Skip to main content
SpringerLink
Log in

Enforcing Full-Stack Memory-Safety in Cyber-Physical Systems

  • Conference paper
  • First Online:
Engineering Secure Software and Systems (ESSoS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10953))

Included in the following conference series:

Abstract

Memory-safety attacks are one of the most critical threats against Cyber-Physical Systems (CPS). As opposed to mainstream systems, CPS often impose stringent timing constraints. Given such timing constraints, how can we protect CPS from memory-safety attacks? In this paper, we propose a full-stack memory-safety attack detection method to address this challenge. We also quantify the notion of tolerability of memory-safety overheads (MSO) in terms of the expected real-time constraints of a typical CPS. We implemented and evaluated our proposed solution on a real-world Secure Water Treatment (SWaT) testbed. Concretely, we show that our proposed solution incurs a memory-safety overhead of 419.91 µs, which is tolerable for the real-time constraints imposed by the SWaT system. Additionally, We also discuss how different parameters of a typical CPS will impact the execution time of the CPS computational logic and memory safety overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Sha, L., Gopalakrishnan, S., Liu, X., Wang, Q.: Cyber-physical systems: a new frontier. In: SUTC 2008 (2008)

    Google Scholar 

  2. Lee, E.A., Seshia, S.A.: Introduction to Embedded Systems - A Cyber-Physical Systems Approach, 2nd edn, version 2.0 edn. LeeSeshia.org (2015)

    Google Scholar 

  3. Lee, E.A.: Cyber physical systems: design challenges. In: ISORC 2008 (2008)

    Google Scholar 

  4. MITRE: Common Vulnerabilities and Exposures. https://cve.mitre.org/

  5. CVE-5814. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5814

  6. CVE-6438. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6438

  7. CVE-6436. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6436

  8. CVE-0674. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0674

  9. CVE-1449. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1449

  10. CVE-0929. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0929

  11. CVE-7937. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7937

  12. CVE-5007. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5007

  13. NVD: NVD Statistics on The Linux Kernel Vulnerabilities (2018). https://nvd.nist.gov/vuln/search/results?adv_search=false&form_type=basic&results_type=overview&search_type=all&query=linux+kernel

  14. Berger, E.D., Zorn, B.G.: DieHard: probabilistic memory safety for unsafe languages. In: PLDI 2006 (2006)

    Google Scholar 

  15. Novark, G., Berger, E.D.: DieHarder: securing the heap. In: CCS 2010 (2010)

    Google Scholar 

  16. Kharbutli, M., Jiang, X., Solihin, Y., Venkataramani, G., Prvulovic, M.: Comprehensively and efficiently protecting the heap. In: ASPLOS 2006 (2006)

    Article  Google Scholar 

  17. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: CCS 2005, pp. 340–353 (2005)

    Google Scholar 

  18. Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: USENIX 2013

    Google Scholar 

  19. Tice, C., Roeder, T., Collingbourne, P., Checkoway, S., Erlingsson, Ú., Lozano, L., Pike, G.: Enforcing forward-edge control-flow integrity in GCC & LLVM. In: USENIX 2014, pp. 941–955 (2014)

    Google Scholar 

  20. Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: AddressSanitizer: a fast address sanity checker. In: USENIX ATC 2012 (2012)

    Google Scholar 

  21. Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. In: PLDI 2009 (2009)

    Google Scholar 

  22. Nagarakate, S., Zhao, J., Martin, M.M., Zdancewic, S.: CETS: compiler enforced temporal safety for C. In: ISMM 2010 (2010)

    Google Scholar 

  23. Simpson, M.S., Barua, R.K.: MemSafe: ensuring the spatial and temporal memory safety of C at runtime. Softw.: Pract. Exp. 43(1), 93–128 (2013)

    Google Scholar 

  24. Bruening, D., Zhao, Q.: Practical memory checking with Dr. Memory. In: CGO 2011 (2011)

    Google Scholar 

  25. Necula, G.C., Condit, J., Harren, M., McPeak, S., Weimer, W.: CCured: type-safe retrofitting of legacy software. ACM Trans. Progr. Lang. Syst. 27(3), 477–526 (2005)

    Article  Google Scholar 

  26. Eigler, F.C.: Mudflap: Pointer Use Checking for C/C++. In: GCC Developer’s Summit. Red Hat Inc (2003)

    Google Scholar 

  27. KASAN: The Kernel Address Sanitizer (2018). https://www.kernel.org/doc/html/v4.12/dev-tools/kasan.html

  28. iTrust: Secure Water Treatment (SWaT) Testbed. https://itrust.sutd.edu.sg/research/testbeds/secure-water-treatment-swat/

