Cyber-Physical Systems (CPS) are being widely adopted in critical infrastructures, such as smart grids, nuclear plants, water systems, transportation systems, manufacturing and healthcare services, among others. However, the increasing prevalence of cyberattacks targeting them raises a growing security concern in the domain. In particular, memory-safety attacks, that exploit memory-safety vulnerabilities, constitute a major attack vector against real-time control devices in CPS. Traditional IT countermeasures against such attacks have limitations when applied to the CPS context: they typically incur in high runtime overheads; which conflicts with real-time constraints in CPS and they often abort the program when an attack is detected, thus harming availability of the system, which in turn can potentially result in damage to the physical world. In this work, we propose to enforce a full-stack memory-safety (covering user-space and kernel-space attack surfaces) based on secure compiling of PLCs to detect memory-safety attacks in CPS. Furthermore, to ensure availability, we enforce a resilient mitigation technique that bypasses illegal memory access instructions at runtime by dynamically instrumenting low-level code. We empirically measure the computational overhead caused by our approach on two experimental settings based on real CPS. The experimental results show that our approach effectively and efficiently detects and mitigates memory-safety attacks in realistic CPS.
翻译:在关键基础设施,如智能电网、核电厂、水系统、运输系统、制造和保健服务等,正在广泛采用网络-物理系统。然而,针对这些系统的网络攻击日益普遍,这引起了该领域越来越多的安全关切。特别是,利用记忆-安全弱点的记忆-安全攻击,构成了对CPS实时控制装置的主要攻击矢量。针对这些攻击的传统信息技术对策在应用CPS时有局限性:它们通常是在高运行时的间接费用中发生的;它们与CPS的实时限制相冲突,一旦发现攻击,它们往往会中断程序,从而损害系统的可用性,而这反过来又可能导致对实体世界的破坏。在这项工作中,我们提议在安全地汇编PLC以探测CPS的记忆-安全攻击时,实施全面的记忆-安全(覆盖用户-空间和内核-空间攻击表面)。此外,为确保可用,我们实施有弹性的减缓技术,在发现攻击发生时,在动态仪器运行时,它们往往会破坏程序,从而损害系统的可用性,从而可能损害系统的可用性,进而对物理世界造成破坏。在这项工作中,我们提议在安全性C实验性实验性地测量后有效测量我们的C测试结果。