TY - GEN
T1 - Integrated instruction set randomization and control reconfiguration for securing cyber-physical systems
AU - Potteiger, Bradley
AU - Zhang, Zhenkai
AU - Koutsoukos, Xenofon
N1 - Publisher Copyright:
© 2018 Copyright held by the owner/author(s).
PY - 2018/4/10
Y1 - 2018/4/10
N2 - Cyber-Physical Systems (CPS) have been increasingly subject to cyber-attacks including code injection attacks. Zero day attacks further exasperate the threat landscape by requiring a shift to defense in depth approaches. With the tightly coupled nature of cyber components with the physical domain, these attacks have the potential to cause significant damage if safety-critical applications such as automobiles are compromised. Moving target defense techniques such as instruction set randomization (ISR) have been commonly proposed to address these types of attacks. However, under current implementations an attack can result in system crashing which is unacceptable in CPS. As such, CPS necessitate proper control reconfiguration mechanisms to prevent a loss of availability in system operation. This paper addresses the problem of maintaining system and security properties of a CPS under attack by integrating ISR, detection, and recovery capabilities that ensure safe, reliable, and predictable system operation. Specifically, we consider the problem of detecting code injection attacks and reconfiguring the controller in real-time. The developed framework is demonstrated with an autonomous vehicle case study.
AB - Cyber-Physical Systems (CPS) have been increasingly subject to cyber-attacks including code injection attacks. Zero day attacks further exasperate the threat landscape by requiring a shift to defense in depth approaches. With the tightly coupled nature of cyber components with the physical domain, these attacks have the potential to cause significant damage if safety-critical applications such as automobiles are compromised. Moving target defense techniques such as instruction set randomization (ISR) have been commonly proposed to address these types of attacks. However, under current implementations an attack can result in system crashing which is unacceptable in CPS. As such, CPS necessitate proper control reconfiguration mechanisms to prevent a loss of availability in system operation. This paper addresses the problem of maintaining system and security properties of a CPS under attack by integrating ISR, detection, and recovery capabilities that ensure safe, reliable, and predictable system operation. Specifically, we consider the problem of detecting code injection attacks and reconfiguring the controller in real-time. The developed framework is demonstrated with an autonomous vehicle case study.
KW - Cyber-Physical Systems
KW - Instruction Set Randomization
KW - Moving Target Defenses
KW - Resilient Architectures
UR - http://www.scopus.com/inward/record.url?scp=85047176835&partnerID=8YFLogxK
U2 - 10.1145/3190619.3190636
DO - 10.1145/3190619.3190636
M3 - Conference contribution
AN - SCOPUS:85047176835
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018
PB - Association for Computing Machinery
T2 - 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018
Y2 - 10 April 2018 through 11 April 2018
ER -