SaTC: CORE: Small: Enhanced Security and Reliability for Embedded Control Systems

SaTC：CORE：小型：增强嵌入式控制系统的安全性和可靠性

• 批准号: 1813004
• 负责人: Frank Mueller
• 金额: $ 50万
• 依托单位: North Carolina State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2023-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1813004&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Enhanced; Security

Today, embedded devices are ubiquitous. These devices are inherently networked, which exposes them to malware attacks. Windows devices remain the most prominent targets of malware attacks to date. But this playing field is quickly changing, as demonstrated with firmware attacks to private access points or closed-circuit television cameras. Other intrusions to industrial and governmental infrastructure have been reported in the power grid, for industrial control and automotive systems, even in small devices in private homes that are networked, often referred to as the Internet-of-Things. As our daily lives increasingly rely on such devices, malware attacks pose a severe risk. Yet, limited computational capabilities constrain embedded security measures. Even worse, execution of malware code in control systems may result in a time lag of control actions. Such delays may result in property damage, catastrophic failures and even lost lives. Hence, the effect of malware on not just system functionality but also timings is critical.This project will reshape the landscape of protection for networked control devices as novel timing-based protection mechanisms across the entire software stack will complement traditional cybersecurity methods to significantly enhance safety and reliability. The investigator will promote participation of students from under-represented groups, with emphasis on educating and training PhD students from these groups. The investigator will also work with long-term industry partners to turn these efforts into practical impact through transfer of techniques and other means of outreachThe overall objective of this work is to significantly increase cyber security across embedded and networked computing devices by developing real-time monitoring techniques that defeat cyber-attacks. The project hypothesizes that these devices can be enhanced by a novel class of malware detection approaches that rely on fine-grained timing information of such devices. The premise is that embedded devices are subject to control systems with soft or even hard real-time constraints. The execution path of such control code on embedded devices thus follows a stringent and predictable behavior, which can be characterized by timing analysis. Once upper bounds on timings along execution paths are established, this information not only aids in the verification of timing constraints, but it can also be exploited to detect deviations from the certified timing behavior. Timing-based malware detection thus provides a means for non-stop system integrity. What is more, it can be used to trigger transitions into a safe operating mode at an early intrusion detection point to prevent anomalous behavior from escalating.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

今天，嵌入式设备无处不在。这些设备本质上是联网的，这使它们容易受到恶意软件的攻击。到目前为止，Windows设备仍然是恶意软件攻击的最主要目标。但这种竞争环境正在迅速变化，对私人接入点或闭路电视摄像头的固件攻击就证明了这一点。据报道，对工业和政府基础设施的其他入侵也出现在电网、工业控制和汽车系统中，甚至是在私人家庭中联网的小型设备中，通常被称为物联网。随着我们的日常生活越来越依赖这些设备，恶意软件攻击构成了严重的风险。然而，有限的计算能力限制了嵌入式安全措施。更糟糕的是，在控制系统中执行恶意软件代码可能导致控制动作的时间滞后。这样的拖延可能会导致财产损失、灾难性的失败，甚至造成生命损失。因此，恶意软件对系统功能和计时的影响是至关重要的。该项目将重塑网络控制设备的保护格局，因为整个软件堆栈中基于计时的新型保护机制将补充传统的网络安全方法，以显著增强安全性和可靠性。调查员将促进代表性不足群体的学生参与，重点是教育和培训这些群体的博士生。调查人员还将与长期的行业合作伙伴合作，通过转让技术和其他外展手段，将这些努力转化为实际影响。这项工作的总体目标是通过开发击败网络攻击的实时监控技术，显著提高嵌入式和联网计算设备的网络安全。该项目假设，这些设备可以通过一种新型的恶意软件检测方法来增强，这些方法依赖于此类设备的细粒度计时信息。前提是嵌入式设备受制于具有软甚至硬实时约束的控制系统。因此，这种控制代码在嵌入式设备上的执行路径遵循严格和可预测的行为，这可以通过时序分析来表征。一旦建立了沿执行路径的计时的上限，该信息不仅有助于验证计时约束，而且还可以利用它来检测与经认证的计时行为的偏差。因此，基于时序的恶意软件检测提供了一种不间断系统完整性的手段。更重要的是，它可以用来在早期入侵检测点触发到安全运行模式的转换，以防止异常行为升级。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

T-SYS: Timed-Based System Security for Real-Time Kernels

T-SYS：实时内核的基于时间的系统安全

• DOI: 10.1109/iccps54341.2022.00029
• 发表时间: 2022
• 期刊: International Conference on Cyber-Physical Systems
• 作者: McDonald, Brayden;Mueller, Frank
• 通讯作者: Mueller, Frank

Hiding DRAM Refresh Overhead in Real-Time Cyclic Executives

在实时循环执行中隐藏 DRAM 刷新开销

• 发表时间: 2019
• 期刊: Real-Time Systems Symposium (RTSS
• 作者: Pan, Xing;Mueller, Frank
• 通讯作者: Mueller, Frank

Machine Learning Enhanced Real-Time Intrusion Detection Using Timing Information

• 发表时间: 2018
• 作者: Hang Xu;F. Mueller

CLAIRE: Enabling Continual Learning for Real-time Autonomous Driving with a Dual-head Architecture

• DOI: 10.1109/isorc52572.2022.9812816
• 发表时间: 2022-05
• 期刊: 2022 IEEE 25th International Symposium On Real-Time Distributed Computing (ISORC)
• 作者: Hao Zhang-

The Colored Refresh Server for DRAM

DRAM 彩色刷新服务器

• DOI: 10.1109/isorc.2019.00015
• 发表时间: 2019
• 期刊: IEEE International Symposium on Real-Time Computing (ISORC
• 作者: Pan, Xing;Mueller, Frank
• 通讯作者: Mueller, Frank