Abstract
We describe an approach to control-flow integrity protection for real-time systems. We present TrackOS, a security-aware real-time operating system. TrackOS checks a task’s control stack against a statically-generated call graph, generated by an abstract interpretation-based tool that requires no source code. The monitoring is done from a dedicated task, the schedule of which is controlled by the real-time operating system scheduler. Finally, we implement a version of software-based attestation (SWATT) to ensure program-data integrity to strengthen our control-flow integrity checks. We demonstrate the feasibility of our approach by monitoring an open source autopilot in flight.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13(1), 1–40 (2009)
Source code, December 2012. http://code.google.com/p/ardupilot-mega/
Castelluccia, C., Francillon, A., Perito, D., Soriente, C.: On the difficulty of software-based attestation of embedded devices. In: Computer and Communications Security (CCS), pp. 400–409. ACM (2009)
Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security (2011)
Cowan, C., Calton, P., Maier, D., Hintony, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. In: SSYM 1998: Proceedings of the 7th Conference on USENIX Security Symposium. USENIX Association (1998)
de Clercq, R., De Keulenaer, R., Coppens, B., Yang, B., Maene, P., de Bosschere, K., Preneel, B., de Sutter, B., Verbauwhede, S.I.: Software and control flow integrity architecture. In: Proceedings of the 2016 Conference on Design, Automation & Test in Europe (2016)
Diatchki, I., Pike, L., Erkök, L.: Practical considerations in control-flow integrity monitoring. In: Proceedings of the The Second International Workshop on Security Testing (SECTEST 2011). IEEE, March 2011
Francillon, A., Castelluccia, C.: Code injection attacks on harvard-architecture devices. In: Computer and Communications Security (CCS), pp. 15–26. ACM (2008)
Francillon, A., Perito, D., Castelluccia, C.: Defending embedded systems against control flow attacks. In: Proceedings of the First ACM Workshop on Secure execution of Untrusted Code, SecuCode 2009, pp. 19–26. ACM (2009)
Frantzen, M., Shuey, M., Stackghost: hardware facilitated stack protection. In: SSYM 2001, Proceedings of the 10th Conference on USENIX Security Symposium (2001)
Hofmann, O., Dunn, A.M., Kim, S., Roy, I., Witchel, E.: Ensuring operating system kernel integrity with OSck. In: Architectural Support for Programming Languages and Operating Systems (ASPLOS). ACM (2011)
Mohan, S., Bak, S., Betti, E., Yun, H., Sha, L., Caccamo, M., S3A: secure system simplex architecture for enhanced security of cyber-physical systems. CoRR (2012)
Perrig, A., van Doorn, L.: Refutation of “on the difficulty of software-based attestation of embedded devices” (2010) (Unpublished). https://sparrow.ece.cmu.edu/group/publications.html
Petroni, Jr., N.L., Hicks, M.: Automated detection of persistent kernel control-flow attacks. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 103–115. ACM (2007)
Reeves, J., Ramaswamy, A., Locasto, M., Bratus, S., Smith, S.: Lightweight intrusion detection for resource-constrained embedded control systems. In: Butts, J., Shenoi, S. (eds.) ICCIP 2011. IAICT, vol. 367, pp. 31–46. Springer, Heidelberg (2011). doi:10.1007/978-3-642-24864-1_3
Regehr, J., Reid, A., Webb, K.: Eliminating stack overflow by abstract interpretation. ACM Trans. Embed. Comput. Syst. 4(4), 751–778 (2005)
Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-oriented programming: systems, languages, and applications. ACM Trans. Inf. Syst. Secur. 15(1), 1–34 (2012)
Seshadri, A., Luk, M., Perrig, A., van Doorn, L., Khosla, S.P.: Secure code update by attestation in sensor networks. In: ACM Workshop on Wireless Security (WiSe 2006), September 2006
Seshadri, A., Perrig, A., van Doorn, L., Pradeep Khosla, S.: Software-based attestation for embedded devices. In: Proceedings of the IEEE Symposium on Security and Privacy, May 2004
Sha, L.: Using simplicity to control complexity. IEEE Softw. 18(4), 20–28 (2001)
Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 298–307. ACM (2004)
Zeng, B., Tan, G., Morrisett, G.: Combining control-flow integrity and static analysis for efficient and validated data sandboxing. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM (2011)
Acknowledgments
This work is supported in part by Air Force contract FA8650-11-C-1003. All findings herein are the authors’ alone. Pat Hickey performed the work while at Galois, Inc.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Pike, L., Hickey, P., Elliott, T., Mertens, E., Tomb, A. (2016). TrackOS: A Security-Aware Real-Time Operating System. In: Falcone, Y., Sánchez, C. (eds) Runtime Verification. RV 2016. Lecture Notes in Computer Science(), vol 10012. Springer, Cham. https://doi.org/10.1007/978-3-319-46982-9_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-46982-9_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46981-2
Online ISBN: 978-3-319-46982-9
eBook Packages: Computer ScienceComputer Science (R0)