Non-control data attacks have become widely popular for circumventing authentication mechanisms in websites, servers, and personal computers. These attacks can be executed against cyber-physical systems (CPSs) in whic...
详细信息
Non-control data attacks have become widely popular for circumventing authentication mechanisms in websites, servers, and personal computers. These attacks can be executed against cyber-physical systems (CPSs) in which not only authentication is an issue, but safety is at risk. Furthermore, any unauthorized change to safety-critical variables within the software may cause damage or even catastrophic consequences. Moving target defense techniques such as data space randomization (DSR) have become popular for protecting against memory corruption attacks such as non-control data attacks. However, current DSR implementations rely on source code transformations and do not stop critical variables from being overwritten, only that the new overwritten value will be vastly different than expected by the attacker. As such, these implementations are often ineffective for legacy CPS software in which only a binary is available. The problem addressed in this paper is how do we protect against non-control data attacks in legacy CPS software while ensuring that we can detect instances of variable integrity violations. We solve this problem by combining DSR at the binary level with variable comparison checks to ensure that we can detect and mitigate any attacker attempt to overwrite safety-critical variables. Our security approach is demonstrated utilizing an autonomous emergency braking system case study.
Cyber-Physical Systems (CPS) such as autonomous vehicles are becoming widely utilized throughout society. CPS are unique with respect to the tightly coupled nature between the cyber software and physical dynamics of a...
详细信息
Cyber-Physical Systems (CPS) such as autonomous vehicles are becoming widely utilized throughout society. CPS are unique with respect to the tightly coupled nature between the cyber software and physical dynamics of a system, increasing the reliability and precision of safety-critical processes. However, with these benefits comes potential tradeoffs including the increased openness and connectivity of safety-critical components. Applications traditionally designed to be standalone and protected through physical means are now becoming vulnerable to remote attacks not only within the continental United States, but by foreign adversaries around the globe. By leveraging memory corruption vulnerabilities such as buffer overflows, attackers can remotely perform code injection, code reuse, and non-control data attacks to hijack key functionality. This dissertation focuses on leveraging Moving Target Defense (MTD) techniques such as ISR, ASR, and DSR to create a secure runtime environment, preventing attackers from obtaining the reconnaissance knowledge necessary to exploit memory corruption vulnerabilities. Furthermore, in modern day CPS, it is not enough to protect against cyber-attacks, but it is equally as important to guarantee safety. By developing a novel security architecture integrating MTD protections with control reconfiguration, we can proactively defend against code injection, code reuse, and non-control data attacks, while rapidly detecting and recovering from attacks, ensuring that safe and reliable operation is maintained.
暂无评论