CAREER: Foundations for Real-Time System Security

职业：实时系统安全的基础

• 批准号: 2046705
• 负责人: Gedare Bloom
• 金额: $ 59.99万
• 依托单位: University of Colorado at Colorado Springs
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-07-01 至 2026-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2046705&HistoricalAwards=false
• 关键词: CAREER; Foundations; Real; Time; System

A real-time system is an electro-mechanical computing platform that controls a physical process and must respond to inputs before a bounded time known as a deadline. When the deadline is missed, disaster can happen. Safety-critical systems, cyber-physical systems (CPS), and critical infrastructure including cars, airplanes, power plants, manufacturing robots, satellites, electronic roadway signage, and more, all rely upon the correct, safe functioning of the underlying real-time system. When its security is compromised, the improper functioning of a real-time system can cause hazardous and deadly consequences. The objective of this project is to protect real-time systems from cyberattack. The outcomes of this effort are advancing theory and practice of real-time security to the public benefit by improving the national security posture and enhancing human safety.The objective of this project is to bring real-time security to the forefront as a research field by thoroughly characterizing the security challenges facing real-time systems. The effort revolves around investigating three key research aims. The first aim is formalizing the threats and solutions for securing real-time system schedules by way of understanding schedule-based attacks, mitigating such attacks with moving target defense, and detecting schedule violations with a specification-based intrusion detection system. The second aim enables securely using trusted execution environments in real-time embedded systems including response-time analysis, integration with the open-source Real-Time Executive for Multiprocessor Systems (RTEMS), and enhancing resistance to side-channel attacks. The third aim mitigates the threats introduced by fault tolerance mechanisms in real-time systems to enhance the security of fault recovery by creating frameworks for unprivileged and proactive recovery mechanisms. The integrative educational and broadening participation activities of this project advance the cybersecurity workforce development necessary to address skills gaps and shortages in the profession. Widespread adoption of the successful outcomes of this project will positively impact a broad range of CPS and critical infrastructure assets.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

实时系统是一个控制物理过程的机电计算平台，必须在一个被称为截止日期的限定时间之前对输入做出响应。如果错过了最后期限，灾难可能会发生。安全关键系统、网络物理系统(CP)和关键基础设施(包括汽车、飞机、发电厂、制造机器人、卫星、电子道路标志等)都依赖于底层实时系统的正确、安全运行。当其安全受到威胁时，实时系统的不正常运行可能会导致危险和致命的后果。该项目的目标是保护实时系统免受网络攻击。这一努力的成果是通过改善国家安全态势和增强人类安全，推动实时安全的理论和实践造福公众。本项目的目标是通过彻底表征实时系统面临的安全挑战，将实时安全作为研究领域的前沿。这项工作围绕着调查三个关键的研究目标展开。第一个目标是通过理解基于调度的攻击，通过移动目标防御来缓解此类攻击，以及使用基于规范的入侵检测系统来检测调度违规，来形式化用于保护实时系统调度的威胁和解决方案。第二个目标是在实时嵌入式系统中安全地使用可信执行环境，包括响应时间分析、与开源多处理器系统实时执行(RTEMS)的集成，以及增强对旁路攻击的抵抗力。第三个目标是通过创建非特权和主动恢复机制的框架来缓解实时系统中容错机制带来的威胁，以增强故障恢复的安全性。该项目的综合教育和扩大参与活动促进了必要的网络安全工作人员发展，以解决该专业的技能差距和短缺问题。该项目的成功成果的广泛采用将对广泛的CPS和关键基础设施资产产生积极影响。该奖项反映了NSF的法定使命，并已通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Evaluating Feature Robustness for Windows Malware Family Classification

评估 Windows 恶意软件家族分类的功能稳健性

• DOI: 10.1109/icccn54977.2022.9868914
• 发表时间: 2022
• 期刊: 2022 International Conference on Computer Communications and Networks
• 作者: Duby, Adam;Taylor, Teryl;Bloom, Gedare;Zhuang, Yanyan
• 通讯作者: Zhuang, Yanyan

A Framework for Consistent and Repeatable Controller Area Network IDS Evaluation

• DOI: 10.14722/autosec.2022.23031
• 发表时间: 2022
• 期刊: Proceedings Fourth International Workshop on Automotive and Autonomous Vehicle Security
• 作者: Paul Agbaje;A. Anjum;Arkajyoti Mitra;Gedare Bloom;Habeeb Olufowobi

Survey of Interoperability Challenges in the Internet of Vehicles

• DOI: 10.1109/tits.2022.3194413
• 发表时间: 2022-12
• 期刊: IEEE Transactions on Intelligent Transportation Systems
• 影响因子: 8.5
• 作者: Paul Agbaje;A. Anjum;Arkajyoti Mitra;Emmanuel Oseghale;Gedare Bloom;Habeeb Olufowobi

Secure Reboots for Real-Time Cyber-Physical Systems

实时网络物理系统的安全重启

• DOI: 10.1145/3560826.3563384
• 发表时间: 2022
• 期刊: Proceedings of the 4th Workshop on CPS & IoT Security and Privacy
• 作者: Banerjee, Vijay;Hounsinou, Sena;Olufowobi, Habeeb;Hasan, Monowar;Bloom, Gedare
• 通讯作者: Bloom, Gedare

Vulnerability of Controller Area Network to Schedule-Based Attacks

• DOI: 10.1109/rtss52674.2021.00051
• 发表时间: 2021-12
• 期刊: 2021 IEEE Real-Time Systems Symposium (RTSS)
• 作者: Sena Hounsinou;Mark Stidd;Uchenna Ezeobi;Habeeb Olufowobi;M. Nasri;Gedare Bloom