Automatic devices dominate the modern world. These appliances are capable of both basic and advanced tasks allowing people and companies to live in a more efficient and safer environment. The staggering development of telecommunications has enabled the implementation of a further step in automation of devices, connecting them to the internet in order to offer more functionalities and to collect useful data. However, the improved usability and increasing tailoring of the user experience has come at the prices of exposing more and more devices to potential cyber security threats. Several authors - like S. Yoon, Park, and Yoo, Hassan et al. and Deogirikar and Vidhate - have discussed the impact of a non-secure implementation of the Internet of Things (IoT) paradigm and how it can lead to both economic and physical damage. Risks are particularly severe in the case of Cyber-Physical Systems (CPS) that have a strong connection with the physical world. Many solutions have been proposed in order to avoid the remote exploitation of the devices as PROCT or the MINION architecture. In the case of real-time CPS, though, the industry has not yet been able to develop a standard to guarantee adequate security; the available solutions are not able to match the tight time constraints of real-time CPS and to meet the critical deadlines which are essential to ensure the safety of the devices. This works adds to this stream of research by introducing a novel approach to handle the specific case of real-time CPS. The proposed solution consists of a software architecture that makes use of ARM TrustZone for Cortex-M, a security feature implemented in hardware in the latest revisions of the class of microcontrollers commonly used in these devices. The desired outcome is achieved by adding a secure layer between the sensors and the actuators used by the device and the control algorithm. In addition to that, we also propose a semantic check that, exploiting control theory, can understand when the controller shows anomalous behaviours. This allows a real-time detection of potential issues in the device and can be used to apply a recovery strategy that is defined by a recovery policy. In this work, the presentation of the proposed architecture is complemented by a case study in which it is applied to an Anti-lock Braking System (ABS). In the case, the performances of the suggested approach have been tested and evaluated against the most meaningful remote attacks showing significantly improved stopping distances and suggesting promising results for further implementations.
I dispositivi automatici dominano il mondo moderno. Questi dispositivi sono in grado di svolgere compiti sia di base che avanzati, consentendo alle persone e alle industrie di vivere in un ambiente più efficiente e sicuro. La più recente tendenza, grazie ai progressi nelle telecomunicazioni, è stata quella di connettere questi dispositivi, per offrire funzionalità innovative e raccogliere dati. Questo, oltre ad evidenti benefici, ha comportato anche l'esposizione dei dispositivi ad Internet, con i conseguenti rischi per la sicurezza. È facile trovare in letteratura esempi che dimostrano l'impatto di un'implementazione non sicura del paradigma Internet of Things (IoT) e come questo può portare a danni sia economici che fisici. Ciò è particolarmente vero nel caso dei Cyber-Physical Systems (CPS) che hanno una forte connessione con il mondo fisico. Molte soluzioni sono state proposte per evitare attacchi remoti dei dispositivi. Nel caso di realtime Cyber-Physical Systems, però, c'è ancora molto lavoro da fare: è difficile utilizzare le soluzioni proposte a causa degli stringenti i vincoli temporali ed è fondamentale non introdurre ritardi per garantire la sicurezza del dispositivo. In questo lavoro viene presentato un nuovo approccio per gestire questo caso specifico. Consiste in un'architettura software che fa uso di ARM TrustZone per Cortex-M, una funzionalità di sicurezza implementata nell'hardware nelle ultime revisioni della classe di microcontrollori comunemente usata in questi dispositivi. Funziona aggiungendo uno strato sicuro tra i sensori e gli attuatori utilizzati dal dispositivo e dall'algoritmo di controllo. Oltre a ciò, proponiamo anche un controllo semantico che, sfruttando la teoria del controllo, è in grado di capire quando il comportamento del controllore si discosta da quello ideale. Ciò consente un rilevamento in tempo reale di un problema nel dispositivo e può essere utilizzato per applicare una strategia di recupero. Insieme alla presentazione dell'architettura, viene fornito anche un caso di studio in cui l'architettura viene applicata ad un sistema di antislittamento di un veicolo. Le sue prestazioni contro gli attacchi remoti più significativi sono state valutate e si è rivelato un'ottima soluzione per difendere il dispositivo.
A novel software architecture to secure real-time control systems
Pozone, Alessandro
2019/2020
Abstract
Automatic devices dominate the modern world. These appliances are capable of both basic and advanced tasks allowing people and companies to live in a more efficient and safer environment. The staggering development of telecommunications has enabled the implementation of a further step in automation of devices, connecting them to the internet in order to offer more functionalities and to collect useful data. However, the improved usability and increasing tailoring of the user experience has come at the prices of exposing more and more devices to potential cyber security threats. Several authors - like S. Yoon, Park, and Yoo, Hassan et al. and Deogirikar and Vidhate - have discussed the impact of a non-secure implementation of the Internet of Things (IoT) paradigm and how it can lead to both economic and physical damage. Risks are particularly severe in the case of Cyber-Physical Systems (CPS) that have a strong connection with the physical world. Many solutions have been proposed in order to avoid the remote exploitation of the devices as PROCT or the MINION architecture. In the case of real-time CPS, though, the industry has not yet been able to develop a standard to guarantee adequate security; the available solutions are not able to match the tight time constraints of real-time CPS and to meet the critical deadlines which are essential to ensure the safety of the devices. This works adds to this stream of research by introducing a novel approach to handle the specific case of real-time CPS. The proposed solution consists of a software architecture that makes use of ARM TrustZone for Cortex-M, a security feature implemented in hardware in the latest revisions of the class of microcontrollers commonly used in these devices. The desired outcome is achieved by adding a secure layer between the sensors and the actuators used by the device and the control algorithm. In addition to that, we also propose a semantic check that, exploiting control theory, can understand when the controller shows anomalous behaviours. This allows a real-time detection of potential issues in the device and can be used to apply a recovery strategy that is defined by a recovery policy. In this work, the presentation of the proposed architecture is complemented by a case study in which it is applied to an Anti-lock Braking System (ABS). In the case, the performances of the suggested approach have been tested and evaluated against the most meaningful remote attacks showing significantly improved stopping distances and suggesting promising results for further implementations.| File | Dimensione | Formato | |
|---|---|---|---|
|
ControlSystemsSecurityWithTrustZone.pdf
non accessibile
Dimensione
7.16 MB
Formato
Adobe PDF
|
7.16 MB | Adobe PDF | Visualizza/Apri |
I documenti in POLITesi sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/10589/166394