Abstract
With the proliferation of autonomous safety-critical cyberphysical systems (CPS) in our daily life, their security is becoming ever more important. Remote attestation is a powerful mechanism to enable remote verification of system integrity. While recent developments have made it possible to efficiently attest IoT operations, autonomous systems that are built on top of real-time cyber-physical control loops and execute missions independently present new unique challenges. In this paper, we formulate a new security property, Realtime Mission Execution Integrity (RMEI) to provide proof of correct and timely execution of the missions. While it is an attractive property, measuring it can incur prohibitive overhead for the real-time autonomous system. To tackle this challenge, we propose policy-based attestation of compartments to enable a trade-off between the level of details in measurement and runtime overhead. To further minimize the impact on real-time responsiveness, multiple techniques were developed to improve the performance, including customized software instrumentation and timing recovery through re-execution. We implemented a prototype of ARI and evaluated its performance on five CPS platforms. A user study involving 21 developers with different skill sets was conducted to understand the usability of our solution.
| Original language | English |
|---|---|
| Title of host publication | 32nd USENIX Security Symposium, USENIX Security 2023 |
| Pages | 2761-2778 |
| Number of pages | 18 |
| ISBN (Electronic) | 9781713879497 |
| State | Published - 2023 |
| Event | 32nd USENIX Security Symposium, USENIX Security 2023 - Anaheim, United States Duration: Aug 9 2023 → Aug 11 2023 |
Publication series
| Name | 32nd USENIX Security Symposium, USENIX Security 2023 |
|---|---|
| Volume | 4 |
Conference
| Conference | 32nd USENIX Security Symposium, USENIX Security 2023 |
|---|---|
| Country/Territory | United States |
| City | Anaheim |
| Period | 8/9/23 → 8/11/23 |
Bibliographical note
Publisher Copyright:© USENIX Security 2023. All rights reserved.
Funding
We thank the reviewers for their feedback. This work is supported in part by US National Science Foundation under grants CNS-1837519, CNS-1916926, CNS-2038995, CNS-2154930, CNS-2229427, and CNS-2238635, Office of Naval Research under grant N00014-19-1-2621, Army Research Office under grant W911NF-20-1-0141, and Intel.
| Funders | Funder number |
|---|---|
| U.S. Department of Energy Chinese Academy of Sciences Guangzhou Municipal Science and Technology Project Oak Ridge National Laboratory Extreme Science and Engineering Discovery Environment National Science Foundation National Energy Research Scientific Computing Center National Natural Science Foundation of China | CNS-1837519, CNS-2038995, CNS-2229427, CNS-1916926, CNS-2154930, CNS-2238635 |
| U.S. Department of Energy Chinese Academy of Sciences Guangzhou Municipal Science and Technology Project Oak Ridge National Laboratory Extreme Science and Engineering Discovery Environment National Science Foundation National Energy Research Scientific Computing Center National Natural Science Foundation of China | |
| Office of Naval Research Naval Academy | N00014-19-1-2621 |
| Office of Naval Research Naval Academy | |
| Army Research Office | W911NF-20-1-0141 |
| Army Research Office | |
| Intel Corporation |
ASJC Scopus subject areas
- Computer Networks and Communications
- Information Systems
- Safety, Risk, Reliability and Quality
Fingerprint
Dive into the research topics of 'ARI: Attestation of Real-time Mission Execution Integrity'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver