Abstract
Cyber-Physical Systems (CPS) integrate computations and communications with physical processes and are being widely adopted in various application areas. However, the increasing prevalence of cyber attacks targeting them poses a growing security concern. In particular, attacks exploiting memory-safety vulnerabilities constitute a major attack vector against CPS, because embedded systems often rely on unsafe but fast programming languages to meet their hard time constraints. A wide range of countermeasures has been developed to provide protection against these attacks. However, the most reliable countermeasures incur in high runtime overheads. In this work, we explore the applicability of strong countermeasures against memory-safety attacks in the context of realistic Industrial Control Systems (ICS). To this end, we design an experimental setup, based on a secure water treatment plant (SWaT) to empirically measure the memory safety overhead (MSO) caused by memory-safe compilation of the Programmable Logic Controller (PLC). We then quantify the tolerability of this overhead in terms of the expected real-time constraints of SWaT. Our results show high effectiveness of the security measure in detecting memory-safety violations and a MSO (197.86 \(\upmu \text {s}\) per scan-cycle) that is also tolerable for the SWaT simulation. We also discuss how different parameters impact the execution time of PLCs and the resulting absolute MSO.
The original version of this chapter was revised. Eyasu Getahun Chekole’s name was corrected. An erratum to this chapter can be found at https://doi.org/10.1007/978-3-319-72817-9_18
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Sha, L., Gopalakrishnan, S., Liu, X., Wang, Q.: Cyber-physical systems: a new frontier. In: SUTC 2008 (2008)
Lee, E.A., Seshia, S.A.: Introduction to Embedded Systems - A Cyber-Physical Systems Approach, 2nd edn. Version 2.0 edn. (2015)
Lee, E.A.: Cyber physical systems: design challenges. In: ISORC 2008 (2008)
Basnight, Z., Butts, J., Lopez, J., Dube, T.: Firmware modification attacks on programmable logic controllers. IJCIP 6(2), 76–88 (2013)
Cui, A., Costello, M., Stolfo, S.J.: When firmware modifications attack: a case study of embedded exploitation. In: NDSS 2013 (2013)
MITRE: Common Vulnerabilities and Exposures. https://cve.mitre.org/
CVE-5814. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5814
CVE-6438. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6438
CVE-6436. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6436
CVE-0674. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0674
CVE-1449. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1449
CVE-0929. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0929
CVE-7937. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7937
CVE-5007. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5007
Berger, E.D., Zorn, B.G.: Diehard: probabilistic memory safety for unsafe languages. In: PLDI 2006 (2006)
Novark, G., Berger, E.D.: Dieharder: securing the heap. In: CCS 2010 (2010)
Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: CCS 2005, pp. 340–353 (2005)
Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: USENIX 2013 (2013)
Tice, C., Roeder, T., Collingbourne, P., Checkoway, S., Erlingsson, Ú., Lozano, L., Pike, G.: Enforcing forward-edge control-flow integrity in GCC & LLVM. In: USENIX 2014, pp. 941–955 (2014)
Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: Addresssanitizer: a fast address sanity checker. In: USENIX ATC 2012 (2012)
Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. In: PLDI 2009 (2009)
Nagarakate, S., Zhao, J., Martin, M.M., Zdancewic, S.: CETS: compiler enforced temporal safety for C. In: ISMM 2010 (2010)
Simpson, M.S., Barua, R.K.: MemSafe: ensuring the spatial and temporal memory safety of C at runtime. Softw. Pract. Experience 43(1), 93–128 (2013)
Bruening, D., Zhao, Q.: Practical memory checking with Dr. Memory. In: CGO 2011 (2011)
Necula, G.C., Condit, J., Harren, M., McPeak, S., Weimer, W.: CCured: type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst. 27(3), 477–526 (2005)
Eigler, F.Ch.: Mudflap: pointer use checking for C/C++. Red Hat Inc. (2003)
Ahmed, C.M., Adepu, S., Mathur, A.: Limitations of state estimation based cyber attack detection schemes in industrial control systems. In: SCSP-W 2016 (2016)
Bittau, A., Belay, A., Mashtizadeh, A., Maziéres, D., Boneh, D.: Hacking blind. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy (2014)
Zhang, H., Shu, Y., Cheng, P., Chen, J.: Privacy and performance trade-off in cyber-physical systems. IEEE Netw. 30(2), 62–66 (2016)
OpenPLC. http://www.openplcproject.com/
ScadaBR. http://www.scadabr.com.br/
Cooprider, N., Archer, W., Eide, E., Gay, D., Regehr, J.: Efficient memory safety for TinyOS. In: SenSys 2007, pp. 205–218 (2007)
The Deputy project (2007). http://deputy.cs.berkeley.edu
Gay, D., Levis, P., von Behren, R., Welsh, M., Brewer, E., Culler, D.: The nesC language: a holistic approach to networked embedded systems. In: PLDI 2003 (2003)
Stefanov, A., Liu, C.C., Govindarasu, M., Wu, S.S.: Scada modeling for performance and vulnerability assessment of integrated cyber-physical systems. Int. Trans. Electr. Energy Syst. 25(3), 498–519 (2015)
Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks. In: SP 2016 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Chekole, E.G., Castellanos, J.H., Ochoa, M., Yau, D.K.Y. (2018). Enforcing Memory Safety in Cyber-Physical Systems. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2017 2017. Lecture Notes in Computer Science(), vol 10683. Springer, Cham. https://doi.org/10.1007/978-3-319-72817-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-72817-9_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72816-2
Online ISBN: 978-3-319-72817-9
eBook Packages: Computer ScienceComputer Science (R0)