Secure Real Time Embedded Systems

1
Secure Real TimeEmbedded Systems

• Sherif Khattab and Daniel Mossé
• University of Pittsburgh
• Computer Science Department

2
Embedded Systems

• Before isolated, closed systems
• Later connected thru dedicated phone lines
• Now, web connected control can be done remotely
• Convenience costs LOTS of remote security issues
• Safety and security are big issues, since these
  systems (now on the web) control actual
  industrial plants and other devices
• Attackers goal compromise data and deadlines
• Defenders goal satisfy deadlines, despite
  overhead

3
POTS? Voice over IP?

• Assume VoIP is widespread (skype anyone?)
• Assume compromised nodes can attack POTS
• Use VoIP to attack dialup control systems
• Distributed Denial of Service lots of VoIP
  clients compromised attack control system to a
  slow or fast death

4
Denial of Service

• DoS attacks cause system overload, overloads
  cause timing failures (missed deadlines, control
  period)
• System needs to react when it cannot
• Suggested approach reserve security bandwidth?
  RTSs are a perfect candidate
• Every new component creates a new vulnerability
• Make detection a real-time task (temporally
  secure) characteristics? temporally vulnerable?
• Mitigating DoS attacks in RTSs or EmSys
• Mixture of static and dynamic analysis?
• Relation with imprecise, reward-based,
  version-based, elastic, , computing?
• Power grids, sensor networks, industrial control
  systems

5
DoS (dist system)

• More difficult problem
• Need to meet end to end deadlines
• Ensure that all messages arrive safely
• Network partitions are possible (common?)
• Distributed and quick detection may be needed
• Coordinated attacks are the norm
• Each compromised node is undetected
• Cooperation among hosts, routers and other
  network entities is essential/crucial
• Backward compatibility a must for early
  deployment

6
DoS (wireless system)

• Single attacker can influence many victims
• Physical proximity can also be compromised
• Need more defenses.
• Need localization services?

7
Requirements

• Need another property, namely security level
• Do we need YARTM? (yet another RT task model?)
• Include a measure of robustness and power/energy
• Complete model includes attackers capabilities
  and constraints (battery, CPU, etc), attack model
  (correlated attacks, spoofing attacks, etc)
• However, security is on the eye of the system
  integrator
• Need to provide tradeoffs
• Specification is needed
• Need to remember that data exists forever

8
Questions

• Define the difference between security and fault
  tolerance? Similar in RTSs? In EmSys?
• Find tradeoff of crypto/security deadline misses
• Need efficient intrusion detection mechanisms
• What is special (besides funding ?) in secure
  embedded systems?? Similar, but for small devs
• Cannot afford the power for public key crypto
• Need adaptive security does it compromise
  security?
• Relatively light attacks may be crippling
• What detection mechanisms can we use that satisfy
  all restrictions of embedded systems?