Foundations of a CPS Resilience - January 2019

PI: Xenofon Koutsoukos

HARD PROBLEM(S) ADDRESSED

The goals of this project are to develop the principles and methods for designing and analyzing resilient CPS architectures that deliver required service in the face of compromised components. A fundamental challenge is to understand the basic tenets of CPS resilience and how they can be used in developing resilient architectures. The primary hard problem addressed is resilient architectures. In addition, the work addresses scalability and composability as well as metrics and evaluation.

PUBLICATIONS

[1]    Zhenkai Zhang, Zihao Zhan, Daniel Balasubramanian, Xenofon Koutsoukos, and Gabor Karsai."Triggering Rowhammer Hardware Faults on ARM: A Revisit", Workshop on Attacks and Solutions in Hardware Security (ASHES 2018). Toronto, CA, Oct. 19, 2018. In conjunction with the 25th ACM Conference on Computer and Communications Security (CCS 2018).

[2]    Aron Laszka, Waseem Abbas, Yevgeniy Vorobeychik and Xenofon Koutsoukos. "Synergistic Security for the Industrial Internet of Things: Integrating Redundancy, Diversity, and Hardening", 2018 IEEE International Conference on Industrial Internet (ICII), Seattle, WA, Oct. 21-23, 2018,

[3]    Waseem Abbas, Aron Laszka, and Xenofon Koutsoukos. "Improving Network Connectivity and Robustness Using Trusted Nodes with Application to Resilient Consensus", IEEE Transactions on Control of Network Systems, 5(4), 2036 - 2048, Dec. 2018.

KEY HIGHLIGHTS

This quarterly report presents two key highlights that demonstrate (1) improving network resilience using trusted nodes and (2) evaluating hardware vulnerabilities of embedded devices used in CPS.

Highlight 1: Improving Network Connectivity and Robustness Using Trusted Nodes

To observe and control a networked system, especially in the presence of attacks, it is imperative that the underlying network structure be robust against node or link failures. A common approach for increasing network robustness is redundancy: deploying additional nodes and establishing new links between nodes, which could be prohibitively expensive. Our work addresses the problem of improving structural robustness of networks without adding extra links. The main idea is to ensure that a small subset of nodes, referred to as “trusted” nodes, remains intact and functions correctly at all times. We extend two fundamental metrics of structural robustness with the notion of trusted nodes, network connectivity, and r-robustness, and then show that by controlling the number and location of trusted nodes, any desired connectivity and robustness can be achieved without adding extra links. We study the complexity of finding trusted nodes and construction of robust networks with trusted nodes. Finally, we present a resilient consensus algorithm with trusted nodes and show that, unlike existing algorithms, resilient consensus is possible in sparse networks containing few trusted nodes. Our results are presented in [1].

[1]  Waseem Abbas, Aron Laszka, and Xenofon Koutsoukos. "Improving Network Connectivity and Robustness Using Trusted Nodes with Application to Resilient Consensus", IEEE Transactions on Control of Network Systems, 5(4), 2036 - 2048, Dec. 2018.

Highlight 2: Hardware Vulnerabilities of Embedded Devices Used in CPS

Evaluation of the security properties of a CPS requires investigation of various threats including attack vectors. As a basic security requirement, data in memory should be protected from unauthorized modifications; otherwise, the integrity of a system and its computations cannot be trusted. Through the years, there have been many efforts in both software and hardware toward meeting this requirement, resulting in mature techniques that are ubiquitously employed. However, a recently revealed hardware fault vulnerability in dynamic random-access memory (DRAM), named rowhammer, introduces new attack surfaces for unauthorized data modifications. When the activation of a DRAM row is toggled repeatedly at a high frequency, i.e., hammered, some bit(s) may flip in some adjacent row(s). Although the rowhammer vulnerability has been investigated for Intel architectures, ARM architectures that are used in CPS, for example, in the automotive domain and other embedded systems have not been considered in a satisfactory way. Our objective is to analyze the rowhammer vulnerability for ARM. We revisit the problem of how to trigger the rowhammer bug on ARM-based devices by carefully investigating whether it is possible as well as reasonable to translate the original x86-oriented rowhammer approaches to ARM. We provide a thorough study of the unprivileged ARMv8-Acache maintenance instructions, and give two previously overlooked reasons to support their use in rowhammer attacks. Moreover, we present a previously undiscovered instruction that can be exploited to trigger the rowhammer bug on many ARM-based devices. A potential approach to quickly evicting the ARM CPU caches is also discussed, and experimental evaluations are carried out to show the effectiveness of our findings. Our results are reported in [2].

[2]    Zhenkai Zhang, Zihao Zhan, Daniel Balasubramanian, Xenofon Koutsoukos, and Gabor Karsai."Triggering Rowhammer Hardware Faults on ARM: A Revisit", Workshop on Attacks and Solutions in Hardware Security (ASHES 2018). Toronto, CA, Oct. 19, 2018. In conjunction with the 25th ACM Conference on Computer and Communications Security (CCS 2018).

COMMUNITY ENGAGEMENTS

Our research was presented in two conferences/workshops: ICII 2018 and ASHES 2018 (workshop in conjuction with CCS).

EDUCATIONAL ADVANCES

RoboScape

We continue developing and extending Roboscape, a collaborative, networked robotics environment that makes key ideas in computer science accessible to groups of learners in informal learning spaces and K12 classrooms. RoboScape will be used for summer camps for high-school students and teachers in 2019.