Time-based intrusion detection in cyber-physical systems

Authors:
Christopher Zimmer;Balasubramanya Bhat;Frank Mueller;Sibin Mohan
Affiliations:
North Carolina State University, Raleigh, NC;North Carolina State University, Raleigh, NC;North Carolina State University, Raleigh, NC;University of Illinois at Urbana-Champaign, Urbana, IL
Venue:
Proceedings of the 1st ACM/IEEE International Conference on Cyber-Physical Systems
Year:
2010

Citing 21
Cited 4

Compilers: principles, techniques, and tools

Compilers: principles, techniques, and tools
Bounding Pipeline and Instruction Cache Performance

IEEE Transactions on Computers
Timing Analysis for Instruction Caches

Real-Time Systems - Special issue on worst-case execution-time analysis
Microc/OS-II

Microc/OS-II
A Comparison of Static Analysis and Evolutionary Testing for the Verification of Timing Constraints

Real-Time Systems
Integrating Security and Real-Time Requirements Using Covert Channel Capacity

IEEE Transactions on Knowledge and Data Engineering
WCET Analysis of Probabilistic Hard Real-Time Systems

RTSS '02 Proceedings of the 23rd IEEE Real-Time Systems Symposium
Intrusion detection techniques for mobile wireless networks

Wireless Networks
Countering code-injection attacks with instruction-set randomization

Proceedings of the 10th ACM conference on Computer and communications security
Encryption overhead in embedded systems and sensor network nodes: modeling and analysis

Proceedings of the 2003 international conference on Compilers, architecture and synthesis for embedded systems
Defending Embedded Systems Against Buffer Overflow via Hardware/Software

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Security in embedded systems: Design challenges

ACM Transactions on Embedded Computing Systems (TECS)
On the effectiveness of address-space randomization

Proceedings of the 11th ACM conference on Computer and communications security
Timing Analysis for Sensor Network Nodes of the Atmega Processor Family

RTAS '05 Proceedings of the 11th IEEE Real Time on Embedded Technology and Applications Symposium
Detection and prevention of stack buffer overflow attacks

Communications of the ACM
ParaScale: Exploiting Parametric Timing Analysis for Real-Time Schedulers and Dynamic Voltage Scaling

RTSS '05 Proceedings of the 26th IEEE International Real-Time Systems Symposium
Embedded Intelligent Intrusion Detection: A Behavior-Based Approach

AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
PointguardTM: protecting pointers from buffer overflow vulnerabilities

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Analysis of Payload Based Application level Network Anomaly Detection

HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
The worst-case execution-time problem—overview of methods and survey of tools

ACM Transactions on Embedded Computing Systems (TECS)
Crossover: Online Pests Plaguing the Offline World

IEEE Security and Privacy

CUDACS: securing the cloud with CUDA-enabled secure virtualization

ICICS'10 Proceedings of the 12th international conference on Information and communications security
Security requirements for a cyber physical community system: a case study

Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies
S3A: secure system simplex architecture for enhanced security and robustness of cyber-physical systems

Proceedings of the 2nd ACM international conference on High confidence networked systems
A survey of intrusion detection techniques for cyber-physical systems

ACM Computing Surveys (CSUR)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Embedded systems, particularly real-time systems with temporal constraints, are increasingly deployed in every day life. Such systems that interact with the physical world are also referred to as cyber-physical systems (CPS). These systems commonly find use in critical infrastructure from transportation to health care. While security in CPS-based real-time embedded systems has been an afterthought, it is becoming a critical issue as these systems are increasingly networked and inter-dependent. The advancement in their functionality has resulted in more conspicuous interfaces that may be exploited to attack them. In this paper, we present three mechanisms for time-based intrusion detection. More specifically, we detect the execution of unauthorized instructions in real-time CPS environments. Such intrusion detection utilizes information obtained by static timing analysis. For real-time CPS systems, timing bounds on code sections are readily available as they are already determined prior to the schedulability analysis. We demonstrate how to provide micro-timings for multiple granularity levels of application code. Through bounds checking of these micro-timings, we develop techniques to detect intrusions (1) in a self-checking manner by the application and (2) through the operating system scheduler, which are novel contributions to the real-time/embedded systems domain to the best of our knowledge.