Skip to main content

Advertisement

SpringerLink
Log in

Data space randomization for securing cyber-physical systems

  • regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Non-control data attacks have become widely popular for circumventing authentication mechanisms in websites, servers, and personal computers. These attacks can be executed against cyber-physical systems (CPSs) in which not only authentication is an issue, but safety is at risk. Furthermore, any unauthorized change to safety-critical variables within the software may cause damage or even catastrophic consequences. Moving target defense techniques such as data space randomization (DSR) have become popular for protecting against memory corruption attacks such as non-control data attacks. However, current DSR implementations rely on source code transformations and do not stop critical variables from being overwritten, only that the new overwritten value will be vastly different than expected by the attacker. As such, these implementations are often ineffective for legacy CPS software in which only a binary is available. The problem addressed in this paper is how do we protect against non-control data attacks in legacy CPS software while ensuring that we can detect instances of variable integrity violations. We solve this problem by combining DSR at the binary level with variable comparison checks to ensure that we can detect and mitigate any attacker attempt to overwrite safety-critical variables. Our security approach is demonstrated utilizing an autonomous emergency braking system case study.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Abbas, Z., Rehman, M.-U., Najam, S., Rizvi, S.D.: An efficient gray-level co-occurrence matrix (GLCM) based approach towards classification of skin lesion. In: 2019 Amity International Conference on Artificial Intelligence (AICAI), pp. 317–320. IEEE (2019)

  2. Andersen, L.O.: Program analysis and specialization for the C programming language. Ph.D. thesis, University of Cophenhagen (1994)

  3. Anderson, P.: Coding standards for high-confidence embedded systems. In: MILCOM 2008-2008 IEEE Military Communications Conference, pp. 1–7. IEEE (2008)

  4. Avizienis, A.: The n-version approach to fault-tolerant software. IEEE Trans. Softw. Eng. 12, 1491–1501 (1985)

    Article  Google Scholar 

  5. Barr, P., Narin, A., Varia, J.: Building fault-tolerant applications on AWS. Amazon Web Services, pp. 1–15 (2011)

  6. Bhatkar, S., Sekar, S.: Data space randomization. In: Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2008)

  7. Bhatkar, S., Sekar, S.: Data space randomization. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 1–22. Springer (2008)

  8. Blair, B.: Strengthening checks on presidential nuclear launch authority. Arms Control Today 48(1), 6–13 (2018)

    Google Scholar 

  9. Cadar, C., Akritidis, P., Costa, M., Martin, J.-P., Castro, M.: Data randomization. Technical report, technical report TR-2008-120, Microsoft Research, 2008. Cited on (2008)

  10. Capelletti, M.: Unlinker: an approach to identify original compilation units in stripped binaries (2017)

  11. Charette, R.N.: This car runs on code. IEEE Spectr. 46(3), 3 (2009)

    MathSciNet  Google Scholar 

  12. Chen, S., Xu, J., Nakka, N., Kalbarczyk, Z., Iyer, R.K.: Defeating memory corruption attacks via pointer taintedness detection. In: 2005 International Conference on Dependable Systems and Networks (DSN’05), pp. 378–387. IEEE (2005)

  13. Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-control-data attacks are realistic threats. In: USENIX Security Symposium, vol. 5 (2005)

  14. Co, M., Davidson, J.W., Hiser, J.D., Knight, J.C., Nguyen-Tuong, J.C., Weimer, W., Burket, J., Frazier, G.L., Frazier, T.M., Dutertre B., et al.: Double helix and raven: a system for cyber fault tolerance and recovery. In: Proceedings of the 11th Annual Cyber and Information Security Research Conference, pp. 1–4 (2016)

  15. Coley, G.: Beaglebone Black System Reference Manual. Texas Instruments, Dallas (2013)

    Google Scholar 

  16. Cowan, B., Beattie, S., Johansen, S., Wagle, P.: Pointguard TM: protecting pointers from buffer overflow vulnerabilities. In: Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, pp. 91–104 (2003)

  17. Crandall, J.R., Chong, F.T.: Minos: control data attack prevention orthogonal to memory model. In: Proceedings of the 37th Annual IEEE/ACM International Symposium on Microarchitecture, pp. 221–232. IEEE Computer Society (2004)

  18. Demay, J.-C., Totel, J.-C., Tronel, F.: Sidan: a tool dedicated to software instrumentation for detecting attacks on non-control-data. In: 2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009), pp. 51–58. IEEE (2009)

  19. Dinaburg, A., Ruef, A.: Mcsema: static translation of x86 instructions to llvm. In: ReCon 2014 Conference, Montreal, Canada (2014)

