Plasticity: Protection and Crash Forensics for Embedded Devices

Abstract

The PIs propose to develop a system they call PLASTICITY that complements and completes BFT++, a defenses based on software diversity and delayed input sharing being developed at ONR for achieving cyber-attack resilient integrated control systems (such as SCADA, Navy’s shipboard HM&E systems). Approach: The proposed research will develop Plasticity which introduces binary shims that decouple/bridge the controller to the control bus. Plasticity complements and completes BFT++, a defenses based on software diversity and delayed input sharing being developed at ONR for achieving cyber-attack resilient integrated control systems (such as SCADA, Navy’s shipboard HM&E systems). The shims introduce flexible and programmable filtering capabilities that can be updated at runtime. They provide the defender with the ability to remove inputs from the device that are known (or suspected) to crash the firmware. As a result, the firmware protected by Plasticity has the ability to defend itself from malicious inputs and commands, breaking out of the crash-recover cycle. Plasticity also extends the firmware with crash forensics capabilities that analyze the execution state of the firmware to determine the root cause of a crash. This information is used to automatically generate input filters to prevent the firmware from repeated crashing due to attacker attempts to launch a similar attack after the firmware has recovered from the initial attack. Limited hardware resources and frequent real-time constraints on execution make efficient filter generation and enforcement a primary design goal. A significant amount of effort is often invested to demonstrate that the worst-case execution time of a section of code does not exceed a budget. If the device fails to meet its real-time deadlines, its outputs could be incorrect and cause harm to the cyber-critical system, representing yet another type of failure that attackers could attempt to exploit. While it is necessary for the shims be inline with input processing, it is expected that the forensics code inserts only minimal (optimally, no) code into the execution paths of the firmware. It is expected that this component is invoked only when a crash or other failure is detected. Based on the firmware execution state, together with knowledge of the firmware gleaned from an initial static analysis, it is the task of this component to piece together the root cause of the crash. This means that the forensic component should be able to identify the inputs that led to the crash, as well as the vulnerable program point. Then, the system should compute appropriate and generalized filters that prevent this input from crashing the firmware again in the future. Overall Merit and ONR Mission/Relevance: The proposed research will develop binary shimming methodology and blacklist entry for detected (crashed) cyber-attack to provide high degree of availability and security for our integrated control systems. These results are essential to the design, implementation, operation, and security of cyber physical systems that are integral parts of Naval operations. The research is targeted as an important component for providing cyber-attack-resiliency to Navy’s HM&E systems. The developed technologies will also be essential for enhancing cyber-attack-resiliency to many Navy’s integrated control systems infrastructures. A reliable and resilient integrated control system is essential to the success for Navy missions.

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 12, 2016

Source ID

N000141512948

Entities

Tags