4,845 research outputs found
A Novel Side-Channel in Real-Time Schedulers
We demonstrate the presence of a novel scheduler side-channel in preemptive,
fixed-priority real-time systems (RTS); examples of such systems can be found
in automotive systems, avionic systems, power plants and industrial control
systems among others. This side-channel can leak important timing information
such as the future arrival times of real-time tasks.This information can then
be used to launch devastating attacks, two of which are demonstrated here (on
real hardware platforms). Note that it is not easy to capture this timing
information due to runtime variations in the schedules, the presence of
multiple other tasks in the system and the typical constraints (e.g.,
deadlines) in the design of RTS. Our ScheduLeak algorithms demonstrate how to
effectively exploit this side-channel. A complete implementation is presented
on real operating systems (in Real-time Linux and FreeRTOS). Timing information
leaked by ScheduLeak can significantly aid other, more advanced, attacks in
better accomplishing their goals
Bibliographical review on cyber attacks from a control oriented perspective
This paper presents a bibliographical review of definitions, classifications and applications concerning cyber attacks in networked control systems (NCSs) and cyber-physical systems (CPSs). This review tackles the topic from a control-oriented perspective, which is complementary to information or communication ones. After motivating the importance of developing new methods for attack detection and secure control, this review presents security objectives, attack modeling, and a characterization of considered attacks and threats presenting the detection mechanisms and remedial actions. In order to show the properties of each attack, as well as to provide some deeper insight into possible defense mechanisms, examples available in the literature are discussed. Finally, open research issues and paths are presented.Peer ReviewedPostprint (author's final draft
Smart Grid Security: Threats, Challenges, and Solutions
The cyber-physical nature of the smart grid has rendered it vulnerable to a
multitude of attacks that can occur at its communication, networking, and
physical entry points. Such cyber-physical attacks can have detrimental effects
on the operation of the grid as exemplified by the recent attack which caused a
blackout of the Ukranian power grid. Thus, to properly secure the smart grid,
it is of utmost importance to: a) understand its underlying vulnerabilities and
associated threats, b) quantify their effects, and c) devise appropriate
security solutions. In this paper, the key threats targeting the smart grid are
first exposed while assessing their effects on the operation and stability of
the grid. Then, the challenges involved in understanding these attacks and
devising defense strategies against them are identified. Potential solution
approaches that can help mitigate these threats are then discussed. Last, a
number of mathematical tools that can help in analyzing and implementing
security solutions are introduced. As such, this paper will provide the first
comprehensive overview on smart grid security
ANALYSIS OF MULTIPLE SIGNAL ATTACKS ON CONTROL SYSTEMS
This thesis studies the effects of different signal injection attacks against a time-delayed networked cyber-physical system (CPS). A CPS is an industrial control system which integrates computer networks and physical processes. CPSs are used in critical areas such as transportation and manufacturing. A networked control system is one that allows the controller and plant to be geographically separated by sending the control and measurement signals over a communication network. The convenience of controlling a plant remotely comes at the cost of increased security risk. An adversary who gains access to the network may intercept the signals and corrupt them or simply prevent the transmission of the signals, which may cause considerable damage to the system. The four types of attacks simulated are i) covert misappropriation attack, ii) replay attack, iii) undetectable attack, and iv) worst-case signal attacks. In all of these cases, the attacker is assumed to have access to the communication network used to send the actuation and measurement signals. All of the attacks are implemented successfully. The covert misappropriation attack resulted in over percent error in the nominal output signal while remaining undetected. The replay attack resulted well above one-hundred percent error and is likely to cause considerable damage to the system. The undetectable actuator attack forced the controller to expend more energy than necessary for a brief period to achieve the nominal output. The worst-case attack caused the controller to expend significantly more energy during the entire simulation in order to achieve the nominal output
STATIC ENFORCEMENT OF TERMINATION-SENSITIVE NONINTERFERENCE USING THE C++ TEMPLATE TYPE SYSTEM
A side channel is an observable attribute of program execution other than explicit communication, e.g., power usage, execution time, or page fault patterns. A side-channel attack occurs when a malicious adversary observes program secrets through a side channel. This dissertation introduces Covert C++, a library which uses template metaprogramming to superimpose a security-type system on top of C++’s existing type system. Covert C++ enforces an information-flow policy that prevents secret data from influencing program control flow and memory access patterns, thus obviating side-channel leaks. Formally, Covert C++ can facilitate an extended definition of the classical noninterference property, broadened to also cover the dynamic execution property of memory-trace obliviousness. This solution does not require any modifications to the compiler, linker, or C++ standard.
To verify that these security properties can be preserved by the compiler (i.e., by compiler optimizations), this dissertation introduces the Noninterference Verification Tool (NVT). The NVT employs a novel dynamic analysis technique which combines input fuzzing with dynamic memory tracing. Specifically, the NVT detects when secret data influences a program’s memory trace, i.e., the sequence of instruction fetches and data accesses. Moreover, the NVT signals when a program leaks secret data to a publicly-observable storage channel. The Covert C++ library and the NVT are two components of the broader Covert C++ toolchain. The toolchain also provides a collection of refactoring tools to interactively transform legacy C or C++ code into Covert C++ code. Finally, the dissertation introduces libOblivious, a library to facilitate high-performance memory-trace oblivious computation with Covert C++
Design-Time Quantification of Integrity in Cyber-Physical-Systems
In a software system it is possible to quantify the amount of information
that is leaked or corrupted by analysing the flows of information present in
the source code. In a cyber-physical system, information flows are not only
present at the digital level, but also at a physical level, and to and fro the
two levels. In this work, we provide a methodology to formally analyse a
Cyber-Physical System composite model (combining physics and control) using an
information flow-theoretic approach. We use this approach to quantify the level
of vulnerability of a system with respect to attackers with different
capabilities. We illustrate our approach by means of a water distribution case
study
- …