A Moving Target Defense Approach Towards Security and Resilience in Cyber-Physical Systems

Abstract

Cyber-Physical Systems (CPS) such as autonomous vehicles are becoming widely utilized throughout society. CPS are unique with respect to the tightly coupled nature between the cyber software and physical dynamics of a system, increasing the reliability and precision of safety-critical processes. However, with these benefits comes potential tradeoffs including the increased openness and connectivity of safety-critical components. Applications traditionally designed to be standalone and protected through physical means are now becoming vulnerable to remote attacks not only within the continental United States, but by foreign adversaries around the globe. By leveraging memory corruption vulnerabilities such as buffer overflows, attackers can remotely perform code injection, code reuse, and non-control data attacks to hijack key functionality. This dissertation focuses on leveraging Moving Target Defense (MTD) techniques such as ISR, ASR, and DSR to create a secure runtime environment, preventing attackers from obtaining the reconnaissance knowledge necessary to exploit memory corruption vulnerabilities. Furthermore, in modern day CPS, it is not enough to protect against cyber-attacks, but it is equally as important to guarantee safety. By developing a novel security architecture integrating MTD protections with control reconfiguration, we can proactively defend against code injection, code reuse, and non-control data attacks, while rapidly detecting and recovering from attacks, ensuring that safe and reliable operation is maintained.