problem of maintaining system stability and security properties of a CPS in the face of non-control data attacks by developing a DSR approach for randomizing binaries at runtime, creating a variable redundancy based detection algorithm for identifying variable integrity violations, and integrating a control reconfiguration architecture for maintaining safe and reliable operation. Our security framework is demonstrated utilizing an autonomous vehicle case study.
AB - Non-control data attacks have become widely popular for circumventing authentication mechanisms in websites, servers, and personal computers. Moreover, in the context of Cyber-Physical Systems (CPS) attacks can be executed against not only authentication but also safety. With the tightly coupled nature between the cyber components and physical dynamics, any unauthorized change to safety-critical variables may cause damage or even catastrophic consequences. Moving target defense (MTD) techniques such as data space randomization (DSR) can be effective for protecting against various types of memory corruption attacks including non-control data attacks. However, in terms of CPS it is also critical to ensure the timely Cyber-Physical interactions after attacks thwarted by MTD. This paper addresses the problem of maintaining system stability and security properties of a CPS in the face of non-control data attacks by developing a DSR approach for randomizing binaries at runtime, creating a variable redundancy based detection algorithm for identifying variable integrity violations, and integrating a control reconfiguration architecture for maintaining safe and reliable operation. Our security framework is demonstrated utilizing an autonomous vehicle case study.
KW - Cyber-Physical Systems
KW - Data Space Randomization
KW - Moving Target Defenses
KW - Resilient Architectures
UR - http://www.scopus.com/inward/record.url?scp=85068760617&partnerID=8YFLogxK
U2 - 10.1145/3314058.3314064
DO - 10.1145/3314058.3314064
M3 - Conference contribution
AN - SCOPUS:85068760617
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, HotSoS 2019
PB - Association for Computing Machinery
T2 - 6th Annual Symposium on Hot Topics in the Science of Security, HotSoS 2019
Y2 - 1 April 2019 through 3 April 2019
ER -