Applications in the cyber-physical systems (CPS) domain are increasingly interconnected for efficiency, better monitoring, and improved functionality. Traditionally, such systems were immune to software security attacks, but the increased interconnectivity is opening up new attack surfaces. Recent events, such as the Stuxnet attack, have shown the serious damage that can result. Attacks can be particularly destructive for systems that have safety-critical constraints with real-time properties. In this talk, I will present two ways of looking at security for such systems.
In current work, we are studying how to integrate security, as a basic principle introduced during the design phase, into systems with real-time properties. The problem is particularly interesting because such systems typically have resource constraints as well as stringent temporal requirements. Hence, an understanding of the effects of integrating security is important to designers of such systems. We show how security properties can be translated into real-time scheduling requirements with a view to preventing information leakage. Extensive analysis shows the effects of such integration on the schedulability and timing constraints of real-time systems.
On the other hand, the inherent properties of real-time systems (the timing constraints, the predictable-by-design nature, etc.) can be repurposed to detect security violations/intrusions. I will present other work from our group that (a) analyzes the behavior of real-time control tasks and (b) implements an intrusion detection scheme based on this behavior. By combining results from both of those efforts with an architectural design (which we call “SecureCore”), we are able not just to detect intrusions as soon as they occur, but also to keep the underlying physical system safe.
Sibin Mohan is a Research Scientist in the Information Trust Institute (ITI) at the University of Illinois at Urbana-Champaign (UIUC). His research focuses on security for cyber-physical systems, secure cloud computing, and software-defined networking for use in safety-critical domains. Prior to working at ITI, he was a postdoctoral researcher in the Computer Science department at UIUC. He has also previously worked at Hewlett-Packard’s India Software Operations. Sibin completed his Ph.D. in 2008 and his M.S. in 2004, both from the Computer Science department at North Carolina State University. He completed his B.E. in Computer Science and Engineering at Bangalore University, India in 2001.