  29. Ahmed, C.M., Adepu, S., Mathur, A.: Limitations of state estimation based cyber attack detection schemes in industrial control systems. In: SCSP-W 2016 (2016)

    Google Scholar 

  30. Chekole, E.G., Castellanos, J.H., Ochoa, M., Yau, D.K.Y.: Enforcing memory safety in cyber-physical systems. In: Katsikas, S., et al. (eds.) SECPRE 2017, CyberICPS 2017. LNCS, vol. 10683, pp. 127–144. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72817-9_9

    Chapter  Google Scholar 

  31. AddressSanitizer Github Repository. https://github.com/google/sanitizers/wiki/AddressSanitizerComparisonOfMemoryTools

  32. KASAN Wiki: The Kernel Address Sanitizer Wiki (2018). https://github.com/google/kasan/wiki

  33. KASAN Bug Report: List of Kernel Bugs Detected by KASan (2018). https://github.com/google/kasan/wiki/Found-Bugs

  34. TOFINO SECURITY. https://www.tofinosecurity.com/blog/plc-security-risk-controller-operating-systems/

  35. LinPAC. http://www.icpdas.com/root/product/solutions/pac/linpac/linpac-8000_introduction.html/

  36. OpenPLC. http://www.openplcproject.com/

  37. WAGO: Linux Programmable Fieldbus Controller

    Google Scholar 

  38. CERT.ORG: Vulnerability Notes Database

    Google Scholar 

  39. ScadaBR. http://www.scadabr.com.br/

  40. Cooprider, N., Archer, W., Eide, E., Gay, D., Regehr, J.: Efficient memory safety for TinyOS. In: SenSys 2007, pp. 205–218 (2007)

    Google Scholar 

  41. The Deputy Project (2007). http://deputy.cs.berkeley.edu

  42. Gay, D., Levis, P., von Behren, R., Welsh, M., Brewer, E., Culler, D.: The nesC language: a holistic approach to networked embedded systems. In: PLDI 2003 (2003)

    Article  Google Scholar 

  43. Zhang, H., Shu, Y., Cheng, P., Chen, J.: Privacy and performance trade-off in cyber-physical systems. IEEE Netw. 30(2), 62–66 (2016)

    Article  Google Scholar 

  44. Stefanov, A., Liu, C.C., Govindarasu, M., Wu, S.S.: SCADA modeling for performance and vulnerability assessment of integrated cyber-physical systems. Intern. Trans. Electr. Energy Syst. 25(3), 498–519 (2015)

    Article  Google Scholar 

  45. Vuong, T.P., Loukas, G., Gan, D.: Performance evaluation of cyber-physical intrusion detection on a robotic vehicle. In: IEEE International Conference On Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (2015)

    Google Scholar 

  46. Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks. In: SP 2016 (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Eyasu Getahun Chekole, Sudipta Chattopadhyay & Martín Ochoa

  2. Institute for Infocomm Research (I2R), Singapore, Singapore

    Eyasu Getahun Chekole & Guo Huaqun

  3. Department of Applied Mathematics and Computer Science, Universidad del Rosario, Bogotá, Colombia

    Martín Ochoa

Authors
  1. Eyasu Getahun Chekole
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sudipta Chattopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martín Ochoa
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guo Huaqun
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eyasu Getahun Chekole .

Editor information

Editors and Affiliations

  1. Purdue University, West Lafayette, USA

    Mathias Payer

  2. University of Bristol, Clifton, UK

    Awais Rashid

  3. King’s College London, London, UK

    Jose M. Such

Appendix

Appendix

Table 2. Memory usage overheads (in MB)
Full size table
Fig. 2.
figure 2

The CPS architecture and memory-safety attacks [30]

Full size image
Table 3. Detection accuracy of ASan
Full size table
Fig. 3.
figure 3

Sample PLC program in ladder diagram [30]

Full size image
Table 4. Instruction count
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chekole, E.G., Chattopadhyay, S., Ochoa, M., Huaqun, G. (2018). Enforcing Full-Stack Memory-Safety in Cyber-Physical Systems. In: Payer, M., Rashid, A., Such, J. (eds) Engineering Secure Software and Systems. ESSoS 2018. Lecture Notes in Computer Science(), vol 10953. Springer, Cham. https://doi.org/10.1007/978-3-319-94496-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-94496-8_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-94495-1

  • Online ISBN: 978-3-319-94496-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation