Award Abstract # 1718952
SaTC: CORE: Small: An Exploration of Schedule-Based Vulnerabilities In Real-Time Embedded Systems

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: UNIVERSITY OF ILLINOIS
Initial Amendment Date: July 26, 2017
Latest Amendment Date: July 26, 2017
Award Number: 1718952
Award Instrument: Standard Grant
Program Manager: Phillip Regalia
pregalia@nsf.gov
 (703)292-2981
CNS
 Division Of Computer and Network Systems
CSE
 Directorate for Computer and Information Science and Engineering
Start Date: August 1, 2017
End Date: July 31, 2021 (Estimated)
Total Intended Award Amount: $500,000.00
Total Awarded Amount to Date: $500,000.00
Funds Obligated to Date: FY 2017 = $500,000.00
History of Investigator:
  • Sibin Mohan (Principal Investigator)
    sibin.mohan@gwu.edu
  • Negar Kiyavash (Co-Principal Investigator)
Recipient Sponsored Research Office: University of Illinois at Urbana-Champaign
506 S WRIGHT ST
URBANA
IL  US  61801-3620
(217)333-2187
Sponsor Congressional District: 13
Primary Place of Performance: University of Illinois at Urbana-Champaign
SUITE A, 1901 SOUTH FIRST STREET
CHAMPAIGN
IL  US  61820-7473
Primary Place of Performance
Congressional District:
13
Unique Entity Identifier (UEI): Y8CWNJRCNN91
Parent UEI: V2PHZ2CSCH63
NSF Program(s): Secure &Trustworthy Cyberspace
Primary Program Source: 01001718DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 025Z, 7434, 7923
Program Element Code(s): 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Many safety-critical systems such as automobiles, aircraft, medical devices, and power plants are controlled by real-time, embedded systems. As such systems are interconnected via networks such as the Internet, they have become increasingly vulnerable to cyber attacks. This project is studying vulnerabilities of such systems, how attackers might avoid detection, and protection strategies.

This project focuses on the surveillance phase of a cyber attack against an embedded, real-time system (RTS). The researchers are addressing the following question: How can an adversary extract critical information about an operational RTS, while avoiding detection? In this environment, task scheduling (e.g., when will an import program be executed?) is exceptionally critical information, enabling an attacker to launch a targeted attack against specific, important tasks. To succeed in gathering the necessary information and launching an attack, the attacker must avoid perturbing the system in ways that might reveal his or her presence. The researchers are developing algorithms and side-channel metrics to study what they could reveal about system schedule characteristics and task start times and duration estimates. Based on these studies, the team is designing randomization-based mitigations for such attacks. Results are evaluated both through simulation and through experiments on real embedded platforms.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Abdi, Fardin and Chen, Chien-Ying and Hasan, Monowar and Liu, Songran and Mohan, Sibin and Caccamo, Marco "Preserving Physical Safety Under Cyber Attacks" IEEE Internet of Things Journal , 2018 10.1109/JIOT.2018.2889866 Citation Details
Chen, Chien-Ying and Hasan, Monowar and Mohan, Sibin "Securing Real-Time Internet-of-Things" Sensors , v.18 , 2018 10.3390/s18124356 Citation Details
Chen, Chien-Ying and Mohan, Sibin and Pellizzoni, Rodolfo and Bobba, Rakesh and Kiyavash, Negar "A Novel Side-Channel in Real-Time Schedulers" Proceedings - IEEE Real-Time and Embedded Technology and Applications Symposium , 2019 Citation Details
Chen, Chien-Ying and Sanyal, Debopam and Mohan, Sibin "Indistinguishability Prevents Scheduler Side Channels in Real-Time Systems" Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security , 2021 https://doi.org/10.1145/3460120.3484769 Citation Details
Ghassami, AmirEmad and Kiyavash, Negar "A Covert Queueing Channel in FCFS Schedulers" IEEE Transactions on Information Forensics and Security , v.13 , 2018 https://doi.org/10.1109/TIFS.2018.2797953 Citation Details
Hasan, Monowar and Mohan, Sibin "Protecting Actuators in Safety-Critical IoT Systems from Control Spoofing Attacks" Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things , 2019 https://doi.org/10.1145/3338507.3358615 Citation Details
Hasan, Monowar and Mohan, Sibin and Pellizzoni, Rodolfo and Bobba, Rakesh B. "Period Adaptation for Continuous Security Monitoring in Multicore Real-Time Systems" 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE) , 2020 https://doi.org/10.23919/DATE48585.2020.9116364 Citation Details
Mohan, Sibin and Asplund, Mikael and Bloom, Gedare and Sadeghi, Ahmad-Reza and Ibrahim, Ahmad and Salajageh, Negin and Griffioen, Paul and Sinopoli, Bruno "The Future of IoT Security: Special Session" International Conference on Embedded Software (EMSOFT) , 2018 Citation Details

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

A large number of safety-critical systems around us, e.g. cars, planes, power grids, etc. have real-time properties. Hence, they not only need to work correctly, but also within a well established timing constraints. E.g. an airbag must deploy within 65 ms (the time it takes to blink once) for it to prevent serious injury to passengers. Such systems are then designed with great care to be predictable at runtime. Their constituent processes, memory access, interrupts etc. are all carefully engineered to work in a precice fashion. 

Unfortunately, this very predictability can have negative side effects. In our work, we discovered that this predictable behavior can be used by adversaries to leak critical information about the system, e.g. when a critical component will execute in the future. Such information can then be used to launch additional attacks such as destabilizing the system or even taking control of it (as we demonstrated for autonomous rovers). This is a novel class of attacks and has the ability to adversely affect a large number of critical systems that are in operation today.

One of the ways to reduce the effectivness of such attacks is to ensure that the predictability is reduced -- at least from the adversary's perspective. But a reduction in predictability can have negative consequences to the operation and safety of the system itself. Hence, we need to do this carefully -- prevent attacks on the system but also keep it within the predefined operating conditions. 

We developed schedule randomization methods for this very purpose. It introduces diversity into the schedule are runtime so that it becomes very hard for an adversary to take control of the system. In addition, it does so with the real time contraints in mind -- hence, it will not destabilize the system of its own accord. We show that such techniques vcan mitigate many of the side-channel attacks.

In additional preliminary work, we also explored some concepts related to "Schedule Indistinguishability" where add (limited) noise into the execution patterns of systems in a systematic manner. 

Hence, this project significantly advanced the state of the art in security for real-time systems by:

1. exploring novel attack methods that help better understand the threat landscapes in such systems -- especially the leakage of critical information and

2. developing defensive methods that can counter such attacks. 

We believe that this will lead to more secure, and hence safer, real-time cyber-physical systems in the future.


Last Modified: 01/16/2022
Modified by: Sibin Mohan

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page