Hardware Control Flow Protection for Cyber-Physical Systems
Cyber-physical systems face vulnerabilities to cyber attacks, potentially leading to physical consequences. Explore typical attacks and the Secure System Simplex Architecture (S3A) to enhance protection. Learn about control flow monitoring and an approach to detect unexpected changes in control flow.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Hardware Control Flow Protection for Cyber-Physical Systems Stanley Bak University of Illinois at Urbana-Champaign (Some slides from Joel Van Der Woude)
Problem Cyber-physical systems are vulnerable to cyber attack. Attacks on critical infrastructure bring physical consequences.
Typical Attacks Remote code execution Buffer overflows Return into libc String format vulnerabilities Code injection Network attacks Denial of service MITM Social Engineering
Secure System Simplex Architecture (S3A)
What Side Channels? Timing of Multiple Task Executions Statistical Timing of Blocks of Code I/O Access Memory Access Patterns Program Control Flow
What Side Channels? Timing of Multiple Task Executions Statistical Timing of Blocks of Code I/O Access Memory Access Program Control Flow
Control Flow Monitoring Control flow possible paths a program may take to execute Enumerates jumps/calls/branches to create a map of possible routes through a program Does not guarantee that the proper instructions were executed, only that blocks were executed in a plausible order
Our Approach Detect unexpected changes in control flow Implement secure co- processor to limit overhead Create tool to generate a control flow graph that can be read by the co-processor Fail safely using a trusted Simplex controller Restore complex controller and return control
CFG Info We watch for changes in blocks Each block represents a set of instructions Address of block Number of instructions Taken block Not taken block
Detection If PC is outside the block Is it the address of taken? Is it the address of not taken? If not we have detected a problem Could be caused by an attacker overwriting a return address
Current Issues Large code Multiple processes Operating system (do we trust?) Polymorphic code More general purpose computing How do we ensure that each program has a control flow graph?
Conclusion CPS Security Hardware Control Flow Protection Currently Implementing Questions?
