“Enforcing safety and security through non-intrusive runtime verification”
in Proceedings of the 1st Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS), Porto, Portugal, Dec. 2016, pp. 19–24.(co-located with the IEEE Real-Time Systems Symposium 2016 (RTSS 2016)).
Abstract: The recent extensive development in Cyber-Physical Systems (CPSs) has lead to the emergence of new concerns regarding timeliness, safety and security properties. For decades, numerous vulnerabilities have put systems and applications at risk and CPSs are no exception. Noteworthy recurring issues are, for example, Buffer Overflows (BOs). We intend to deal with some types of BOs, other accidental faults and intended attacks by means of Non-Intrusive Runtime Verification (NIRV), to be accomplished through the design of a black-box observer and monitoring entity. Tackling security hazards can be enforced at different levels or granularities depending on how detailed our knowledge of the inner workings of the system and applications running on it is. We introduce solutions to detect and handle explicit attacks and accidental faults, focusing on completely null understanding of the analyzed environment's specificities, but also discussing scenarios where program mechanics and engineering are completely known.
Research line(s): Timeliness and Adaptation in Dependable Systems (TADS)