  20. Disassembler, I.P.: Debugger (2010)

  21. Dosovitskiy, A., Ros, G., Codevilla, F., Lopez, A., Koltun, V.: Carla: An open urban driving simulator. arXiv preprint arXiv:1711.03938 (2017)

  22. Gorgovan, C., D’antras, A., Luján, M.: MAMBO: a low-overhead dynamic binary modification tool for ARM. ACM Trans. Archit. Code Optim. TACO 13(1), 14 (2016)

    Google Scholar 

  23. Hilderman, V., Baghi, T.: Avionics certification: a complete guide to DO-178 (software), DO-254 (hardware). Avionics Communications (2007)

  24. Homescu, A., Neisius, S., Larsen, S., Brunthaler, S., Franz, S.: Profile-guided automated software diversity. In: Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO), pp. 1–11. IEEE (2013)

  25. Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE, pp. 969–986 (2016)

  26. Lattner, C., Adve, C.: LLVM: a compilation framework for lifelong program analysis & transformation. In: International Symposium on Code Generation and Optimization, 2004. CGO 2004, pp. 75–86. IEEE (2004)

  27. Lattner, C., et al.: The LLVM compiler infrastructure. http://llvm.org (2010)

  28. Markl, C.: Case study on LLVM as suitable intermediate language for binary analysis. ret, 32:0

  29. Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat USA, 2015 (2015)

  30. Miller, C., Valasek, C.: Securing self-driving cars (one company at a time). In: Presented at Black Hat (2018)

  31. Naphade, M., Anastasiu, D.C., Sharma, A., Jagrlamudi, V., Jeon, H., Liu, H., Chang, M.-C., Lyu, S., Gao, S.: The NVIDIA AI city challenge. In: 2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), pp. 1–6. IEEE (2017)

  32. Okhravi, H., Hobson, T., Bigelow, D., Streilein, W.: Finding focus in the blur of moving-target techniques. IEEE Security and Privacy (2014)

  33. One, A.: Smashing the stack for fun and profit (1996). See http://www.phrack.org/show.php (2007)

  34. Potteiger, B., Zhang, Z., Koutsoukos, X.: Integrated data space randomization and control reconfiguration for securing cyber-physical systems. In: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, p. 3. ACM (2019)

  35. Potteiger, B., Zhang, Z., Koutsoukos, X.: Integrated moving target defense and control reconfiguration for securing cyber-physical systems. Microprocess. Microsyst. 73, 102954 (2020)

    Article  Google Scholar 

  36. Ramalingam, G.: The undecidability of aliasing. ACM Trans. Program. Lang. Syst. TOPLAS 16(5), 1467–1471 (1994)

    Article  Google Scholar 

  37. Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A.-R., Holz, A.-R.: Counterfeit object-oriented programming: on the difficulty of preventing code reuse attacks in c++ applications. In 2015 IEEE Symposium on Security and Privacy (SP), pp. 745–762. IEEE (2015)

  38. Shakir, M., Rehman, O.U., Abbas, Z., Masood, A., Shahid, W.: Evaluation of video quality in wireless multimedia sensor networks. Int. J. Electr. Comput. Eng. 6(1), 223 (2016)

    Google Scholar 

  39. Sui, Y., Xue, Y.: SVF: interprocedural static value-flow analysis in LLVM. In: Proceedings of the 25th International Conference on Compiler Construction, pp. 265–266. ACM (2016)

  40. Wang, C., Kim, H.-S., Wu, Y., Ying, V.: Compiler-managed software-based redundant multi-threading for transient fault detection. In: Proceedings of the International Symposium on Code Generation and Optimization, pp. 244–258. IEEE Computer Society (2007)

  41. Yellman, T.W.: Redundancy in designs. Risk Anal. Int. J. 26(1), 277–286 (2006)

    Article  Google Scholar 

Download references

Funding

This work was funded in part by the National Security Agency (H98230-18-D-0010), the National Science Foundation (CNS-1739328), and by the National Institute of Standards and Technology (70NANB17H266). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of NSA, NSF, or NIST.

Author information

Authors and Affiliations

  1. Johns Hopkins Applied Physics Lab, Laurel, MD, USA

    Bradley Potteiger

  2. Institute for Software Integrated Systems, Vanderbilt University, Nashville, TN, USA

    Feiyang Cai & Xenofon Koutsoukos

  3. Department of Computer Science, Clemson University, Clemson, SC, USA

    Zhenkai Zhang

Authors
  1. Bradley Potteiger
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Feiyang Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhenkai Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xenofon Koutsoukos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bradley Potteiger.

Ethics declarations

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Potteiger, B., Cai, F., Zhang, Z. et al. Data space randomization for securing cyber-physical systems. Int. J. Inf. Secur. 21, 597–610 (2022). https://doi.org/10.1007/s10207-021-00568-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-021-00568-1

Keywords

Search

Navigation