A Multilevel Cybersecurity and Safety Monitor for Embedded Cyber-Physical Systems (1812.03377v1)

Abstract: Cyber-physical systems (CPS) are composed of various embedded subsystems and require specialized software, firmware, and hardware to coordinate with the rest of the system. These multiple levels of integration expose attack surfaces which can be susceptible to attack vectors that require novel architectural methods to effectively secure against. We present a multilevel hierarchical monitor architecture cybersecurity approach applied to a flight control system. However, the principles present in this paper apply to any CPS. Additionally, the real-time nature of these monitors allow for adaptable security, meaning that they mitigate against possible classes of attacks online. This results in an appealing bolt-on solution that is independent of different system designs. Consequently, employing such monitors leads to strengthened system resiliency and dependability of safety-critical CPS.

Multilevel Cybersecurity and Safety Monitor for Embedded Cyber-Physical Systems

Introduction

The paper "A Multilevel Cybersecurity and Safety Monitor for Embedded Cyber-Physical Systems" focuses on enhancing the security and resilience of cyber-physical systems (CPS) through a hierarchical monitoring architecture. Particularly relevant to domains with safety-critical applications, such as aviation or automotive systems, this research addresses the system's vulnerability arising from its multiple integration levels, which broaden potential attack surfaces. Traditional security methods often fall short, necessitating more adaptive and comprehensive strategies. This paper proposes a multilayer monitoring structure that bolsters system reliability by dynamically detecting and counteracting diverse threats during operation.

Monitoring Architecture

The proposed architecture centers on a multilevel framework comprising hardware, information, and execution integrity monitors. Each monitor operates autonomously within its domain and collectively enhances the system's security posture. This distribution allows for targeted and efficient detection across the embedded system's various facets. By using event calculus and graph theory, the paper formalizes this multilevel monitoring, applying it to a flight control system (FCS). Event calculus helps model system properties over time, offering a structured way to evaluate conditions and predicates necessary for monitoring system safety and security states.

Implementation and Evaluation

The implementation of the monitors is carried out using both FPGA platforms and processors to leverage their unique capabilities. The hardware and information monitors are deployed on an FPGA due to its robust reconfigurability, whereas the execution monitor is implemented on a processor to handle complex detection techniques.

Hardware Integrity Monitoring

The Hardware Resource Integrity Monitor (HRIM) oversees protocol conformity, detecting deviations such as baud rate manipulations or unauthorized firmware modifications via techniques akin to those employed in signal fault injection. The HRIM demonstrates efficacy in isolating compromised components through a crossbar switch that disconnects affected subsystems.

Information Integrity Monitoring

The Information Integrity Monitor (I2M) performs integrity checks on data flow between system sensors and the processing unit. It verifies input validity, detects anomalies, and interacts with HRIM to reconfigure or disconnect compromised components if necessary. This comprehensive approach facilitates early detection and mitigation of data-centric threats.

Execution Integrity Monitoring

The Execution Integrity Monitor (