Architectural Enhancements to Increase Trust in Cyber-Physical Systems Containing Untrusted Software and Hardware

dc.contributor.authorFarag, Mohammed Morsy Naeemen
dc.contributor.committeechairPatterson, Cameron D.en
dc.contributor.committeememberMartin, Thomas L.en
dc.contributor.committeememberMortveit, Henning S.en
dc.contributor.committeememberRavindran, Binoyen
dc.contributor.committeememberRiad, Sedki Mohameden
dc.contributor.committeememberRizk, Mohameden
dc.contributor.departmentElectrical and Computer Engineeringen
dc.date.accessioned2014-03-14T20:16:40Zen
dc.date.adate2012-10-25en
dc.date.available2014-03-14T20:16:40Zen
dc.date.issued2012-09-17en
dc.date.rdate2012-10-25en
dc.date.sdate2012-09-24en
dc.description.abstractEmbedded electronics are widely employed in cyber-physical systems (CPSes), which tightly integrate and coordinate computational and physical elements. CPSes are extensively deployed in security-critical applications and nationwide infrastructure. Perimeter security approaches to preventing malware infiltration of CPSes are challenged by the complexity of modern embedded systems incorporating numerous heterogeneous and updatable components. Global supply chains and third-party hardware components, tools, and software limit the reach of design verification techniques and introduce security concerns about deliberate Trojan inclusions. As a consequence, skilled attacks against CPSes have demonstrated that these systems can be surreptitiously compromised. Existing run-time security approaches are not adequate to counter such threats because of either the impact on performance and cost, lack of scalability and generality, trust needed in global third parties, or significant changes required to the design flow. We present a protection scheme called Run-time Enhancement of Trusted Computing (RETC) to enhance trust in CPSes containing untrusted software and hardware. RETC is complementary to design-time verification approaches and serves as a last line of defense against the rising number of inexorable threats against CPSes. We target systems built using reconfigurable hardware to meet the flexibility and high-performance requirements of modern security protections. Security policies are derived from the system physical characteristics and component operational specifications and translated into synthesizable hardware integrated into specific interfaces on a per-module or per-function basis. The policy-based approach addresses many security challenges by decoupling policies from system-specific implementations and optimizations, and minimizes changes required to the design flow. Interface guards enable in-line monitoring and enforcement of critical system computations at run-time. Trust is only required in a small set of simple, self-contained, and verifiable guard components. Hardware trust anchors simultaneously addresses the performance, flexibility, developer productivity, and security requirements of contemporary CPSes. We apply RETC to several CPSes having common security challenges including: secure reconfiguration control in reconfigurable cognitive radio platforms, tolerating hardware Trojan threats in third-party IP cores, and preserving stability in process control systems. High-level architectures demonstrated with prototypes are presented for the selected applications. Implementation results illustrate the RETC efficiency in terms of the performance and overheads of the hardware trust anchors. Testbenches associated with the addressed threat models are generated and experimentally validated on reconfigurable platform to establish the protection scheme efficacy in thwarting the selected threats. This new approach significantly enhances trust in CPSes containing untrusted components without sacrificing cost and performance.en
dc.description.degreePh. D.en
dc.identifier.otheretd-09242012-185941en
dc.identifier.sourceurlhttp://scholar.lib.vt.edu/theses/available/etd-09242012-185941/en
dc.identifier.urihttp://hdl.handle.net/10919/29084en
dc.publisherVirginia Techen
dc.relation.haspartFarag_MM_D_2012.pdfen
dc.relation.haspartFarag_MM_D_2012_Copyright_1.pdfen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjectHardware Trojansen
dc.subjectReconfigurable Hardwareen
dc.subjectEmbedded Systems Securityen
dc.subjectCognitive radio networksen
dc.subjectTrusted Computingen
dc.subjectCyber-Physical Systemsen
dc.subjectProcess Control Systemsen
dc.titleArchitectural Enhancements to Increase Trust in Cyber-Physical Systems Containing Untrusted Software and Hardwareen
dc.typeDissertationen
thesis.degree.disciplineElectrical and Computer Engineeringen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.leveldoctoralen
thesis.degree.namePh. D.en

Files

Original bundle
Now showing 1 - 2 of 2
Loading...
Thumbnail Image
Name:
Farag_MM_D_2012.pdf
Size:
2.49 MB
Format:
Adobe Portable Document Format
Loading...
Thumbnail Image
Name:
Farag_MM_D_2012_Copyright_1.pdf
Size:
865.14 KB
Format:
Adobe Portable Document Format