Attacks on Three Tank System Three Tank System Testing Model-Based Security Features Experimental Platform for Model-Based Design of Embedded Systems Matt.

Slides:

Advertisements

Similar presentations

ECE 495: Integrated System Design I

Advertisements

Operating System Structures

StreamBlade SOE TM Initial StreamBlade TM Stream Offload Engine (SOE) Single Board Computer SOE-4-PCI Rev 1.2.

Data Acquisition Risanuri Hidayat.

Using an FPGA to Control the Protection of National Security and Sailor Lives at Sea Brenda G. Martinez, Undergraduate Student K.L. Butler-Purry, Ph.D.,

MotoHawk Training Model-Based Design of Embedded Systems.

Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-

Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.

Winter 2005 CMPE 151: Network Administration Lecture 2.

UNIX Chapter 01 Overview of Operating Systems Mr. Mohammad A. Smirat.

Multidisciplinary Engineering Senior Design Project 6508 Controls Lab Interface Improvement Preliminary Design Review 11/11/05 Team Members: Michael Abbott,

INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.

Controls Lab Interface Improvement Project #06508Faculty Advisors: Dr. A. Mathew and Dr. D. Phillips Project Objectives This work focused on the improvement.

Chapter 13 Embedded Systems

Figure 1.1 Interaction between applications and the operating system.

Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Part A Presentation Network Sniffer.

Xuan Guo Chapter 1 What is UNIX? Graham Glass and King Ables, UNIX for Programmers and Users, Third Edition, Pearson Prentice Hall, 2003 Original Notes.

The Technion Israeli Institute of Technology Intel Inc. A cooperation of:

P07301 Summary Data Acquisition Module. Team Members.

Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

Operating Systems.

Annarita Giani, UC Berkeley Bruno Sinopoli & Aakash Shah, Carnegie Mellon University Gabor Karsai & Jon Wiley, Vanderbilt University TRUST 2008 Autumn.

Microcontroller: Introduction

Anne Mascarin DSP Marketing The MathWorks

AN INTRODUCTION TO LINUX OPERATING SYSTEM Zihui Han.

RTOS Design & Implementation Swetanka Kumar Mishra & Kirti Chawla.

© 2011 Xilinx, Inc. All Rights Reserved Intro to System Generator This material exempt per Department of Commerce license exception TSU.

Computer System System Software. Learning Objective Students should understand the different types of systems software and their functions. Students should.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Computer Organization Review and OS Introduction CS550 Operating Systems.

Wind River VxWorks Presentation

Lesson 8 Operating Systems

MICA: A Wireless Platform for Deeply Embedded Networks

A modern NM registration system capable of sending data to the NMDB Helen Mavromichalaki - Christos Sarlanis NKUA TEAM National & Kapodistrian University.

02/2008 MATRIX VISION GmbH 1 Presentation The intelligent camera and Image processing sensor.

CS 1308 Computer Literacy and the Internet. Introduction  Von Neumann computer  “Naked machine”  Hardware without any helpful user-oriented features.

Upgrade to Real Time Linux Target: A MATLAB-Based Graphical Control Environment Thesis Defense by Hai Xu CLEMSON U N I V E R S I T Y Department of Electrical.

DLS Digital Controller Tony Dobbing Head of Power Supplies Group.

Co-design Environment for Secure Embedded Systems Matt Eby, Janos L. Mathe, Jan Werner, Gabor Karsai, Sandeep Neema, Janos Sztipanovits, Yuan Xue Institute.

Foot Throttle Foot throttle device for lower limb rehabilitation.

VirtualBox What you need to know to build a Virtual Machine.

Plant Modeling for Powertrain Control Design Modelica Automotive Workshop Dearborn, MI November 19, 2002 Dr. Larry Michaels GM Powertrain Controls Engineering.

Windows NT Operating System. Windows NT Models Layered Model Client/Server Model Object Model Symmetric Multiprocessing.

CE Operating Systems Lecture 3 Overview of OS functions and structure.

School of Computer Science & Information Technology G6DICP Introduction to Computer Programming Milena Radenkovic.

Operating System 2 Overview. OPERATING SYSTEM OBJECTIVES AND FUNCTIONS.

Zero - G CONNECTING THE INTERNET OF THINGS. Introduction to Zero -G.

Scott Ferguson Section 1

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

COMPUTER FUNDAMENTALS David Samuel Bhatti

© Paradigm Publishing, Inc. 4-1 Chapter 4 System Software Chapter 4 System Software.

Integrating Security Modeling in Embedded System Design Jan Werner, Matt Eby, Janos Mathe, Gabor Karsai, Yuan Xue, Janos Sztipanovits Institute for Software.

Full and Para Virtualization

LIGO-G9900XX-00-M LIGO II1 Why are we here and what are we trying to accomplish? The existing system of cross connects based on terminal blocks and discrete.

Operating Systems Morrison / WellsCLB: A Comp Guide to IC 3 3E 1 Morrison / Wells.

Software Systems Division (TEC-SW) ASSERT process & toolchain Maxime Perrotin, ESA.

HCS12 Technical Training Module 15 – Break Module Slide 1 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other.

Ms. Tracy  Identify the purpose of an operating system.  Identify different operating systems.  Describe computer user interaction with multiple.

System Programming Basics Cha#2 H.M.Bilal. Operating Systems An operating system is the software on a computer that manages the way different programs.

