63 research outputs found
Trusted CI Webinar: Improving the Security of Open-Source Software Infrastructure
Remote monitoring and control of industrial control systems are protected using firewalls and user passwords. Cyberattacks that get past firewalls have unfettered access to command industrial control systems with potential to harm digital assets, environmental resources, and humans in proximity to the compromised system. In this talk, I will discuss our approach to prevent and mitigate such harms in scientific industrial control systems by enhancing the security of open-source cyberinfrastructure: the open-source Real-Time Executive for Multiprocessor Systems (RTEMS) real-time operating system and the Experimental Physics and Industrial Control System (EPICS) software and networks. The RTEMS and EPICS software projects are widely used cyberinfrastructure for controlling scientific instruments. This talk will discuss security problems that we have explored with these communities, and examine the salient challenges and opportunities presented by working with open-source communities on their cybersecurity needs.
Speaker Bio:
Gedare Bloom received his Ph.D. in computer science from The George Washington University in 2013. He joined the University of Colorado Colorado Springs as an Assistant Professor of Computer Science in 2019 and Associate Professor in 2022. He was an Assistant Professor of Computer Science at Howard University from 2015-2019. His research expertise is computer system security with emphasis on real-time embedded systems. He has published over sixty peer reviewed articles, serves as a program committee member and technical referee for flagship conferences and journals, and is an associate editor for the IEEE Transactions on Vehicular Technology.
Since 2011 Dr. Bloom has been a maintainer for the RTEMS open-source hard real-time operating system, which is used in robotics frameworks, unmanned vehicles, satellites and space probes, automotive, defense, building automation, medical devices, industrial controllers, and more. Some of his key contributions to RTEMS include the first 64-bit architectural port of RTEMS, design and implementation of a modern thread scheduling infrastructure, support for running RTEMS as a paravirtualized guest for avionics hypervisors, and implementation of POSIX services required to be compliant with the FACE avionics standard. Additionally, he mentors and guides students around the world through learning about and developing with RTEMS. He co-authored the textbook “Real-Time Systems Development with RTEMS and Multicore Processors” published by CRC Press in 2020.NSF Grant # 2241313NSF Grant # 1839321NSF Grant # 200178
Survey of Automotive Controller Area Network Intrusion Detection Systems
Novel attacks continue to appear against in-vehicle networks due to the increasing complexity of heterogeneous software and hardware components used in vehicles. These new components introduce challenges when developing efficient and adaptable security mechanisms. Several intrusion detection systems (IDS) have been proposed to identify and protect in-vehicle networks against malicious activities. We describe the state-of-the-art intrusion detection methods for securing automotive networks, with special focus on the Controller Area Network (CAN). We provide a description of vulnerabilities, highlight threat models, identify known attack vectors present in CAN, and discuss the advantages and disadvantages of suggested solutions.This is a manuscript of an article published as Young, Clinton, Joseph Zambreno, Habeeb Olufowobi, and Gedare Bloom. "Survey of Automotive Controller Area Network Intrusion Detection Systems." IEEE Design & Test (2019). DOI: 10.1109/MDAT.2019.2899062. Posted with permission.</p
Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes
The modern automobile relies on numerous electronic control units communicating over the de facto standard of the controller area network (CAN) bus. This communication network was not developed with cybersecurity in mind. Many methods based on constant time intervals between messages have been proposed to address this lack of security issue with the CAN bus. However, these existing methods may struggle to handle variable time intervals between messages during transitions of vehicle driving modes. This paper proposes a simple and cost-effective method to ensure the security of the CAN bus that is based on constant message frequencies across vehicle driving modes. This proposed method does not require any modifications on the existing CAN bus and it is designed with the intent for efficient execution in platforms with very limited computational resources. Test results with the proposed method against two different vehicles and a frequency domain analysis are also presented in the paper.This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. Young, Clinton, Habeeb Olufowobi, Gedare Bloom, and Joseph Zambreno. "Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes." (2019). DOI: 10.1145/3309171.3309179.</p
Reverse Engineering Controller Area Network Messages using Unsupervised Machine Learning
The smart city landscape is rife with opportunities for mobility and economic optimization, but also presents many security concerns spanning the range of components and systems in the smart ecosystem. One key enabler for this ecosystem is smart transportation and transit, which is foundationally built upon connected vehicles. Ensuring vehicular security, while necessary to guarantee passenger and pedestrian safety, is itself challenging due to the broad attack surfaces of modern automotive systems. A single car contains dozens to hundreds of small embedded computing devices known as electronic control units (ECUs) executing 100s of millions of lines of code; the inherent complexity of this tightly-integrated cyber-physical system (CPS) is one of the key problems that frustrate effective security. We describe an approach to help reduce the complexity of security analyses by leveraging unsupervised machine learning to learn clusters of messages passed between ECUs that correlate with changes in the CPS state of a vehicle as it moves throughout the world. Our approach can help to improve the security of vehicles in a smart city, and can leverage smart city infrastructure to further enrich and refine the quality of the machine learning output.This is a manuscript of an article published as Ezeobi, Uchenna, Habeeb Olufowobi, Clinton Young, Joseph Zambreno, and Gedare Bloom. "Reverse Engineering Controller Area Network Messages using Unsupervised Machine Learning." IEEE Consumer Electronics Magazine (2020). DOI: 10.1109/MCE.2020.3023538. Posted with permission.</p
Anomaly Detection Approach Using Adaptive Cumulative Sum Algorithm for Controller Area Network
The modern vehicle has transformed from a purely mechanical system to a system that embeds several electronic devices. These devices communicate through the in-vehicle network for enhanced safety and comfort but are vulnerable to cyber-physical risks and attacks. A well-known technique of detecting these attacks and unusual events is by using intrusion detection systems. Anomalies in the network occur at unknown points and produce abrupt changes in the statistical features of the message stream. In this paper, we propose an anomaly-based intrusion detection approach using the cumulative sum (CUSUM) change-point detection algorithm to detect data injection attacks on the controller area network (CAN) bus. We leverage the parameters required for the change-point algorithm to reduce false alarm rate and detection delay. Using real dataset generated from a car in normal operation, we evaluate our detection approach on three different kinds of attack scenarios.This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. Olufowobi, Habeeb, Uchenna Ezeobi, Eric Muhati, Gaylon Robinson, Clinton Young, Joseph Zambreno, and Gedare Bloom. "Anomaly Detection Approach Using Adaptive Cumulative Sum Algorithm for Controller Area Network." (2019). DOI: 10.1145/3309171.3309178.</p
CAN FD Support for Space Grade Real-Time RTEMS Executive
Kritické systémy reálného času, mezi které patří řídicí prvky v automobilech a hromadné dopravě, systémy pro družice, zdravotní zařízení nebo síťové prvky, často vyžadují deterministický přenos kritických zpráv mezi zařízeními. K tomuto přenosu se mimo jiné využívá sběrnicový standard Controller Area Network. Operační systémy obvykle ke zjednodušení přístupu na CAN sběrnici poskytují obecné rozhraní mezi aplikacemi a ovladači řadičů. Hlavním cílem této práce byla implementace takového rozhraní pro otevřenou exekutivu reálné času RTEMS využívanou také v kosmických aplikacích. Práce dokumentuje design a vývoj CAN/CAN FD subsystému pro RTEMS s podporou prioritních front, blokujícího a neblokujícího přístupu, reportu chyb, rozhraní pro konfiguraci kontroléru a dalších funkcí. Práce měla za cíl poskytnout potřebné rozhraní k využívání CAN sběrnice a k implementaci budoucích řadičů. Jako první byl k testům a demonstraci vybrán CTU CAN FD řadič. Práce také naráží na známý problém inverze priorit během arbitrážní fáze na CAN sběrnici a navrhuje jeho řešení. To počítá s dynamickou redistribucí hardware bufferů řadiče na prioritní fronty. Toto řešení umožňuje využití všech bufferů řadiče při zachování správného odchozího pořadí CAN zpráv. Navržený algorithmus je opět otestován na CTU CAN FD řadiči.Critical real-time control fields such as automotive, public transport, space systems, medical devices, or networking systems often require deterministic transmission of safety-critical messages between devices. Controller Area Network bus standard is widely used for these purposes. To provide complete and unified access to CAN bus devices, operating systems implement common CAN stacks used as an interface between applications and device drivers. Implementation of such a stack for open-source space grade RTEMS executive is the key part of this thesis. It documents the design and development of a full-featured CAN/CAN FD stack for RTEMS with support for multiple priority classes, blocking and nonblocking access, error reporting, controller configuration interface, and more. The work aims to provide a sound base for CAN bus usage and future controller implementation. Support for CTU CAN FD IP core, chosen as the first target for testing and demonstration, is implemented as well. The thesis also deals with the common problem of CAN bus arbitration phase priority inversion. It proposes the solution of dynamic redistribution of CAN transmission buffers to priority classes that allow mapping of all controller's transmission buffers to priority classes while preserving the correct transmission order. The proposed algorithm is once again demonstrated on CTU CAN FD target
Optimized event notification in CAN through in-frame replies and Bloom filters
peer reviewedThanks to its distributed and asynchronous medium access control mechanism, CAN is the ideal choice for interconnecting devices in event-driven systems. When timing requirements of applications are not particularly demanding, as in the case of, e.g., reactive and proactive maintenance, constraints on event delivery can be relaxed, so that their notification may rely on best-effort approaches. In this paper, a number of techniques are taken into account for notifying events in such a kind of systems, and their performance has been evaluated. Besides conventional CAN, a recent proposal for extending this protocol, termed CAN XR, is considered. Moreover, the adoption of Bloom filters to cope with rare events in very large systems has also been evaluated
- …
