Visible to the public Moving Target Defenses HomepageConflict Detection Enabled

P R O J E C T    D E S C R I P T I O N   

In recent years, a number of successful attacks against cyber-physical systems (CPS) such as automobiles have demonstrated that security and resilience of CPS is a very critical problem and that new methods and technologies are required to build high-confidence systems. Although there has been recent progress in resilient monitoring and control, typical methods consider only the impact of attacks and not how actual attacks are implemented. There exists a significant gap between the level of abstraction used in control design and the level of abstraction needed for understanding how to protect systems against real cyber attacks. Attackers can exploit vulnerabilities in the software implementation to perform code injection or data tampering. Such attacks are based on an understanding of the system operation at a much lower level of abstraction (e.g., assembly or machine code.) Furthermore, many exploitable implementation flaws are often independent of the control application logic.

In view of these challenges, this project aims to develop an approach for the integration of reconfigurable control software design and moving target defenses (MTD) for CPS. An energy-based control design approach generates multiple alternatives of the software application that are robust to performance variability and uncertainty. A runtime environment is designed to implement instruction set randomization (ISR), address space randomization (ASR), and data space randomization (DSR). The heart of the runtime environment is a configuration manager which can dynamically modify the control software configuration, either proactively or reactively upon detection of attacks, while preserving the functionality and ensuring stable and safe CPS behavior. The approach improves CPS security by making the attack surface dynamic and unpredictable while ensuring safe behavior and correct functionality of the overall system.

The main research target area of our project is “Technology of CPS” addressed by new methods and tools for integrated reconfigurable control software design and MTD. The key contributions include diversification techniques, mechanisms for dynamically changing and managing software configurations, and monitoring the execution of the system for detecting attacks. Equally important is the implementation and evaluation of the proposed methods for quantifying the security improvements and potential performance degradation that will be performed using a Hardware-in-the-loop (HIL) simulation testbed for automotive CPS based on the control area network (CAN) protocol.