Abstract
With the proliferation of autonomous safety-critical cyberphysical systems (CPS) in our daily life, their security is becoming ever more important. Remote attestation is a powerful mechanism to enable remote verification of system integrity. While recent developments have made it possible to efficiently attest IoT operations, autonomous systems that are built on top of real-time cyber-physical control loops and execute missions independently present new unique challenges. In this paper, we formulate a new security property, Realtime Mission Execution Integrity (RMEI) to provide proof of correct and timely execution of the missions. While it is an attractive property, measuring it can incur prohibitive overhead for the real-time autonomous system. To tackle this challenge, we propose policy-based attestation of compartments to enable a trade-off between the level of details in measurement and runtime overhead. To further minimize the impact on real-time responsiveness, multiple techniques were developed to improve the performance, including customized software instrumentation and timing recovery through re-execution. We implemented a prototype of ARI and evaluated its performance on five CPS platforms. A user study involving 21 developers with different skill sets was conducted to understand the usability of our solution.
Original language | English |
---|---|
Title of host publication | 32nd USENIX Security Symposium, USENIX Security 2023 |
Pages | 2761-2778 |
Number of pages | 18 |
ISBN (Electronic) | 9781713879497 |
State | Published - 2023 |
Event | 32nd USENIX Security Symposium, USENIX Security 2023 - Anaheim, United States Duration: Aug 9 2023 → Aug 11 2023 |
Publication series
Name | 32nd USENIX Security Symposium, USENIX Security 2023 |
---|---|
Volume | 4 |
Conference
Conference | 32nd USENIX Security Symposium, USENIX Security 2023 |
---|---|
Country/Territory | United States |
City | Anaheim |
Period | 8/9/23 → 8/11/23 |
Bibliographical note
Publisher Copyright:© USENIX Security 2023. All rights reserved.
Funding
We thank the reviewers for their feedback. This work is supported in part by US National Science Foundation under grants CNS-1837519, CNS-1916926, CNS-2038995, CNS-2154930, CNS-2229427, and CNS-2238635, Office of Naval Research under grant N00014-19-1-2621, Army Research Office under grant W911NF-20-1-0141, and Intel.
Funders | Funder number |
---|---|
National Science Foundation Arctic Social Science Program | CNS-1837519, CNS-2038995, CNS-2229427, CNS-1916926, CNS-2154930, CNS-2238635 |
National Science Foundation Arctic Social Science Program | |
Office of Naval Research Naval Academy | N00014-19-1-2621 |
Office of Naval Research Naval Academy | |
Army Research Office | W911NF-20-1-0141 |
Army Research Office | |
Intel Corporation |
ASJC Scopus subject areas
- Computer Networks and Communications
- Information Systems
- Safety, Risk, Reliability and Quality