TrackOS: a Security-Aware RTOS

Presented as part of the 2013 HCSS conference.

ABSTRACT

Cyber-physical systems (CPS) are becoming an increasingly attractive target for adversaries to launch software attacks against. New approaches are needed to detect software-based vulnerabilities while meeting the constraints of embedded execution in CPS.

TrackOS is a real-time operating system (RTOS) extension designed by Galois, Inc. to address the needs of software integrity in CPS. TrackOS uses control-flow integrity approaches and lightweight static analysis to check at runtime that RTOS tasks have not been maliciously compromised. The checks performed by TrackOS are unbypassable, meaning that TrackOS checks for the result of any software-based attack rather than attempting to prevent some specific class of attacks. TrackOS performs the checks while respecting the real-time constraints of its tasks, and it handles the complexities of embedded code (e.g., inline assembly, very limited memory, hardware interrupts on the control stack, no frame pointers, etc.). Furthermore, modifications to the monitored tasks are unnecessary. We have prototyped TrackOS and applied its analysis to an autopilot software system.