Skip navigation

A rigorous and efficient run-time security monitor for real-time critical embedded system applications

A rigorous and efficient run-time security monitor for real-time critical embedded system applications

Khan, Muhammad Taimoor ORCID logoORCID: https://orcid.org/0000-0002-5752-6420, Serpanos, Dimitrios and Shrobe, Howard (2017) A rigorous and efficient run-time security monitor for real-time critical embedded system applications. In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT). IEEE, pp. 100-105. ISBN 978-1509041305 (doi:10.1109/WF-IoT.2016.7845510)

Full text not available from this repository. (Request a copy)

Abstract

We introduce a run-time security monitor for embedded system applications that detects both known and unknown computational cyber-attacks. Our security monitor is rigorous (i.e. sound and complete), eliminating false alarms, as well as efficient, supporting real-time detection. In contrast, conventional run-time security monitors for application software either produce (high rates of) false alarms (e.g. intrusion detection systems) or limit application performance (e.g. run-time verification systems). Such monitors are typically non-adaptive against constantly changing attacks of variable extent. Our run-time monitor detects attacks by checking the consistency between the application run-time behavior and its specified (expected) behavior model. Our specification language is based on monadic second order logic and event calculus interpreted over algebraic data structures; the application implementation can be in any programming language. Based on our defined denotational semantics of the specification language, we prove that the security monitor is sound and complete, i.e. it produces an alarm iff it detects an inconsistency between the application execution and the specified behavior. Importantly, the monitor detects not only cyber-attacks but all behavioral deviations from specification, e.g. bugs, and so, is readily applicable to the security of legacy systems. Through an application of our prototype monitor to a PID controller for a feedwater tank, we demonstrate that rigorous run-time monitors employing verification techniques are effective, efficient and readily applicable to demanding real-time critical systems, without scalability limitations.

Item Type: Conference Proceedings
Title of Proceedings: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT)
Uncontrolled Keywords: monitoring, security, real-time systems, computational modeling, calculus, prototypes, industrial control
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science > Internet of Things and Security Research Centre (ISEC)
Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS)
Faculty of Engineering & Science
Last Modified: 04 Mar 2022 13:07
URI: http://gala.gre.ac.uk/id/eprint/24429

Actions (login required)

View Item View Item