Skip to main content
SpringerLink
Log in

Enforcing Memory Safety in Cyber-Physical Systems

  • Conference paper
  • First Online:
Computer Security (SECPRE 2017, CyberICPS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10683))

Abstract

Cyber-Physical Systems (CPS) integrate computations and communications with physical processes and are being widely adopted in various application areas. However, the increasing prevalence of cyber attacks targeting them poses a growing security concern. In particular, attacks exploiting memory-safety vulnerabilities constitute a major attack vector against CPS, because embedded systems often rely on unsafe but fast programming languages to meet their hard time constraints. A wide range of countermeasures has been developed to provide protection against these attacks. However, the most reliable countermeasures incur in high runtime overheads. In this work, we explore the applicability of strong countermeasures against memory-safety attacks in the context of realistic Industrial Control Systems (ICS). To this end, we design an experimental setup, based on a secure water treatment plant (SWaT) to empirically measure the memory safety overhead (MSO) caused by memory-safe compilation of the Programmable Logic Controller (PLC). We then quantify the tolerability of this overhead in terms of the expected real-time constraints of SWaT. Our results show high effectiveness of the security measure in detecting memory-safety violations and a MSO (197.86 \(\upmu \text {s}\) per scan-cycle) that is also tolerable for the SWaT simulation. We also discuss how different parameters impact the execution time of PLCs and the resulting absolute MSO.

The original version of this chapter was revised. Eyasu Getahun Chekole’s name was corrected. An erratum to this chapter can be found at https://doi.org/10.1007/978-3-319-72817-9_18

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Sha, L., Gopalakrishnan, S., Liu, X., Wang, Q.: Cyber-physical systems: a new frontier. In: SUTC 2008 (2008)

    Google Scholar 

  2. Lee, E.A., Seshia, S.A.: Introduction to Embedded Systems - A Cyber-Physical Systems Approach, 2nd edn. Version 2.0 edn. (2015)

    Google Scholar 

  3. Lee, E.A.: Cyber physical systems: design challenges. In: ISORC 2008 (2008)

    Google Scholar 

  4. Basnight, Z., Butts, J., Lopez, J., Dube, T.: Firmware modification attacks on programmable logic controllers. IJCIP 6(2), 76–88 (2013)

    Google Scholar 

  5. Cui, A., Costello, M., Stolfo, S.J.: When firmware modifications attack: a case study of embedded exploitation. In: NDSS 2013 (2013)

    Google Scholar 

  6. MITRE: Common Vulnerabilities and Exposures. https://cve.mitre.org/

  7. CVE-5814. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5814

  8. CVE-6438. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6438

  9. CVE-6436. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6436

  10. CVE-0674. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0674

  11. CVE-1449. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1449

  12. CVE-0929. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0929

  13. CVE-7937. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7937

  14. CVE-5007. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5007

  15. Berger, E.D., Zorn, B.G.: Diehard: probabilistic memory safety for unsafe languages. In: PLDI 2006 (2006)

    Google Scholar 

  16. Novark, G., Berger, E.D.: Dieharder: securing the heap. In: CCS 2010 (2010)

    Google Scholar 

  17. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: CCS 2005, pp. 340–353 (2005)

    Google Scholar 

  18. Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: USENIX 2013 (2013)

    Google Scholar 

  19. Tice, C., Roeder, T., Collingbourne, P., Checkoway, S., Erlingsson, Ú., Lozano, L., Pike, G.: Enforcing forward-edge control-flow integrity in GCC & LLVM. In: USENIX 2014, pp. 941–955 (2014)

    Google Scholar 

  20. Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: Addresssanitizer: a fast address sanity checker. In: USENIX ATC 2012 (2012)

    Google Scholar 

  21. Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. In: PLDI 2009 (2009)

    Google Scholar 

  22. Nagarakate, S., Zhao, J., Martin, M.M., Zdancewic, S.: CETS: compiler enforced temporal safety for C. In: ISMM 2010 (2010)

    Google Scholar 

  23. Simpson, M.S., Barua, R.K.: MemSafe: ensuring the spatial and temporal memory safety of C at runtime. Softw. Pract. Experience 43(1), 93–128 (2013)

    Article  Google Scholar 

  24. Bruening, D., Zhao, Q.: Practical memory checking with Dr. Memory. In: CGO 2011 (2011)

    Google Scholar 

  25. Necula, G.C., Condit, J., Harren, M., McPeak, S., Weimer, W.: CCured: type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst. 27(3), 477–526 (2005)

    Article  Google Scholar 

  26. Eigler, F.Ch.: Mudflap: pointer use checking for C/C++. Red Hat Inc. (2003)

    Google Scholar 

  27. Ahmed, C.M., Adepu, S., Mathur, A.: Limitations of state estimation based cyber attack detection schemes in industrial control systems. In: SCSP-W 2016 (2016)

    Google Scholar 

  28. Bittau, A., Belay, A., Mashtizadeh, A., Maziéres, D., Boneh, D.: Hacking blind. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy (2014)

    Google Scholar 

  29. Zhang, H., Shu, Y., Cheng, P., Chen, J.: Privacy and performance trade-off in cyber-physical systems. IEEE Netw. 30(2), 62–66 (2016)

    Article  Google Scholar 

  30. OpenPLC. http://www.openplcproject.com/

  31. ScadaBR. http://www.scadabr.com.br/

  32. Cooprider, N., Archer, W., Eide, E., Gay, D., Regehr, J.: Efficient memory safety for TinyOS. In: SenSys 2007, pp. 205–218 (2007)

    Google Scholar 

  33. The Deputy project (2007). http://deputy.cs.berkeley.edu

  34. Gay, D., Levis, P., von Behren, R., Welsh, M., Brewer, E., Culler, D.: The nesC language: a holistic approach to networked embedded systems. In: PLDI 2003 (2003)

    Google Scholar 

  35. Stefanov, A., Liu, C.C., Govindarasu, M., Wu, S.S.: Scada modeling for performance and vulnerability assessment of integrated cyber-physical systems. Int. Trans. Electr. Energy Syst. 25(3), 498–519 (2015)

    Article  Google Scholar 

  36. Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks. In: SP 2016 (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Eyasu Getahun Chekole, John Henry Castellanos, Martín Ochoa & David K. Y. Yau

  2. Advanced Digital Sciences Center, Singapore, Singapore

    Eyasu Getahun Chekole & David K. Y. Yau

Authors
  1. Eyasu Getahun Chekole
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Henry Castellanos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martín Ochoa
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. David K. Y. Yau
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eyasu Getahun Chekole .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis K. Katsikas

  2. IMT Atlantique, Brest, France

    Frédéric Cuppens

  3. IMT Atlantique, Brest, France

    Nora Cuppens

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  6. University of Toronto, Toronto, Ontario, Canada

    John Mylopoulos

  7. Georgia Institute of Technology, Atlanta, Georgia, USA

    Annie Antón

  8. University of the Aegean, Karlovassi, Greece

    Stefanos Gritzalis

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chekole, E.G., Castellanos, J.H., Ochoa, M., Yau, D.K.Y. (2018). Enforcing Memory Safety in Cyber-Physical Systems. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2017 2017. Lecture Notes in Computer Science(), vol 10683. Springer, Cham. https://doi.org/10.1007/978-3-319-72817-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72817-9_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72816-2

  • Online ISBN: 978-3-319-72817-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation