Illinois researchers advance security of real-time embedded systems
Real-time embedded systems form the backbone of automobiles, medical devices, and nuclear power plants, among other infrastructures. In addition to functioning in real time, these systems are often safety-critical, meaning that even a small interruption in normal operations could pose a threat to human safety.Sibin Mohan is working to create more secure and resilient real-time embedded systems through a three-year, $500,000 grant funded by the National Science Foundation. Through the project, SaTC: Core: Small: An Exploration of Schedule-Based Vulnerabilities in Real-Time Embedded Systems, Mohan's team will work to develop methods that help protect these systems – which have not historically been developed with security in mind – against cyberattacks and other failures. This project is in collaboration with ITI's Negar Kiyavash, associate professor in the industrial and enterprise systems engineering and electrical and computer engineering departments at Illinois.
Not only must these systems work correctly, but they must also finish their operations in a fixed amount of time, said Mohan, an assistant research professor in computer science and the Information Trust Institute at Illinois. If you wreck a car, it's not helpful for safety systems to deploy five seconds after a crash. It needs to happen that millisecond.
The project will assess the vulnerabilities in real-time systems, looking at, for example, how an adversary could extract critical information about system operation while remaining undetected. In this scenario, the hacker could use the information to launch later attacks on the same system.
Finally, the researchers will develop new methods that make it difficult to carry out these attacks, on platforms that range from simulation engines to real hardware, such as FPGA boards. The team also will develop metrics to enable the evaluation of success.
While the NSF grant is focused on real-time embedded systems, Mohan says the research could apply to other cyber-physical systems, such as those that comprise the Internet of Things.
The idea of reconstructing what is happening could be applicable to other systems that have repetitive behavior, he said. We want to improve the security of any system that is susceptible to the reconnaissance capabilities of an attacker.