
NSF Org: |
CNS Division Of Computer and Network Systems |
Recipient: |
|
Initial Amendment Date: | July 26, 2017 |
Latest Amendment Date: | July 26, 2017 |
Award Number: | 1718952 |
Award Instrument: | Standard Grant |
Program Manager: |
Phillip Regalia
pregalia@nsf.gov (703)292-2981 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
Start Date: | August 1, 2017 |
End Date: | July 31, 2021 (Estimated) |
Total Intended Award Amount: | $500,000.00 |
Total Awarded Amount to Date: | $500,000.00 |
Funds Obligated to Date: |
|
History of Investigator: |
|
Recipient Sponsored Research Office: |
506 S WRIGHT ST URBANA IL US 61801-3620 (217)333-2187 |
Sponsor Congressional District: |
|
Primary Place of Performance: |
SUITE A, 1901 SOUTH FIRST STREET CHAMPAIGN IL US 61820-7473 |
Primary Place of
Performance Congressional District: |
|
Unique Entity Identifier (UEI): |
|
Parent UEI: |
|
NSF Program(s): | Secure &Trustworthy Cyberspace |
Primary Program Source: |
|
Program Reference Code(s): |
|
Program Element Code(s): |
|
Award Agency Code: | 4900 |
Fund Agency Code: | 4900 |
Assistance Listing Number(s): | 47.070 |
ABSTRACT
Many safety-critical systems such as automobiles, aircraft, medical devices, and power plants are controlled by real-time, embedded systems. As such systems are interconnected via networks such as the Internet, they have become increasingly vulnerable to cyber attacks. This project is studying vulnerabilities of such systems, how attackers might avoid detection, and protection strategies.
This project focuses on the surveillance phase of a cyber attack against an embedded, real-time system (RTS). The researchers are addressing the following question: How can an adversary extract critical information about an operational RTS, while avoiding detection? In this environment, task scheduling (e.g., when will an import program be executed?) is exceptionally critical information, enabling an attacker to launch a targeted attack against specific, important tasks. To succeed in gathering the necessary information and launching an attack, the attacker must avoid perturbing the system in ways that might reveal his or her presence. The researchers are developing algorithms and side-channel metrics to study what they could reveal about system schedule characteristics and task start times and duration estimates. Based on these studies, the team is designing randomization-based mitigations for such attacks. Results are evaluated both through simulation and through experiments on real embedded platforms.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
A large number of safety-critical systems around us, e.g. cars, planes, power grids, etc. have real-time properties. Hence, they not only need to work correctly, but also within a well established timing constraints. E.g. an airbag must deploy within 65 ms (the time it takes to blink once) for it to prevent serious injury to passengers. Such systems are then designed with great care to be predictable at runtime. Their constituent processes, memory access, interrupts etc. are all carefully engineered to work in a precice fashion.
Unfortunately, this very predictability can have negative side effects. In our work, we discovered that this predictable behavior can be used by adversaries to leak critical information about the system, e.g. when a critical component will execute in the future. Such information can then be used to launch additional attacks such as destabilizing the system or even taking control of it (as we demonstrated for autonomous rovers). This is a novel class of attacks and has the ability to adversely affect a large number of critical systems that are in operation today.
One of the ways to reduce the effectivness of such attacks is to ensure that the predictability is reduced -- at least from the adversary's perspective. But a reduction in predictability can have negative consequences to the operation and safety of the system itself. Hence, we need to do this carefully -- prevent attacks on the system but also keep it within the predefined operating conditions.
We developed schedule randomization methods for this very purpose. It introduces diversity into the schedule are runtime so that it becomes very hard for an adversary to take control of the system. In addition, it does so with the real time contraints in mind -- hence, it will not destabilize the system of its own accord. We show that such techniques vcan mitigate many of the side-channel attacks.
In additional preliminary work, we also explored some concepts related to "Schedule Indistinguishability" where add (limited) noise into the execution patterns of systems in a systematic manner.
Hence, this project significantly advanced the state of the art in security for real-time systems by:
1. exploring novel attack methods that help better understand the threat landscapes in such systems -- especially the leakage of critical information and
2. developing defensive methods that can counter such attacks.
We believe that this will lead to more secure, and hence safer, real-time cyber-physical systems in the future.
Last Modified: 01/16/2022
Modified by: Sibin Mohan
Please report errors in award information by writing to: awardsearch@nsf.gov.