TY - GEN
T1 - Integrating cyber-attack defense techniques into real-time cyber-physical systems
AU - Hao, Xiaochen
AU - Lv, Mingsong
AU - Zheng, Jiesheng
AU - Zhang, Zhengkui
AU - Yi, Wang
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/11
Y1 - 2019/11
N2 - With the rapid deployment of Cyber-Physical Systems (CPS), security has become a more critical problem than ever before, as such devices are interconnected and have access to a broad range of critical data. A well-known attack is ReturnOriented Programming (ROP) which can diverge the control flow of a program by exploiting the buffer overflow vulnerability. To protect a program from ROP attacks, a useful method is to instrument code into the protected program to do runtime control flow checking (known as Control Flow Integrity, CFI). However, instrumented code brings extra execution time, which has to be properly handled, as most CPS systems need to behave in a real-time manner. In this paper, we present a technique to efficiently compute an execution plan, which maximizes the number of executions of instrumented code to achieve maximal defense effect, and at the same time guarantees real-time schedulability of the protected task system with a new response time analysis. Simulation-based experimental results show that the proposed method can yield good quality execution plans, but performs orders of magnitude faster than exhaustive search. We also built a prototype in which a small auto-drive car is defended against ROP attacks by the proposed method implemented in FreeRTOS. The prototype demonstrates the effectiveness of our method in real-life scenarios.
AB - With the rapid deployment of Cyber-Physical Systems (CPS), security has become a more critical problem than ever before, as such devices are interconnected and have access to a broad range of critical data. A well-known attack is ReturnOriented Programming (ROP) which can diverge the control flow of a program by exploiting the buffer overflow vulnerability. To protect a program from ROP attacks, a useful method is to instrument code into the protected program to do runtime control flow checking (known as Control Flow Integrity, CFI). However, instrumented code brings extra execution time, which has to be properly handled, as most CPS systems need to behave in a real-time manner. In this paper, we present a technique to efficiently compute an execution plan, which maximizes the number of executions of instrumented code to achieve maximal defense effect, and at the same time guarantees real-time schedulability of the protected task system with a new response time analysis. Simulation-based experimental results show that the proposed method can yield good quality execution plans, but performs orders of magnitude faster than exhaustive search. We also built a prototype in which a small auto-drive car is defended against ROP attacks by the proposed method implemented in FreeRTOS. The prototype demonstrates the effectiveness of our method in real-life scenarios.
KW - Cyber physical systems
KW - Cyber security
KW - Real time systems
KW - Schedulability analysis
UR - https://www.scopus.com/pages/publications/85081167926
U2 - 10.1109/ICCD46524.2019.00037
DO - 10.1109/ICCD46524.2019.00037
M3 - 会议稿件
AN - SCOPUS:85081167926
T3 - Proceedings - 2019 IEEE International Conference on Computer Design, ICCD 2019
SP - 237
EP - 245
BT - Proceedings - 2019 IEEE International Conference on Computer Design, ICCD 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 37th IEEE International Conference on Computer Design, ICCD 2019
Y2 - 17 November 2019 through 20 November 2019
ER -