TY - GEN
T1 - A Container-based DoS Attack-Resilient Control Framework for Real-Time UAV Systems
AU - Chen, Jiyang
AU - Feng, Zhiwei
AU - Wen, Jen Yang
AU - Liu, Bo
AU - Sha, Lui
N1 - Funding Information:
This project is sponsored in part by NSF 1739732 and by N00014-17-1-2783, and China Scholarship Council under Grant No.: 201706080092.
Funding Information:
This project is sponsored in part by NSF 1739732 and by N00014-17-1-2783, and China Scholarship Council under Grant No.: 201706080092. The work was carried out at the Intelligent Robotics Laboratory, Coordinated Science Laboratory, University of Illinois at Urbana-Champaign.
Publisher Copyright:
© 2019 EDAA.
PY - 2019/5/14
Y1 - 2019/5/14
N2 - The Unmanned aerial vehicles (UAVs) sector is fast-expanding. Protection of real-time UAV applications against malicious attacks has become an urgent problem that needs to be solved. Denial-of-service (DoS) attack aims to exhaust system resources and cause important tasks to miss deadlines. DoS attack may be one of the common problems of UAV systems, due to its simple implementation. In this paper, we present a software framework that offers DoS attack-resilient control for real-time UAV systems using containers: ContainerDrone. The framework provides defense mechanisms for three critical system resources: CPU, memory, and communication channel. We restrict attacker's access to CPU core set and utilization. Memory bandwidth throttling limits attacker's memory usage. By simulating sensors and drivers in the container, a security monitor constantly checks DoS attacks over communication channels. Upon the detection of a security rule violation, the framework switches to the safety controller to mitigate the attack. We implemented a prototype quadcopter with commercially off-the-shelf (COTS) hardware and open-source software. Our experimental results demonstrated the effectiveness of the proposed framework defending against various DoS attacks.
AB - The Unmanned aerial vehicles (UAVs) sector is fast-expanding. Protection of real-time UAV applications against malicious attacks has become an urgent problem that needs to be solved. Denial-of-service (DoS) attack aims to exhaust system resources and cause important tasks to miss deadlines. DoS attack may be one of the common problems of UAV systems, due to its simple implementation. In this paper, we present a software framework that offers DoS attack-resilient control for real-time UAV systems using containers: ContainerDrone. The framework provides defense mechanisms for three critical system resources: CPU, memory, and communication channel. We restrict attacker's access to CPU core set and utilization. Memory bandwidth throttling limits attacker's memory usage. By simulating sensors and drivers in the container, a security monitor constantly checks DoS attacks over communication channels. Upon the detection of a security rule violation, the framework switches to the safety controller to mitigate the attack. We implemented a prototype quadcopter with commercially off-the-shelf (COTS) hardware and open-source software. Our experimental results demonstrated the effectiveness of the proposed framework defending against various DoS attacks.
KW - Cyber Physical System
KW - Denial of Service attack
KW - Linux Container
KW - Real-time System
KW - Security
KW - Simplex
KW - Unmanned Aerial Vehicle Systems
UR - http://www.scopus.com/inward/record.url?scp=85066629863&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85066629863&partnerID=8YFLogxK
U2 - 10.23919/DATE.2019.8714888
DO - 10.23919/DATE.2019.8714888
M3 - Conference contribution
AN - SCOPUS:85066629863
T3 - Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019
SP - 1222
EP - 1227
BT - Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 22nd Design, Automation and Test in Europe Conference and Exhibition, DATE 2019
Y2 - 25 March 2019 through 29 March 2019
ER -