CAREER: Resilient Execution with Bounded-Time Recovery (REBOUND)

职业生涯：具有有限时间恢复（REBOUND）的弹性执行

• 批准号: 1750158
• 负责人: Linh Thi Xuan Phan
• 金额: $ 47.54万
• 依托单位: University of Pennsylvania
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-09-01 至 2024-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1750158&HistoricalAwards=false
• 关键词: CAREER; Resilient; Execution; Bounded; Time

This project develops new ways to defend critical infrastructure systems, such as factory control networks, medical devices, or power plants, against attacks. These systems directly interact with the physical world, so a successful attack can have serious consequences: for instance, a compromised chemical plant could have severe environmental consequences, and a compromised medical device could result in injury or death. Contemporary security mechanisms, however, can be inadequate for at two reasons. First, current defenses tend to be quite heavyweight, which makes them difficult to apply to resource-constrained infrastructure systems. And second, timing is critical: current defenses tend to focus on preventing systems from 'doing the wrong thing' or 'failing to do the right thing', as opposed to preventing systems from 'doing the right thing at the wrong time', which is often just as damaging. To address this problem, this project creates stronger defense mechanisms tailored specifically for infrastructure systems. The new mechanisms explicitly take timing into account, are expected to have lower cost, and will initially be applied to automotive systems in collaboration with a major car manufacturer. The principal investigator will organize tutorials for practitioners, and will enhance the curriculum of the Master's in Embedded Systems program at the University of Pennsylvania with more coverage of Internet-of-Things security. She is also developing a series of outreach activities to improve the representation of women and minorities in the real-time systems community. Collaborations with the law school and the medical school at the University of Pennsylvania will investigate how to use the new techniques to improve the legal framework for infrastructure systems, by offering better accountability for product defects, for example, and how to apply them to improve the security of medical systems. This project pursues an approach called bounded-time recovery. Unlike many existing techniques, bounded time recovery does not attempt to mask all symptoms of an attack, which existing defenses do at great cost; rather, it leverages the fact that many systems cannot change their state arbitrarily quickly, due to properties such as inertia or thermal capacity, and can thus already tolerate brief disruptions, provided the system quickly returns to a correct state. This approach seeks guarantees that 1) the system will meet its timing requirements in the absence of an attack, and that 2) when under attack, the system will return to a correct state within a bounded amount of time, potentially after reconfiguring itself to exclude compromised nodes. The goal is to provide these guarantees in the Byzantine model, that is, without a priori knowledge of what the attacks will look like, or which nodes will be attacked. To achieve this goal, the project will construct practical algorithms for (provably) detecting attacks within bounded time, based on techniques such as tamper-evident logs and cryptographic evidence; create methods for recovering from detected attacks within bounded time, using ideas from multi-mode systems; and produce reusable implementations of the new techniques that will be widely disseminated and made available under an open-source license.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目开发了保护关键基础设施系统（如工厂控制网络、医疗设备或发电厂）免受攻击的新方法。这些系统直接与物理世界交互，因此成功的攻击可能会产生严重的后果：例如，受损的化工厂可能会产生严重的环境后果，受损的医疗设备可能会导致受伤或死亡。然而，当代安全机制可能由于两个原因而不足。首先，当前的防御往往是相当重量级的，这使得它们难以应用于资源受限的基础设施系统。其次，时机至关重要：当前的防御往往侧重于防止系统“做错误的事情”或“未能做正确的事情”，而不是防止系统“在错误的时间做正确的事情”，这通常同样具有破坏性。为了解决这个问题，该项目创建了专门为基础设施系统量身定制的更强大的防御机制。新机制明确考虑了时间，预计成本较低，最初将与一家大型汽车制造商合作应用于汽车系统。首席研究员将为从业人员组织教程，并将加强宾夕法尼亚大学嵌入式系统硕士课程的课程，更多地覆盖物联网安全。她还在开展一系列外联活动，以提高妇女和少数群体在实时系统社区中的代表性。与宾夕法尼亚大学法学院和医学院的合作将研究如何使用新技术来改善基础设施系统的法律的框架，例如，通过为产品缺陷提供更好的问责制，以及如何应用它们来提高医疗系统的安全性。该项目采用一种称为有限时间恢复的方法。与许多现有技术不同，有界时间恢复并不试图掩盖攻击的所有症状，现有的防御措施需要付出巨大的代价;相反，它利用了许多系统由于惯性或热容量等属性而无法任意快速改变其状态的事实，因此可以容忍短暂的中断，只要系统快速返回到正确的状态。这种方法寻求保证：1）系统将在没有攻击的情况下满足其定时要求，以及2）当受到攻击时，系统将在有限的时间内返回到正确的状态，可能是在重新配置自身以排除受损节点之后。我们的目标是在拜占庭模型中提供这些保证，也就是说，没有关于攻击会是什么样子或哪些节点将被攻击的先验知识。为了实现这一目标，该项目将构建实用的算法，基于防篡改日志和加密证据等技术，在有限时间内（可证明地）检测攻击;使用多模式系统的思想，创建在有限时间内从检测到的攻击中恢复的方法;并产生新技术的可重复使用的实现，这些实现将在一个开放的该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

REBOUND: defending distributed systems against attacks with bounded-time recovery

• DOI: 10.1145/3447786.3456257
• 发表时间: 2021-04
• 期刊: Proceedings of the Sixteenth European Conference on Computer Systems
• 作者: N. Gandhi;Edo Roth;Brian Sandler;Andreas Haeberlen;L. T. Phan

DNA: Dynamic Resource Allocation for Soft Real-Time Multicore Systems

DNA：软实时多核系统的动态资源分配

• DOI: 10.1109/rtas52030.2021.00024
• 发表时间: 2021
• 期刊: Proceedings of the 27th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS '21
• 作者: Gifford, Robert;Gandhi, Neeraj;Phan, Linh Thi;Haeberlen, Andreas
• 通讯作者: Haeberlen, Andreas

Real-Time Packet-Based Intrusion Detection on Edge Devices

边缘设备上基于数据包的实时入侵检测

• DOI: 10.1145/3576914.3587551
• 发表时间: 2023
• 期刊: 2nd International Workshop on Real-Time and IntelliGent Edge Computing (RAGE
• 作者: Borgioli, Niccolò;Thi Xuan Phan, Linh;Aromolo, Federico;Biondi, Alessandro;Buttazzo, Giorgio
• 通讯作者: Buttazzo, Giorgio

Mitigating Computational Constraints via Adaptive Control and Resource Allocation Co-design.

通过自适应控制和资源分配协同设计减轻计算约束。

• 发表时间: 2022
• 期刊: Workshop on Computation-Aware Algorithmic Design for Cyber-Physical Systems
• 作者: Linh Thi Xuan Phan;Ricardo G. Sanfelice
• 通讯作者: Ricardo G. Sanfelice

IGOR: Accelerating Byzantine Fault Tolerance for Real-Time Systems with Eager Execution

IGOR：通过 Eager Execution 加速实时系统的拜占庭容错

• 发表时间: 2021
• 期刊: IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS
• 作者: A. Loveless, R. Dreslinski