Publications

Refine Results

(Filters Applied) Clear All

Securing the satellite software stack

Published in:
Workshop on Security of Space and Satellite Systems, SpaceSec, 1 March 2024.

Summary

Satellites and the services enabled by them, like GPS, real-time world-wide imaging, weather tracking, and worldwide communication, play an increasingly important role in modern life. To support these services satellite software is becoming increasingly complex and connected. As a result, concerns about its security are becoming prevalent. While the focus of security for satellites has historically been on encrypting the communications link, we argue that a fuller consideration of the security of satellites is necessary and presents unique challenges. Satellites are becoming increasingly accessible to attackers–thanks to supply chain attacks and Internet connected ground stations–and present a unique set of challenges for security practitioners. These challenges include the lack of any real ability for a human to be physically present to repair or recover these systems, a focus on safety and availability over confidentiality and integrity, and the need to deal with radiation-induced faults. This work characterizes the cyber threats to satellite systems, surveys the unique challenges for satellite software, and presents a future vision for research in this area.
READ LESS

Summary

Satellites and the services enabled by them, like GPS, real-time world-wide imaging, weather tracking, and worldwide communication, play an increasingly important role in modern life. To support these services satellite software is becoming increasingly complex and connected. As a result, concerns about its security are becoming prevalent. While the focus...

READ MORE

The thundering herd: Amplifying kernel interference to attack response times

Published in:
2022 IEEE 28th Real-Time and Embedded Technology and Applications Symp., RTAS, 4-6 May 2022.

Summary

Embedded and real-time systems are increasingly attached to networks. This enables broader coordination beyond the physical system, but also opens the system to attacks. The increasingly complex workloads of these systems include software of varying assurance levels, including that which might be susceptible to compromise by remote attackers. To limit the impact of compromise, u-kernels focus on maintaining strong memory protection domains between different bodies of software, including system services. They enable limited coordination between processes through Inter-Process Communication (IPC). Real-time systems also require strong temporal guarantees for tasks, and thus need temporal isolation to limit the impact of malicious software. This is challenging as multiple client threads that use IPC to request service from a shared server will impact each other's response times. To constrain the temporal interference between threads, modern u-kernels often build priority and budget awareness into the system. Unfortunately, this paper demonstrates that this is more challenging than previously thought. Adding priority awareness to IPC processing can lead to significant interference due to the kernel's prioritization logic. Adding budget awareness similarly creates opportunities for interference due to the budget tracking and management operations. In both situations, a Thundering Herd of malicious threads can significantly delay the activation of mission-critical tasks. The Thundering Herd effects are evaluated on seL4 and results demonstrate that high-priority threads can be delayed by over 100,000 cycles per malicious thread. This paper reveals a challenging dilemma: the temporal protections u-kernels add can, themselves, provide means of threatening temporal isolation. Finally, to defend the system, we identify and empirically evaluate possible mitigations, and propose an admission-control test based upon an interference-aware analysis.
READ LESS

Summary

Embedded and real-time systems are increasingly attached to networks. This enables broader coordination beyond the physical system, but also opens the system to attacks. The increasingly complex workloads of these systems include software of varying assurance levels, including that which might be susceptible to compromise by remote attackers. To limit...

READ MORE

Showing Results

1-2 of 2