Abstract
Security in CPS-based real-time embedded systems controlling the power grid has been an afterthought, but it is becoming a critical issue as CPS systems are networked and inter-dependent. This work presents a set of mechanisms for timebased intrusion detection, i.e., the execution of unauthorized instructions in realtime CPS environments. The novelty is the utilization of information obtained by static timing analysis for intrusion detection. Real-time CPS systems are unique in that timing bounds on code sections are readily available since they are required for schedulability analysis.We demonstrate how micro-timings can be exploited for multiple granularity levels of application code to track execution progress. Through bounds checking of these micro-timings, we develop techniques to detect intrusions (1) in a self-checking manner by the application and (2) through the operating system scheduler, which are novel contributions to the real-time/embedded systems domain to the best of our knowledge.
This work was supported in part by NSF grants 1329780, 1239246, 0812121 and U.S. Army Research Office (ARO) grant W911NF-08-1-0105 managed by NCSU Secure Open Systems Initiative (SOSI). This is an extended version of a prior conference paper [50].
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aho, A.V., Sethi, R., Ullman, J.D.: Compilers – Principles, Techniques, and Tools. Addison-Wesley (1986)
Asfaw, B., Bekele, D., Eshete, B., Villafiorita, A., Weldemariam, K.: Host-based anomaly detection for pervasive medical systems. In: 2010 Fifth International Conference on Risks and Security of Internet and Systems, CRiSIS (2010)
Atanassov, P., Puschner, P.: Impact of dram refresh on the execution time of real-time tasks. In: Proc. IEEE International Workshop on Application of Reliable Computing and Communication, pp. 29–34 (2001)
Bak, S., Chivukula, D., Adekunle, O., Sun, M., Caccamo, M., Sha, L.: The system-level simplex architecture for improved real-time embedded system safety. In: IEEE Real-Time Embedded Technology and Applications Symposium, pp. 99–107 (2009)
Bernat, G., Colin, A., Petters, S.: Wcet analysis of probabilistic hard real-time systems. In: IEEE Real-Time Systems Symposium (2002)
Bhat, B., Mueller, F.: Making dram refresh predictable. In: Euromicro Conference on Real-Time Systems, pp. 145–154 (2010)
Bhat, B., Mueller, F.: Making dram refresh predictable. Real-Time Systems 47(5), 430–453 (2011)
Braberman, V., Felder, M., Marre, M.: Testing timing behavior of real-time software. International Software Quality Week (1997), http://citeseer.ist.psu.edu/braberman97testing.html
Burger, D., Austin, T., Bennett, S.: Evaluating future microprocessors: The simplescalar toolset. Tech. Rep. CS-TR-96-1308, University of Wisconsin - Madison, CS Dept. (1996)
Burger, D., Austin, T.M., Bennett, S.: Evaluating future microprocessors: The simplescalar tool set. Technical Report CS-TR-1996-1308, University of Wisconsin, Madison (1996)
C-Lab: Wcet benchmarks, http://www.c-lab.de/home/en/download.html
Chana, S.K., Karale, S.J.: Analysis of Intrusion Detection Response System (IDRS) In Cyber Physical Systems (Cps) Using Regular Expression (Regexp). IOSR Journal of Computer Engineering, IOSR-JCE (2014), http://dx.doi.org/10.6084/m9.figshare.1109874
Cowan, C., Beattie, S., Johansen, J., Wagle, P.: Pointguardtm: protecting pointers from buffer overflow vulnerabilities. In: SSYM 2003: Proceedings of the 12th Conference on USENIX Security Symposium, p. 7 (2003)
Crenshaw, T., Gunter, E., Robinson, C., Sha, L., Kumar, P.: The simplex reference model: Limiting fault-propagation due to unreliable components in cyber-physical system architectures. In: IEEE Real-Time Systems Symposium, pp. 400–412 (2007)
Dán, G., Sandberg, H., Ekstedt, M., Björkman, G.: Challenges in power system information security. IEEE Security Privacy 10(4), 62–70 (2012)
Gao, W., Morris, T., Reaves, B., Richey, D.: On scada control system command and response injection and intrusion detection. In: eCrime Researchers Summit (eCrime), pp. 1–9 (2010)
Hadeli, H., Schierholz, R., Braendle, M., Tuduce, C.: Leveraging determinism in industrial control systems for advanced anomaly detection and reliable security configuration. In: IEEE Conference on Emerging Technologies Factory Automation, ETFA 2009, pp. 1–8 (2009)
Healy, C.A., Arnold, R.D., Mueller, F., Whalley, D., Harmon, M.G.: Bounding pipeline and instruction cache performance. IEEE Transactions on Computers 48(1), 53–70 (1999)
Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: CCS 2003: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 272–280 (2003)
Kuperman, B., Brodley, C., Ozdoganoglu, H., Vijaykumar, T., Jalote, A.: Detection and prevention of stack buffer overflow attacks. Commun. ACM 48(11), 50–56 (2005)
Labrosse, J.: Micro C/OS-II. R & D Books (1998)
Lauf, A., Peters, R., Robinson, W.: Intelligent intrusion detection: A behavior-based approach. In: 21st Advanced Information Networking and Applications: Symposium for Embedded Computing (2007)
Lauf, A.P., Peters, R.A., Robinson, W.H.: A distributed intrusion detection system for resource-constrained devices in ad-hoc networks. Ad Hoc Netw. 8(3), 253–266 (2010)
Levy, E.: Crossover: Online pests plaguing the offline world. IEEE Security and Privacy 1(6), 71–73 (2003)
