BUDDY: TCB Hardening for Cyber Physical Systems

Short work statementThis project is to explore a novel concept for hardening the trusted code base applicable to systems that achieve fault tolerance through redundancy such as cyber physical systems. The team will explore the feasibility of efficient extraction and comparison of intermediates states from software/hardware with similar functionality, for a typical realtime CPS subsystem such as an Engine Control Unit. ObjectiveThe objective of the proposed project is to harden the Trusted Code Base (TCB) of safety-critical distributed systems like Cyber Physical Systems (CPS). The TCB of such systems include hardware (such as microcontrollers, microprocessors, and sensors), firmware (running on sensors or microcontrollers), and software (including the network stack, system and application level software such as the human-machine interface). ApproachThis project is to explore a novel concept for hardening the trusted code base applicable to systems that achieve fault tolerance through redundancy such as cyber physical systems. The concept proposed is to share and compare the intermediate states of the replicas periodically in a Cyber Physical System (CPS) to identify any differences and therefore automatically detect frontdoors/backdoors/trojans/bugs. The team will explore the feasibility of efficient extraction and comparison of intermediates states from software/hardware with similar functionality (i.e., the buddies). The feasibility will be explored in the context of a typical realtime CPS subsystem such as an Engine Control Unit. The proposed paradigm, BUDDY, has at least three desirable security properties: First, it can potentially detect compromises/bugs even if all of the replicas are compromised as long as they are not compromised in the same way. Second, BUDDY can be deployed incrementally to harden existing fault-tolerant systems without significant changes. Third, the user can try different trade-offs between security and performance in this paradigm by simply changing the number of replicas to compare.Overall merits & ONR mission relevanceThe toolset the team will be developing, BUDDY, is a new approach for improving the security of TCB of safety-critical systems. Leveraging the redundancy available in safety-critical systems, BUDDY is expected to significantly improve security property of Naval CPS.The proposed research is part of FNC RHIMES, which goal is to develop techniques for achieving cyber-attack resiliency which can be retrofitted onto existing cyber-physical system within the Navy, with initial target deployment for onboard HM&E system. .PI qualificationBoiler plate