Cyber-Physical System Software Security Analysis and Enhancement: A Case Study
Chao Zhang

Citation
Chao Zhang. "Cyber-Physical System Software Security Analysis and Enhancement: A Case Study". Talk or presentation, 5, November, 2015.

Abstract
Cyber incidents burst from time to time, endangering end-users' security and privacy. For cyber physical systems, this threat is even critical, since the security of these systems directly affect human's safety and security. Real world incidents show that attackers are able to control these systems, e.g., smart vehicles, to threaten users' safety. The root cause of these incidents are vulnerabilities stemming from software design and implementation, which are inevitable due to program complexity and programmer error. We thus proposed several proactive program hardening solutions to harden vulnerable programs, protecting them from real world attacks. We have analyzed the security of a popular CPS development framework: OpenDavinci, from the aspect of attack surface, attack vector, vulnerabilities and possible exploits. We then evaluated our program hardening techniques on this framework. Results showed that our techniques have a good performance overhead on the system, and provide a very strong protection.

Electronic downloads

Internal. This publication has been marked by the author for FORCES-only distribution, so electronic downloads are not available without logging in.

Citation formats

• HTML

  Chao Zhang. <a
  href="http://www.cps-forces.org/pubs/108.html"
  ><i>Cyber-Physical System Software Security
  Analysis and Enhancement: A Case Study</i></a>,
  Talk or presentation,  5, November, 2015.

• Plain text

  Chao Zhang. "Cyber-Physical System Software Security
  Analysis and Enhancement: A Case Study". Talk or
  presentation,  5, November, 2015.

• BibTeX

  @presentation{Zhang15_CyberPhysicalSystemSoftwareSecurityAnalysisEnhancement,
      author = {Chao Zhang},
      title = {Cyber-Physical System Software Security Analysis
                and Enhancement: A Case Study},
      day = {5},
      month = {November},
      year = {2015},
      abstract = {Cyber incidents burst from time to time,
                endangering end-users' security and privacy. For
                cyber physical systems, this threat is even
                critical, since the security of these systems
                directly affect human's safety and security. Real
                world incidents show that attackers are able to
                control these systems, e.g., smart vehicles, to
                threaten users' safety. The root cause of these
                incidents are vulnerabilities stemming from
                software design and implementation, which are
                inevitable due to program complexity and
                programmer error. We thus proposed several
                proactive program hardening solutions to harden
                vulnerable programs, protecting them from real
                world attacks. We have analyzed the security of a
                popular CPS development framework: OpenDavinci,
                from the aspect of attack surface, attack vector,
                vulnerabilities and possible exploits. We then
                evaluated our program hardening techniques on this
                framework. Results showed that our techniques have
                a good performance overhead on the system, and
                provide a very strong protection.},
      URL = {http://cps-forces.org/pubs/108.html}
  }
  

Posted by Carolyn Winter on 5 Nov 2015.
Groups: forces
For additional information, see the Publications FAQ or contact webmaster at cps-forces org.