TRUST.IO: Protecting Physical Interfaces on Cyber-physical Systems
Spensky C, MacHiry A, Busch M, Leach K, Housley R, Kruegel C, Vigna G (2020)
Publication Type: Conference contribution
Publication year: 2020
Publisher: Institute of Electrical and Electronics Engineers Inc.
Conference Proceedings Title: 2020 IEEE Conference on Communications and Network Security, CNS 2020
Event location: ONLINE
ISBN: 9781728147604
DOI: 10.1109/CNS48642.2020.9162246
Abstract
Cyber-physical systems (CPSes) have been replacing their mechanical counterparts in many safety and securitycritical applications (e.g., door locks, automobiles, and critical infrastructure). However, this paradigm shift has introduced a new software-based attack vector into these historically isolated systems. Since many of these devices are networked, their physical interfaces are vulnerable to both remote and local attackers. In this work, we present TRUST. IO, a framework that automatically, and transparently, hardens these physical interfaces against all software-based exploits. More precisely, TRUST.IO ensures that the software on the device cannot access any protected general purpose input/output (GPIO) interfaces unless the command was initiated from a trusted external client (e.g., a key, phone, or centralized server). TRUST.IO exploits the fact that users rarely interact directly with these embedded devices. Instead, users interact with a remote system (e.g., a car key, smart hub, or control system) that ultimately issues commands to the single-purpose embedded device. Thus, TRUST.IO leverages modern embedded processor features to ensure that these critical physical interactions (e.g., actuating motors or reading sensors) will be performed if and only if the command was issued by an authorized external device that can satisfy a cryptographic challenge. We demonstrate that TRUST.IO can be easily applied to existing CPSes, both bare-metal and Linux-based, with minimal runtime overhead and minimal code modifications.
Authors with CRIS profile
Involved external institutions
University of California
United States (USA) (US)
University of Michigan - Dearborn
United States (USA) (US)
United States (USA) (US)
University of Michigan - Dearborn
United States (USA) (US)
How to cite
APA:
Spensky, C., MacHiry, A., Busch, M., Leach, K., Housley, R., Kruegel, C., & Vigna, G. (2020). TRUST.IO: Protecting Physical Interfaces on Cyber-physical Systems. In 2020 IEEE Conference on Communications and Network Security, CNS 2020. ONLINE: Institute of Electrical and Electronics Engineers Inc..
MLA:
Spensky, Chad, et al. "TRUST.IO: Protecting Physical Interfaces on Cyber-physical Systems." Proceedings of the 2020 IEEE Conference on Communications and Network Security, CNS 2020, ONLINE Institute of Electrical and Electronics Engineers Inc., 2020.
BibTeX: Download