TY - GEN
T1 - Time-based intrusion detection in cyber-physical systems
AU - Zimmer, Christopher
AU - Bhat, Balasubramanya
AU - Mueller, Frank
AU - Mohan, Sibin
PY - 2010
Y1 - 2010
N2 - Embedded systems, particularly real-time systems with temporal constraints, are increasingly deployed in every day life. Such systems that interact with the physical world are also referred to as cyber-physical systems (CPS). These systems commonly find use in critical infrastructure from transportation to health care. While security in CPS-based real-time embedded systems has been an afterthought, it is becoming a critical issue as these systems are increasingly networked and inter-dependent. The advancement in their functionality has resulted in more conspicuous interfaces that may be exploited to attack them. In this paper, we present three mechanisms for time-based intrusion detection. More specifically, we detect the execution of unauthorized instructions in real-time CPS environments. Such intrusion detection utilizes information obtained by static timing analysis. For real-time CPS systems, timing bounds on code sections are readily available as they are already determined prior to the schedulability analysis. We demonstrate how to provide micro-timings for multiple granularity levels of application code. Through bounds checking of these micro-timings, we develop techniques to detect intrusions (1) in a self-checking manner by the application and (2) through the operating system scheduler, which are novel contributions to the real-time/embedded systems domain to the best of our knowledge.
AB - Embedded systems, particularly real-time systems with temporal constraints, are increasingly deployed in every day life. Such systems that interact with the physical world are also referred to as cyber-physical systems (CPS). These systems commonly find use in critical infrastructure from transportation to health care. While security in CPS-based real-time embedded systems has been an afterthought, it is becoming a critical issue as these systems are increasingly networked and inter-dependent. The advancement in their functionality has resulted in more conspicuous interfaces that may be exploited to attack them. In this paper, we present three mechanisms for time-based intrusion detection. More specifically, we detect the execution of unauthorized instructions in real-time CPS environments. Such intrusion detection utilizes information obtained by static timing analysis. For real-time CPS systems, timing bounds on code sections are readily available as they are already determined prior to the schedulability analysis. We demonstrate how to provide micro-timings for multiple granularity levels of application code. Through bounds checking of these micro-timings, we develop techniques to detect intrusions (1) in a self-checking manner by the application and (2) through the operating system scheduler, which are novel contributions to the real-time/embedded systems domain to the best of our knowledge.
KW - cyber-physical systems
KW - real-time systems
KW - security
KW - timing analysis
UR - http://www.scopus.com/inward/record.url?scp=77954606031&partnerID=8YFLogxK
U2 - 10.1145/1795194.1795210
DO - 10.1145/1795194.1795210
M3 - Conference contribution
AN - SCOPUS:77954606031
SN - 9781450300667
T3 - Proceedings of the 1st ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS '10
SP - 109
EP - 118
BT - Proceedings of the 1st ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS '10
T2 - 1st ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2010
Y2 - 13 April 2010 through 15 April 2010
ER -