Abstract
Memory-safety attacks are one of the most critical threats against Cyber-Physical Systems (CPS). As opposed to mainstream systems, CPS often impose stringent timing constraints. Given such timing constraints, how can we protect CPS from memory-safety attacks? In this paper, we propose a full-stack memory-safety attack detection method to address this challenge. We also quantify the notion of tolerability of memory-safety overheads (MSO) in terms of the expected real-time constraints of a typical CPS. We implemented and evaluated our proposed solution on a real-world Secure Water Treatment (SWaT) testbed. Concretely, we show that our proposed solution incurs a memory-safety overhead of 419.91 µs, which is tolerable for the real-time constraints imposed by the SWaT system. Additionally, We also discuss how different parameters of a typical CPS will impact the execution time of the CPS computational logic and memory safety overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sha, L., Gopalakrishnan, S., Liu, X., Wang, Q.: Cyber-physical systems: a new frontier. In: SUTC 2008 (2008)
Lee, E.A., Seshia, S.A.: Introduction to Embedded Systems - A Cyber-Physical Systems Approach, 2nd edn, version 2.0 edn. LeeSeshia.org (2015)
Lee, E.A.: Cyber physical systems: design challenges. In: ISORC 2008 (2008)
MITRE: Common Vulnerabilities and Exposures. https://cve.mitre.org/
CVE-5814. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5814
CVE-6438. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6438
CVE-6436. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6436
CVE-0674. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0674
CVE-1449. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1449
CVE-0929. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0929
CVE-7937. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7937
CVE-5007. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5007
NVD: NVD Statistics on The Linux Kernel Vulnerabilities (2018). https://nvd.nist.gov/vuln/search/results?adv_search=false&form_type=basic&results_type=overview&search_type=all&query=linux+kernel
Berger, E.D., Zorn, B.G.: DieHard: probabilistic memory safety for unsafe languages. In: PLDI 2006 (2006)
Novark, G., Berger, E.D.: DieHarder: securing the heap. In: CCS 2010 (2010)
Kharbutli, M., Jiang, X., Solihin, Y., Venkataramani, G., Prvulovic, M.: Comprehensively and efficiently protecting the heap. In: ASPLOS 2006 (2006)
Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: CCS 2005, pp. 340–353 (2005)
Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: USENIX 2013
Tice, C., Roeder, T., Collingbourne, P., Checkoway, S., Erlingsson, Ú., Lozano, L., Pike, G.: Enforcing forward-edge control-flow integrity in GCC & LLVM. In: USENIX 2014, pp. 941–955 (2014)
Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: AddressSanitizer: a fast address sanity checker. In: USENIX ATC 2012 (2012)
Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. In: PLDI 2009 (2009)
Nagarakate, S., Zhao, J., Martin, M.M., Zdancewic, S.: CETS: compiler enforced temporal safety for C. In: ISMM 2010 (2010)
Simpson, M.S., Barua, R.K.: MemSafe: ensuring the spatial and temporal memory safety of C at runtime. Softw.: Pract. Exp. 43(1), 93–128 (2013)
Bruening, D., Zhao, Q.: Practical memory checking with Dr. Memory. In: CGO 2011 (2011)
Necula, G.C., Condit, J., Harren, M., McPeak, S., Weimer, W.: CCured: type-safe retrofitting of legacy software. ACM Trans. Progr. Lang. Syst. 27(3), 477–526 (2005)
Eigler, F.C.: Mudflap: Pointer Use Checking for C/C++. In: GCC Developer’s Summit. Red Hat Inc (2003)
KASAN: The Kernel Address Sanitizer (2018). https://www.kernel.org/doc/html/v4.12/dev-tools/kasan.html
iTrust: Secure Water Treatment (SWaT) Testbed. https://itrust.sutd.edu.sg/research/testbeds/secure-water-treatment-swat/
Ahmed, C.M., Adepu, S., Mathur, A.: Limitations of state estimation based cyber attack detection schemes in industrial control systems. In: SCSP-W 2016 (2016)
Chekole, E.G., Castellanos, J.H., Ochoa, M., Yau, D.K.Y.: Enforcing memory safety in cyber-physical systems. In: Katsikas, S., et al. (eds.) SECPRE 2017, CyberICPS 2017. LNCS, vol. 10683, pp. 127–144. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72817-9_9
AddressSanitizer Github Repository. https://github.com/google/sanitizers/wiki/AddressSanitizerComparisonOfMemoryTools
KASAN Wiki: The Kernel Address Sanitizer Wiki (2018). https://github.com/google/kasan/wiki
KASAN Bug Report: List of Kernel Bugs Detected by KASan (2018). https://github.com/google/kasan/wiki/Found-Bugs
TOFINO SECURITY. https://www.tofinosecurity.com/blog/plc-security-risk-controller-operating-systems/
LinPAC. http://www.icpdas.com/root/product/solutions/pac/linpac/linpac-8000_introduction.html/
OpenPLC. http://www.openplcproject.com/
WAGO: Linux Programmable Fieldbus Controller
CERT.ORG: Vulnerability Notes Database
ScadaBR. http://www.scadabr.com.br/
Cooprider, N., Archer, W., Eide, E., Gay, D., Regehr, J.: Efficient memory safety for TinyOS. In: SenSys 2007, pp. 205–218 (2007)
The Deputy Project (2007). http://deputy.cs.berkeley.edu
Gay, D., Levis, P., von Behren, R., Welsh, M., Brewer, E., Culler, D.: The nesC language: a holistic approach to networked embedded systems. In: PLDI 2003 (2003)
Zhang, H., Shu, Y., Cheng, P., Chen, J.: Privacy and performance trade-off in cyber-physical systems. IEEE Netw. 30(2), 62–66 (2016)
Stefanov, A., Liu, C.C., Govindarasu, M., Wu, S.S.: SCADA modeling for performance and vulnerability assessment of integrated cyber-physical systems. Intern. Trans. Electr. Energy Syst. 25(3), 498–519 (2015)
Vuong, T.P., Loukas, G., Gan, D.: Performance evaluation of cyber-physical intrusion detection on a robotic vehicle. In: IEEE International Conference On Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (2015)
Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks. In: SP 2016 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Chekole, E.G., Chattopadhyay, S., Ochoa, M., Huaqun, G. (2018). Enforcing Full-Stack Memory-Safety in Cyber-Physical Systems. In: Payer, M., Rashid, A., Such, J. (eds) Engineering Secure Software and Systems. ESSoS 2018. Lecture Notes in Computer Science(), vol 10953. Springer, Cham. https://doi.org/10.1007/978-3-319-94496-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-94496-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-94495-1
Online ISBN: 978-3-319-94496-8
eBook Packages: Computer ScienceComputer Science (R0)