The YOLO Approach to Resilient Cyber Physical Systems, Cyber

Abstract

Statement of Work: The proposed research will develop YOLO (you only live once) for achieving cyber-attack resilient integrated control systems, employing the “crash often, recover fast” resiliency paradigm. The project consists of 3 main tasks: Task 1: Development of a Representative Cyber Physical System: Automotive control systems and Drone and its ground control system Task 2: Understanding the Interaction of CPS Requirements, System & Security Parameters Task 3: YOLO Design, Implementation and Demonstration The proposed paradigm has at least two desirable security benefits: First, the adversary is forced to craft a new attack periodically which substantially raises the bar for exploitation. Second, when an adversary breaks a program the program is likely to crash, however, since CPS systems are resilient to intermittent faults the crash is unlikely to impact system operation. Further, recycling the system software makes it difficult for the attacker to stay resident in the system. Objective: The PIs will investigate, formalize and develop technologies for achieving cyber-attack resilient integrated control systems (such as SCADA, Navy’s shipboard HM&E systems) Approach: The focus of this proposal is to improve the security of Cyber Physical Systems (CPSs). The PIs envision a system called YOLO (short for, “You Only Live Once”) to protect CPSs. In YOLO system, no program executes more than once on a CPS. The system has two “places”: a “nursery” computer where programs stay before they are sent to process sensor inputs, and a “sandpit” computer where programs actually run, i.e., process sensor and operator inputs. The system operates as follows: at the nursery we constantly “grow” and store new diversified program variants. When a new sensor input arrives, a fresh diversified program (or a set of programs) are checked out from the nursery and sent to the sandpit. Once the program(s) complete execution in the sandpit computer, i.e., they finish processing the sensor inputs, and their output is deemed acceptable, the outputs are recorded and the programs are discarded forever thereby forcing the attacker to create a new attack for every execution. If the output is deemed unacceptable due to, say, a security violation or other unintentional problems the state of the system is checkpointed for forensic analysis, and a new set of programs are checked out from the nursery to compute on future sensor inputs. YOLO provides defense in depth: first, diversification of programs in the nursery makes it difficult for the attacker to exploit control flow attacks? logic attacks and data oriented attack. Attacks can be filtered by behavioral monitoring on the sandpit computer? persistence attacks are completely denied because every new program gets to execute on bare metal. They further propose a new performance and security optimization known as speculative stripping to reduce the attack surface of programs. The PIs will perform our studies and demonstrate YOLO on an car engine control unit and an amateur drone platform. Overall Merit and ONR Mission/Relevance: The proposed research will produce new theories and algorithms for designing attack tolerance systems with high degree of availability and security. These results are essential to the design, implementation, operation, and security of cyber physical systems that are integral parts of Naval operations. The research will also produce the theoretical foundation, develop the systems and software principles, as well as demonstrate example systems. The research is targeted as an important component for providing cyber-attack-resiliency to Navy’s HM&E systems. The developed technologies will also be essential for enhancing cyber-attack-resiliency to many Navy’s integrated control systems infrastructures. A reliable and resilient integrated control system is essential to the success for Navy missions.

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 12, 2016

Source ID

N000141512173

Entities

Tags