Submitted by:.  Project overview  Block diagram  Power supply  Microcontroller  MAX232 & DB9 Connector  Relay  Relay driver  Software requirements.

1 Lesson 8 Operating Systems Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

KNU RTLAB A Real-Time Linux System For Autonomous Navigation And Flight Attitude Control Of An Uninhabited Aerial Vehicle Charles E. Hall, Jr. Mechanical.

Microprocessors Personal Computers Embedded Systems Programmable Logic

Current Generation Hypervisor Type 1 Type 2.

Digital Map Server for Real Time Embedded Platforms

Operating Systems Overview

What is an Operating System?

Integrating Security Modeling in Embedded System Design

Chapter 2: The Linux System Part 1

SCONE: Secure Linux Containers Environments with Intel SGX

Presentation transcript:

Attacks on Three Tank System Three Tank System Testing Model-Based Security Features Experimental Platform for Model-Based Design of Embedded Systems Matt Eby, Jan Werner, Janos Mathe, Gabor Karsai, Sandeep Neema, Janos Sztipanovits, Yuan Xue Institute for Software Integrated Systems, Vanderbilt University April 27, 2006 Experimental Platform Architecture System is a test bed for the Modeling and Analysis of Complex Systems (MACS) group at Vanderbilt University The three tank system was chosen as an archetypical component controlled by SCADA system Three tank systems are common in chemical processing systems Tanks 1 & 2 regulate fluid levels in Tank 3 while Tank 3 supplies fluid to some process downstream We use this system to demonstrate and test the capabilities of security measures introduced via Model-Based Design Other Potential Attacks Taxonomy Hybrid System Dynamics 10/100BASE-T or b Plant Simulator Data Acquisition Board (DAQ) Embedded System Board Embedded System Board Embedded System Board The Data Acquisition Board interfaces plant simulation with embedded system boards The Plant Simulator acts as the physical environment in which the embedded system would run The embedded system boards run distributed control algorithms Plant Simulator Standard Desktop PC running Mathworks xPC DAQ blocks are appended to Plant Models xPC Code Generated with Real-Time Workshop Data Acquisition Board Measurement Computing PCI-DDA08/12 8 analog output channels (12 bit resolution) 48 Digital I/O Embedded System Board Micro/Sys SBC4495 Cyrix Intel 486 compatible processor 8 Analog Inputs & Outputs (14 bit resolution) 24 Digital I/O 10/100BASE-T Ethernet, b Supported OS Linux, Windows CE/98, VxWorks, LynxOS, PharLap ETS, MSDOS 5.0 Specifications Control System Security Model Embedded System Board 8 A/D Channels24 Digital I/O Plant Simulation Simulink Models Real-Time Workshop Mathworks xPC Target Measurement Computing PCI-DDA08/12 48 Digital I/O8 D/A Channels DSML Code Generator Embedded System Model Secure System Model The experimental platform facilitates “Hardware”-in-the-Loop testing of controllers. High fidelity plant simulations behave just as the actual physical environment would. Controllers can run on various operating systems with different security designs. Code for controllers is generated based on security models for the embedded system Picture Fill Tank 2 Source Tank 2 Source Tank 1 Fill Tank 1 Source Tank 1 Tank 3 Full Source Tank 2 Tank 3 Full (H1 > 0.7) && (RangeMid<=0.35) (H1 > 0.7) && (RangeMid>0.35 (H2 > RangeMid) (H3 > RangeMax) (H3<RangeMin) && (H1<RangeMid) (H3 < RangeMid) (H3 > RangeMax) (H3<RangeMin) && (H2<RangeMid) (H3 < RangeMid) Physical Plant Diagram Controller Outputs The experimental platform is configured for specific control problems such as a Three Tank System controlled by a SCADA system. We then test a variety of attacks against the system This allows us to exercise the code produced from the security models for: Performance overhead Strength of security for specific attacks Comparison between different operating systems Device Drivers Gentoo Linux (kernel ) Application Code Application Code GRsecurity Extensions Embedded System Board Configuration of Experimental Platform for Three Tank Testing Normal Operation Tank 1 Tank 3 Tank 2 Under normal conditions Tank 3 will fill up then stay within a defined range (in this case 0.45 m to 0.55 m). The tanks will overflow if fluid height exceeds 0.8 m. For the tests conducted on a Three Tank Controller we are running Gentoo Linux (kernel ) with GRsecurity extensions. GRsecurity adds 3.9% (33 kB) to the kernel footprint Performance overhead is 3.5% for non-executable memory protection GRsecurity extensions allow fine grained control over system resources I/O registers Memory Protection Inter-process Communication Unauthorized Access to I/O registers Tank 1 Tank 3 Tank 2 Unauthorized code writes to the I/O registers that are connected to the Three Tank System causing Tank 1 to overflow. FSM Diagram of Controller With I/O register protection only the tank control process has permission to write to I/O channels Model-Based approach can map desired security properties to underlying platform services such as POSIX capabilities (e.g. CAP_SYS_RAWIO) Denial of Service attack can increase execution time of tank control process Operation under normal conditions Worst case execution time = μs Mean execution time = 3123 μs Denial of Service attack on network data access component Worst case execution time = μs Mean execution time = μs DoS attacks cannot be easily prevented without support of platform services such as packet filtering.