Visible to the public Integrated Instruction Set Randomization and Control Reconfiguration for Securing Cyber-physical Systems

TitleIntegrated Instruction Set Randomization and Control Reconfiguration for Securing Cyber-physical Systems
Publication TypeConference Paper
Year of Publication2018
AuthorsPotteiger, Bradley, Zhang, Zhenkai, Koutsoukos, Xenofon
Conference NameProceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security
Date PublishedApril 2018
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-6455-3
Keywordscomposability, Cyber-physical systems, defense, instruction set randomization, Metrics, moving target defenses, Predictive Metrics, pubcrawl, resilience, Resiliency, Resilient Architectures, Scalability, Zero day attacks

Cyber-Physical Systems (CPS) have been increasingly subject to cyber-attacks including code injection attacks. Zero day attacks further exasperate the threat landscape by requiring a shift to defense in depth approaches. With the tightly coupled nature of cyber components with the physical domain, these attacks have the potential to cause significant damage if safety-critical applications such as automobiles are compromised. Moving target defense techniques such as instruction set randomization (ISR) have been commonly proposed to address these types of attacks. However, under current implementations an attack can result in system crashing which is unacceptable in CPS. As such, CPS necessitate proper control reconfiguration mechanisms to prevent a loss of availability in system operation. This paper addresses the problem of maintaining system and security properties of a CPS under attack by integrating ISR, detection, and recovery capabilities that ensure safe, reliable, and predictable system operation. Specifically, we consider the problem of detecting code injection attacks and reconfiguring the controller in real-time. The developed framework is demonstrated with an autonomous vehicle case study.

Citation Keypotteiger_integrated_2018