RUCKUS: A Cybersecurity Engine for Performing Autonomous Cyber-Physical System
In 2016, the Cyber Grand Challenge (CGC) provided key foundations and motivations for navigating towards an autonomous cybersecurity approach. Since that time, novel strides have been made in the areas of static analysis, vulnerability discovery, patching, and exploit generation. However, a majority of these efforts have been focused on enterprise systems, leaving a gap in the Cyber-Physical System (CPS) domain. With the rise of connected infrastructure and the introduction of 5G communications, CPS are becoming more ingrained within present-day society. Due to a large amount of legacy software, and control of safety-critical actuation, CPS are and will continue to be a huge attack vector for our adversaries to remotely deploy devastating attacks against our country with low economic cost and at scale. |
To combat this threat, we propose the need to apply the most beneficial concepts from the CGC to create more secure and resilient CPS. In this paper, we introduce a CPS security assessment architecture RUCKUS for autonomously identifying and analyzing CPS firmware, identifying vulnerabilities, and developing exploits. Further, our approach considers how to integrate graph analytics to extrapolate findings to firmware at scale, allowing for measuring the potential widespread impact of attacks. Our architecture is demonstrated using an automotive case study, leveraging firmware from the most popular automotive and router manufacturers to assess the real-world potential impact of CPS attacks.
Dr. Bradley Potteiger is a current senior professional staff member and embedded exploitation researcher at The Johns Hopkins University Applied Physics Laboratory working within the Institute for Assured Autonomy and APL Asymmetric Operations Sector on cutting edge applications related to cybersecurity, space systems, election integrity and national security. He has also worked in the Executive Office of the President, The White House and has been supported by the NSA throughout his PhD studies. Dr. Potteiger received his Ph.D. from the Department of Electrical Engineering at Vanderbilt University and his B.S. Degree in Computer Engineering from the University of Maryland, Baltimore County. His dissertation focuses on creating a moving target defense (MTD) architecture for embedded devices to enhance CPS integrity, while maintaining availability with safe, reliable, and predictable system operations.