Stanley Bak University of Illinois at UrbanaChampaign Some slides from Joel Van Der Woude Problem Cyberphysical systems are vulnerable to cyber attack Attacks on critical infrastructure bring physical consequences ID: 535506
Download Presentation The PPT/PDF document "Hardware Control Flow Protection for Cyb..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Hardware Control Flow Protection for Cyber-Physical Systems
Stanley BakUniversity of Illinois at Urbana-Champaign
(Some slides from Joel
Van Der
Woude
)Slide2
Problem
Cyber-physical systems are vulnerable to cyber attack.Attacks on critical infrastructure bring physical consequences.Slide3
Typical Attacks
Remote code executionBuffer overflowsReturn into libcString format vulnerabilitiesCode injectionNetwork attacksDenial of serviceMITMSocial EngineeringSlide4
Secure System Simplex Architecture
(S3A) Slide5
What Side Channels?
Timing of Multiple Task Executions
Statistical Timing of Blocks of Code
I/O Access
Memory Access Patterns
Program Control FlowSlide6
What Side Channels?
Timing of Multiple Task Executions
Statistical Timing of Blocks of Code
I/O Access
Memory Access
Program Control FlowSlide7
Control Flow Monitoring
Control flow possible paths a program may take to executeEnumerates jumps/calls/branches to create a “map” of possible “routes” through a programDoes not guarantee that the proper instructions were executed, only that blocks were executed in a plausible orderSlide8
Our Approach
Detect unexpected changes in control flowImplement secure co-processor to limit overheadCreate tool to generate a control flow graph that can be read by the co-processorFail safely using a trusted Simplex controllerRestore complex controller and return controlSlide9
CFG Info
We watch for changes in “blocks”Each block represents a set of instructionsAddress of blockNumber of instructionsTaken blockNot taken blockSlide10
Detection
If PC is outside the “block”Is it the address of taken?Is it the address of not taken?If not we have detected a problemCould be caused by an attacker overwriting a return addressSlide11
Current Issues
Large codeMultiple processesOperating system (do we trust?)Polymorphic codeMore general purpose computingHow do we ensure that each program has a control flow graph?Slide12
Conclusion
CPS SecurityHardware Control Flow ProtectionCurrently ImplementingQuestions?