Full Program »
Enforcing Cyber-Physical Execution Semantics to Defend Against Data-Oriented Attacks
Recent studies have revealed that control programs running on embedded devices suffer from both control-oriented attacks (e.g., code-injection or code-reuse attacks) and data-oriented attacks (e.g., non control data attacks). Unfortunately, existing anomaly detection mechanisms are insufficient to detect runtime data-oriented exploits, due to the lack of runtime execution semantics checking, specifically, causal dependencies between the physical context and program control flows. We aim to secure control programs against data-oriented attacks. We address several challenges in reasoning cyber-physical execution semantics of a control program, including the event identification and dependence analysis. We present a new program behavior model, i.e., the event-aware finite-state automaton ( eFSA ), which takes advantage of the event-driven nature of control programs and incorporates event checking in anomaly detection. eFSA detects subtle data-oriented exploits if a specific physical event is missing along with the corresponding event dependent state transition. We implement a prototype of our approach and evaluate eFSA ’s performance by conducting three real-world case studies. Our results show that eFSA is able to successfully detect different runtime data-oriented attacks. Our prototype on Raspberry Pi incurs a low overhead, taking 0.0001s for each state transition integrity checking, and 0.063s∼0.211s for cyber-physical contextual consistency checking.