The high degree of predictability in real-time systems makes it possible for adversaries to launch timing inference attacks such as those based on side-channels and covert-channels. We present TaskShuffler, a schedule obfuscation method aimed at randomizing the schedule for such systems while still providing the real-time guarantees that are necessary for their safe operation. This paper also analyzes the effect of these mechanisms by presenting schedule entropy -a metric to measure the uncertainty (as perceived by attackers) introduced by TaskShuffler. These mechanisms will increase the difficulty for would-be attackers thus improving the overall security guarantees for real-time systems.
Existing techniques used for intrusion detection do not fully utilize the intrinsic properties of embedded systems. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. We also present an architectural framework with minor processor modifications to aid in this process. Our prototype shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths. IntroductionAn increasing number of attacks are targeting embedded systems [21,37] that compromise the security, and hence safety, of such systems. It is not an easy task to retrofit embedded systems with security mechanisms that were developed for more general purpose scenarios since the former (a) have constraints in processing power, memory, battery life, etc. and (b) are required to meet stringent requirements such as timing constraints.Traditional behavior-based intrusion detection systems (IDS) [10] rely on specific signals such as network traffic [15,39], control flow [1,8], system calls [14,32,5], etc. The use of system calls, especially in the form of sequences [14,16,44,29,12,40], has been extensively studied in behavior-based IDSes for general purpose systems since many malicious activities often use system calls to execute privileged operations on system resources. Because server, desktop and mobile applications exhibit rich, wildly varying behaviors across executions, such IDSes need to rely either (a) on complex models of normal behavior, which are expensive to run and thus unsuitable for an embedded system, or (b) on simple, partial models, which validate only small windows of the application execution at a time. This opens the door for attacks where variations of a valid execution sequence are replayed with slightly different parameters to achieve a malicious goal; on the other hand, the application would not execute that sequence of operations in a normal manner, every time.
As modern unmanned aerial systems (UAS) continue to expand the frontiers of automation, new challenges to security and thus its safety are emerging. It is now difficult to completely secure modern UAS platforms due to their openness and increasing complexity. We present the VirtualDrone Framework, a software architecture that enables an attack-resilient control of modern UAS. It allows the system to operate with potentially untrustworthy software environment by virtualizing the sensors, actuators, and communication channels. The framework provides mechanisms to monitor physical and logical system behaviors and to detect security and safety violations. Upon detection of such an event, the framework switches to a trusted control mode in order to override malicious system state and to prevent potential safety violations. We built a prototype quadcoper running an embedded multicore processor that features a hardware-assisted virtualization technology. We present extensive experimental study and implementation details, and demonstrate how the framework can ensure the robustness of the UAS in the presence of security breaches. CCS CONCEPTS •Security and privacy →Systems security; •Computer systems organization →Embedded and cyber-physical systems; Robotics;
Attacks on Industrial Control Systems (ICS) continue to grow in number and complexity, and well-crafted cyber attacks are aimed at both commodity and ICS-specific contexts. It has become imperative to create efficient ICS-specific defense mechanisms that complement traditional enterprise solutions. Most commercial solutions are not designed for ICS environments, rely only on pre-defined signatures and do not handle zeroday attacks. We propose a threat detection framework that aims to detect zero-day attacks by creating models of legitimate, rather than malicious ICS traffic. Our approach employs a contentbased analysis that characterizes normal command and data sequences applied at the network level, while proposing mechanisms for achieving a low false positive rate. Our preliminary results show that we can reliably model normal behavior, while reducing the false positive rate, increasing confidence in the anomaly detection alerts.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.