Liu, C., Layland, J.: Scheduling algorithms for multiprogramming in a hard-real-time environment. J. of the Association for Computing Machinery 20(1), 46–61 (1973)
Mitchell, R., Chen, I.: Effect of intrusion detection and response on reliability of cyber physical systems. IEEE Transactions on Reliability 62(1), 199–210 (2013)
Mitchell, R., Chen, I.R.: A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. 46(4), 55:1–55:29 (2014)
Mohan, S.: Worst-case execution time analysis of security policies for deeply embedded real-time systems. SIGBED Rev. 5(1), 1–2 (2008)
Mohan, S., Hawkins, F.M.W., Root, M., Whalley, D., Healy, C.: Parametric timing analysis and its application to dynamic voltage scaling. ACM Transactions on Embedded Computing Systems (2007) (accepted)
Mohan, S., Mueller, F.: Preserving timing anomalies in pipelines of high-end processors. Tech. Rep. TR 2007-13, Dept. of Computer Science, North Carolina State University (2008)
Mohan, S., Mueller, F., Hawkins, W., Root, M., Healy, C., Whalley, D.: Parascale: Expoliting parametric timing analysis for real-time schedulers and dynamic voltage scaling. In: IEEE Real-Time Systems Symposium, pp. 233–242 (2005)
Mohan, S., Mueller, F., Whalley, D., Healy, C.: Timing analysis for sensor network nodes of the atmega processor family. In: IEEE Real-Time Embedded Technology and Applications Symposium, pp. 405–414 (2005)
Moses, A.: ‘sinister’ integral energy virus outbreak a threat to power grid (2009), http://www.smh.com.au/technology/security/sinister-integral-energy-virus-outbreak-a-threat-to-power-grid-20091001-gdrx.html
Mueller, F.: Timing analysis for instruction caches. Real-Time Systems 18(2/3), 209–239 (2000)
Ravi, S., Raghunathan, A., Kocher, P., Hattangady, S.: Security in embedded systems: Design challenges. ACM Trans. Embed. Comput. Syst. 3(3), 461–491 (2004)
Seshadri, A., Perrig, A., van Doorn, L., Khosla, P.: Swatt: Software-based attestation for embedded devices. In: IEEE Symposium on Security and Privacy, p. 272 (2004)
Shacham, H., Page, M., Pfaff, B., Goh-Jin, E.J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: CCS 2004: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 298–307 (2004)
Shao, Z., Zhuge, Q., He, Y., Sha, E.H.M.: Defending embedded systems against buffer overflow via hardware/software. In: ACSAC 2003: Proceedings of the 19th Annual Computer Security Applications Conference, p. 352. IEEE Computer Society, Washington, DC (2003)
Shin, S., Kwon, T., Jo, G.Y., Park, Y., Rhy, H.: An experimental study of hierarchical intrusion detection for wireless industrial sensor networks. IEEE Transactions on Industrial Informatics 6(4), 744–757 (2010)
Son, S.H., Mukkamala, R., David, R.: Integrating security and real-time requirements using covert channel capacity. IEEE Transactions on Knowledge and Data Engineering 12, 865–879 (2000)
Venugopalan, R., Ganesan, P., Peddabachagari, P., Dean, A., Mueller, F., Sichitiu, M.: Encryption overhead for sensor networks and embedded systems: Modeling and analysis. In: Conference on Compilers, Architecture and Synthesis for Embedded Systems, pp. 188–197 (2003)
Wegener, J., Mueller, F.: A comparison of static analysis and evolutionary testing for the verification of timing constraints. Real-Time Systems 21(3), 241–268 (2001)
Whitham, J.: Real-time processor architectures for worst case execution time reduction. Ph.D. thesis, University of York (2008)
Wilhelm, R., Engblom, J., Ermedahl, A., Holsti, N., Thesing, S., Whalley, D., Bernat, G., Ferdinand, C., Heckmann, R., Mitra, T., Mueller, F., Puaut, I., Puschner, P., Staschulat, J., Stenstrom, P.: The worst-case execution time problem — overview of methods and survey of tools. ACM Transactions on Embedded Computing Systems 7(3), 1–53 (2008)
Wu, B., Chen, J., Wu, J., Cardei, M.: A survey of attacks and countermeasures in mobile ad hoc networks. Wireless Network Security 30(3), 103–135 (2007)
Xie, T., Qin, X., Lin, M.: Open issues and challenges in security-aware real-time scheduling for distributed systems. Journal of Information 6(9) (2006)
Zhang, L., White, G.B.: Analysis of payload based application level network anomaly detection. In: HICSS 2007: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, p. 99 (2007)
Zhang, Y., Lee, W.: Intrusion detection in wireless ad-hoc networks. In: MobiCom 2000: Proceedings of the 6th Annual International Conference on Mobile Computing and Networking, pp. 275–283 (2000)
Zhang, Y., Lee, W., Huang, Y.A.: Intrusion detection techniques for mobile wireless networks. Wireless Networking 9(5), 545–556 (2003)
Zimmer, C., Bhat, B., Mueller, F., Mohan, S.: Time-based intrusion dectection in cyber-physical systems. In: International Conference on Cyber-Physical Systems, pp. 109–118 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Zimmer, C., Bhat, B., Mueller, F., Mohan, S. (2015). Intrusion Detection for CPS Real-Time Controllers. In: Khaitan, S., McCalley, J., Liu, C. (eds) Cyber Physical Systems Approach to Smart Electric Power Grid. Power Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45928-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-662-45928-7_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45927-0
Online ISBN: 978-3-662-45928-7
eBook Packages: EnergyEnergy (R0)