On the Security of Safety-critical Embedded Systems: Who Watches the Watchers? Who Reprograms the Watchers?
Carlos Moreno, Sebastian Fischmeister
2017
Abstract
The increased level of connectivity makes security an essential aspect to ensure that safety-critical embedded systems deliver the level of safety for which they were designed. However, embedded systems designers face unique technological and economics challenges when incorporating security into their products. In this paper, we focus on two of these challenges unique to embedded systems, and propose novel approaches to address them. We first deal with the difficulties in successfully implementing runtime monitoring to ensure correctness in the presence of security threats. We highlight the necessity to implement runtime monitors as physically isolated subsystems, preferably with no (direct) connectivity, and we propose the use of program tracing through power consumption to this end. A second critical aspect is that of remote firmware upgrades: this is an essential mechanism to ensure the continuing security of a system, yet the mechanism itself can introduce severe security vulnerabilities. We propose a novel approach to ensure secure remote upgrades and sketch the details of an eventual implementation. It is our goal and hope that the computer security and embedded systems communities will discuss and evaluate the ideas that we present in this paper, to assess their effectiveness and applicability in practice.
References
- Avizienis et al. (2004). Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transactions on Dependable and Secure Computing, 1(1):11- 33.
- Cho, K.-T. and Shin, K. G. (2016). Fingerprinting Electronic Control Units for Vehicle Intrusion Detection. USENIX Security Symposium.
- Clark et al. (2013). WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices. USENIX Workshop on Health Information Technologies.
- Computerworld Magazine (2012). Pacemaker Hack Can Deliver Deadly 830-Volt Jolt.
- Hankerson, D., Menezes, A., and Vanstone, S. (2004). Guide to Elliptic Curve Cryptography. SpringerVerlag.
- Havelund, K. (2008). Runtime Verification of C Programs. In International Conference on Testing of Software and Communicating Systems.
- Herder, C., Yu, M.-D., Koushanfar, F., and Devadas, S. (2014). Physical Unclonable Functions and Applications: A Tutorial. Proceedings of the IEEE, 102(8).
- International Electrotechnical Commission (2006). Nuclear Power Plants - Instrumentation and Control Systems Important to Safety - Software Aspects for ComputerBased Systems Performing Category A Functions (IEC-60880).
- International Office for Standardization (2011). International Standard ISO-26262 - Road Vehicles Functional Safety.
- Langner, R. (2011). Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Security & Privacy.
- Liu et al. (2016). On Code Execution Tracking via Power Side-Channel. In ACM Conference on Computer and Communications Security. ACM.
- McAfee (2015). Automotive security best practices.
- Miller, C. and Valasek, C. (2015). Remote Exploitation of an Unaltered Passenger Vehicle.
- Miller, C. and Valasek, C. (2016). Advanced CAN Injection Techniques for Vehicle Networks.
- Möller, B., Duong, T., and Kotowicz, K. (2014). This POODLE Bites: Exploiting The SSL 3.0 Fallback - Security Advisory.
- Moreno, C. and Fischmeister, S. (2016). Non-intrusive Runtime Monitoring Through Power Consumption: A Signals and System Analysis Approach to Reconstruct the Trace. International Conference on Runtime Verification (RV'16).
- Moreno, C., Fischmeister, S., and Hasan, M. A. (2013). Non-intrusive Program Tracing and Debugging of Deployed Embedded Systems Through Side-Channel Analysis. Conference on Languages, Compilers and Tools for Embedded Systems.
- Moreno, C., Kauffman, S., and Fischmeister, S. (2016). Efficient Program Tracing and Monitoring Through Power Consumption - With A Little Help From The Compiler. In Design, Automation, and Test in Europe (DATE).
- Msgna, M., Markantonakis, K., and Mayes, K. (2013). The B-side of side channel leakage: control flow security in embedded systems. In International Conference on Security and Privacy in Communication Systems, pages 288-304. Springer.
- Navabpour et al. (2013). RiTHM: A Tool for Enabling Time-triggered Runtime Verification for C Programs. In Foundations of Software Engineering. ACM.
- National Institute for Standards in Technology (2014). BASH Shellshock - CVE-2014-6271 (Exported function through environment variable).
- OpenSSL Team (2014). OpenSSL Heartbeat Read Overrun - CVE-2014-0160.
- Pnueli, A. and Zacks, A. (2006). PSL Model Checking and Run-Time Verification via Testers. International Symposium on Formal Methods.
- RTCA / EUROCAE (2012). DO-1'C: Software Considerations in Airborne Systems and Equipment Certification.
- SAE International (2016). Cybersecurity Guidebook for Cyber-Physical Vehicle Systems.
Paper Citation
in Harvard Style
Moreno C. and Fischmeister S. (2017). On the Security of Safety-critical Embedded Systems: Who Watches the Watchers? Who Reprograms the Watchers? . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 493-498. DOI: 10.5220/0006228304930498
in Bibtex Style
@conference{icissp17,
author={Carlos Moreno and Sebastian Fischmeister},
title={On the Security of Safety-critical Embedded Systems: Who Watches the Watchers? Who Reprograms the Watchers?},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={493-498},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006228304930498},
isbn={978-989-758-209-7},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - On the Security of Safety-critical Embedded Systems: Who Watches the Watchers? Who Reprograms the Watchers?
SN - 978-989-758-209-7
AU - Moreno C.
AU - Fischmeister S.
PY - 2017
SP - 493
EP - 498
DO - 10.5220/0006228304930498