120 likes | 296 Views
Hardware Control Flow Protection for Cyber-Physical Systems. Stanley Bak University of Illinois at Urbana-Champaign. (Some slides from Joel Van Der Woude ). Problem . Cyber-physical systems are vulnerable to cyber attack. Attacks on critical infrastructure bring physical consequences.
E N D
Hardware Control Flow Protection for Cyber-Physical Systems Stanley Bak University of Illinois at Urbana-Champaign (Some slides from Joel Van Der Woude)
Problem • Cyber-physical systems are vulnerable to cyber attack. • Attacks on critical infrastructure bring physical consequences.
Typical Attacks • Remote code execution • Buffer overflows • Return into libc • String format vulnerabilities • Code injection • Network attacks • Denial of service • MITM • Social Engineering
What Side Channels? • Timing of Multiple Task Executions • Statistical Timing of Blocks of Code • I/O Access • Memory Access Patterns • Program Control Flow
What Side Channels? • Timing of Multiple Task Executions • Statistical Timing of Blocks of Code • I/O Access • Memory Access • Program Control Flow
Control Flow Monitoring • Control flow possible paths a program may take to execute • Enumerates jumps/calls/branches to create a “map” of possible “routes” through a program • Does not guarantee that the proper instructions were executed, only that blocks were executed in a plausible order
Our Approach • Detect unexpected changes in control flow • Implement secure co-processor to limit overhead • Create tool to generate a control flow graph that can be read by the co-processor • Fail safely using a trusted Simplex controller • Restore complex controller and return control
CFG Info • We watch for changes in “blocks” • Each block represents a set of instructions • Address of block • Number of instructions • Taken block • Not taken block
Detection • If PC is outside the “block” • Is it the address of taken? • Is it the address of not taken? • If not we have detected a problem • Could be caused by an attacker overwriting a return address
Current Issues • Large code • Multiple processes • Operating system (do we trust?) • Polymorphic code • More general purpose computing • How do we ensure that each program has a control flow graph?
Conclusion • CPS Security • Hardware Control Flow Protection • Currently Implementing • Questions?