skip to main content
10.1145/2628136.2628165acmconferencesArticle/Chapter ViewAbstractPublication PagesicfpConference Proceedingsconference-collections
keynote

Using formal methods to enable more secure vehicles: DARPA's HACMS program

Published: 19 August 2014 Publication History

Abstract

Networked embedded systems are ubiquitous in modern society. Examples include SCADA systems that manage physical infrastructure, medical devices such as pacemakers and insulin pumps, and vehicles such as airplanes and automobiles. Such devices are connected to networks for a variety of compelling reasons, including the ability to access diagnostic information conveniently, perform software updates, provide innovative features, and lower costs. Researchers and hackers have shown that these kinds of networked embedded systems are vulnerable to remote attacks and that such attacks can cause physical damage and can be hidden from monitors [1, 4].
DARPA launched the HACMS program to create technology to make such systems dramatically harder to attack successfully. Specifically, HACMS is pursuing a clean-slate, formal methods-based approach to the creation of high-assurance vehicles, where high assurance is defined to mean functionally correct and satisfying appropriate safety and security properties. Specific technologies include program synthesis, domain-specific languages, and theorem provers used as program development environments. Targeted software includes operating system components such as hypervisors, microkernels, file systems, and device drivers as well as control systems such as autopilots and adaptive cruise controls. Program researchers are leveraging existing high-assurance software including NICTA's seL4 microkernel and INRIA's CompCert compiler.
Although the HACMS project is less than halfway done, the program has already achieved some remarkable success. At program kick-off, a Red Team easily hijacked the baseline open-source quadcopter that HACMS researchers are using as a research platform. At the end of eighteen months, the Red Team was not able to hijack the newly-minted "SMACCMCopter" running high-assurance HACMS code, despite being given six weeks and full access to the source code of the copter. An expert in penetration testing called the SMACCMCopter "the most secure UAV on the planet."
In this talk, I will describe the HACMS program: its motivation, the underlying technologies, current results, and future directions.

References

[1]
W. Burleson, S. S. Clark, B. Ransford, and K. Fu. Design challenges for secure implantable medical devices. In Proceedings of the 49th Annual Design Automation Conference, DAC '12, pages 12--17, New York, NY, USA, 2012. ACM. ISBN 978-1-4503-1199-1 URL http://doi.acm.org/10.1145/2228360.2228364.
[2]
S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Conference on Security, SEC'11, Berkeley, CA, USA, 2011. USENIX Association. URL http://dl.acm.org/citation.cfm?id=2028067.2028073.
[3]
K. Munro. SCADA - A critical situation. Network Security, 2008 (1): 4--6, 2008. ISSN 1353-4858. URL http://www.sciencedirect.com/science/article/pii/S1353485808700059.
[4]
Teso, Hugo. Aircraft hacking: Practical aero series. http://conference.hitb.org/hitbsecconf2013ams/hugo-teso/, 2013.

Cited By

View all
  • (2017)R2U2Formal Methods in System Design10.5555/3135630.313563651:1(31-61)Online publication date: 1-Aug-2017
  • (2017)Architectural refinements for enhancing trust and securing cyber-physical systems2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI)10.1109/UIC-ATC.2017.8397621(1-8)Online publication date: Aug-2017
  • (2017)Secure Automotive SoftwareIEEE Software10.1109/MS.2017.7834:3(49-55)Online publication date: 1-May-2017
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ICFP '14: Proceedings of the 19th ACM SIGPLAN international conference on Functional programming
August 2014
390 pages
ISBN:9781450328739
DOI:10.1145/2628136
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 August 2014

Check for updates

Author Tags

  1. cyber-physical systems
  2. formal methods
  3. hacms
  4. high assurance software

Qualifiers

  • Keynote

Conference

ICFP'14
Sponsor:

Acceptance Rates

ICFP '14 Paper Acceptance Rate 28 of 85 submissions, 33%;
Overall Acceptance Rate 333 of 1,064 submissions, 31%

Upcoming Conference

ICFP '25
ACM SIGPLAN International Conference on Functional Programming
October 12 - 18, 2025
Singapore , Singapore

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)11
  • Downloads (Last 6 weeks)1
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2017)R2U2Formal Methods in System Design10.5555/3135630.313563651:1(31-61)Online publication date: 1-Aug-2017
  • (2017)Architectural refinements for enhancing trust and securing cyber-physical systems2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI)10.1109/UIC-ATC.2017.8397621(1-8)Online publication date: Aug-2017
  • (2017)Secure Automotive SoftwareIEEE Software10.1109/MS.2017.7834:3(49-55)Online publication date: 1-May-2017
  • (2017)High-Assurance Control [About This Issue]IEEE Control Systems10.1109/MCS.2016.264321937:2(5-13)Online publication date: Apr-2017
  • (2017)R2U2: monitoring and diagnosis of security threats for unmanned aerial systemsFormal Methods in System Design10.1007/s10703-017-0275-x51:1(31-61)Online publication date: 12-Apr-2017
  • (2016)Incremental Formal Methods Based Design Approach Demonstrated on a Coupled Tanks Control SystemProceedings of the 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE)10.1109/HASE.2016.16(181-188)Online publication date: 7-Jan-2016
  • (2015)Formal Architecture Based Design Analysis for Certifying SWS RTOSIntelligent Systems Technologies and Applications10.1007/978-3-319-23258-4_38(437-448)Online publication date: 22-Aug-2015
  • (2018)Security Evaluation Framework for Military IoT DevicesSecurity and Communication Networks10.1155/2018/61358452018Online publication date: 1-Jan-2018
  • (2017)Prototyping a query compiler using Coq (experience report)Proceedings of the ACM on Programming Languages10.1145/31102531:ICFP(1-15)Online publication date: 29-Aug-2017
  • (2017)Enhanced Security of Building Automation Systems Through Microkernel-Based Controller Platforms2017 IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW)10.1109/ICDCSW.2017.25(37-44)Online publication date: Jun-2017

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media