"Zhang Lab Takes on Cyber-Physical System Hackers"

Ning Zhang, assistant computer science and engineering professor at the McKelvey School of Engineering at Washington University in St. Louis, wants to develop a new security capability to ensure safety against cyberattacks on pacemakers, autonomous vehicles, and more. Zhang's student presented research at the 43rd IEEE Symposium on Security and Privacy in San Francisco, outlining a new framework for system availability in cyber-physical systems such as self-driving cars. It ensures that the user has availability assurance to some of the mission controls, so the system remains safe if a cyberattack occurs. The method relies on isolation between critical and non-critical components and complete mediation over critical system resources. To keep critical components away from a hacker, they must be isolated from the rest of the complex system. To keep the trusted computing base small, the trusted execution environment maintains a minimal amount of functionality for the cyber-physical system, such as the ability to brake, disengage the gas, or turn the wheel slightly. Even if the vehicle's operating system is under attack, the driver can still use these features. Maintaining availability is not an easy task as the operating system controls everything in the vehicle. If a hacker is controlling the system, it will not give you control. This is where attack surface reduction comes in, to limit the points at which an attacker can have an impact on the trusted environment through its influence over the operating system. In order to accomplish this, the trusted environment will only respond to a subset of commands, and access is denied if a request falls outside of those commands. This article continues to discuss the new framework for system availability in cyber-physical systems. 

WUSTL reports "Zhang Lab Takes on Cyber-Physical System Hackers"