• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Microprocessors and microsystems >Integrated moving target defense and control reconfiguration for securing Cyber-Physical systems
【24h】

Integrated moving target defense and control reconfiguration for securing Cyber-Physical systems

机译:集成的移动目标防御和控制重新配置,可确保网络物理系统的安全

获取原文
获取原文并翻译 | 示例
       
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

With the increasingly connected nature of Cyber-Physical Systems (CPS), new attack vectors are emerging that were previously not considered in the design process. Specifically, autonomous vehicles are one of the most at risk CPS applications, including challenges such as a large amount of legacy software, non-trusted third party applications, and remote communication interfaces. With zero day vulnerabilities constantly being discovered, an attacker can exploit such vulnerabilities to inject malicious code or even leverage existing legitimate code to take over the cyber part of a CPS. Due to the tightly coupled nature of CPS, this can lead to altering physical behavior in an undesirable or devastating manner. Therefore, it is no longer effective to reactively harden systems, but a more proactive approach must be taken. Moving target defense (MTD) techniques such as instruction set randomization (ISR), and address space randomization (ASR) have been shown to be effective against code injection and code reuse attacks. However, these MID techniques can result in control system crashing which is unacceptable in CPS applications since such crashing may cause catastrophic consequences. Therefore, it is crucial for MTD techniques to be complemented by control reconfiguration to maintain system availability in the event of a cyberattack. This paper addresses the problem of maintaining system and security properties of a CPS under attack by integrating moving target defense techniques, as well as detection, and recovery mechanisms to ensure safe, reliable, and predictable system operation. Specifically, we consider the problem of detecting code injection as well as code reuse attacks, and reconfiguring fast enough to ensure the safety and stability of autonomous vehicle controllers are maintained. By using MTD such as ISR, and ASR, our approach provides the advantage of preventing attackers from obtaining the reconnaissance knowledge necessary to perform code injection and code reuse attacks, making sure attackers can't find vulnerabilities in the first place. Our system implementation includes a combination of runtime MTD utilizing AES 256 ISR and fine grained ASR, as well as control management that utilizes attack detection, and reconfiguration capabilities. We evaluate the developed security architecture in an autonomous vehicle case study, utilizing a custom developed hardware-in-the-loop testbed. (C) 2019 Elsevier B.V. All rights reserved.
机译:随着网络物理系统(CPS)的联系性质日益紧密,出现了新的攻击媒介,这些攻击媒介以前在设计过程中并未考虑。具体而言,自动驾驶汽车是CPS风险最高的应用之一,其中包括大量遗留软件,不受信任的第三方应用程序和远程通信接口等挑战。随着零日漏洞的不断发现,攻击者可以利用这些漏洞来注入恶意代码,甚至利用现有的合法代码来接管CPS的网络部分。由于CPS的紧密耦合特性,这可能导致以不希望的或破坏性的方式改变身体行为。因此,对系统进行反应性强化不再有效,而必须采取更主动的方法。诸如指令集随机化(ISR)和地址空间随机化(ASR)之类的移动目标防御(MTD)技术已被证明可有效抵御代码注入和代码重用攻击。但是,这些MID技术可能导致控制系统崩溃,这在CPS应用程序中是不可接受的,因为这种崩溃可能会导致灾难性的后果。因此,至关重要的是,MTD技术必须通过控制重新配置来补充,以在发生网络攻击时维持系统可用性。本文通过集成移动目标防御技术以及检测和恢复机制来确保安全,可靠和可预测的系统操作,来解决遭受攻击的CPS的系统和安全性问题。具体来说,我们考虑了检测代码注入以及代码重用攻击,并进行足够快速的重新配置以确保维持自动驾驶控制器的安全性和稳定性的问题。通过使用诸如ISR和ASR之类的MTD,我们的方法具有防止攻击者获得执行代码注入和代码重用攻击所必需的侦察知识的优势,从而确保攻击者首先无法找到漏洞。我们的系统实现包括结合使用AES 256 ISR和细粒度ASR的运行时MTD,以及利用攻击检测和重新配置功能的控制管理。我们利用自定义开发的硬件在环测试平台在自动驾驶汽车案例研究中评估开发的安全体系结构。 (C)2019 Elsevier B.V.保留所有权利。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号