A Container-based DoS Attack-Resilient Control Framework for Real-Time UAV Systems

Jiyang Chen, Zhiwei Feng, Jen Yang Wen, Bo Liu, Lui Raymond Sha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The Unmanned aerial vehicles (UAVs) sector is fast-expanding. Protection of real-time UAV applications against malicious attacks has become an urgent problem that needs to be solved. Denial-of-service (DoS) attack aims to exhaust system resources and cause important tasks to miss deadlines. DoS attack may be one of the common problems of UAV systems, due to its simple implementation. In this paper, we present a software framework that offers DoS attack-resilient control for real-time UAV systems using containers: ContainerDrone. The framework provides defense mechanisms for three critical system resources: CPU, memory, and communication channel. We restrict attacker's access to CPU core set and utilization. Memory bandwidth throttling limits attacker's memory usage. By simulating sensors and drivers in the container, a security monitor constantly checks DoS attacks over communication channels. Upon the detection of a security rule violation, the framework switches to the safety controller to mitigate the attack. We implemented a prototype quadcopter with commercially off-the-shelf (COTS) hardware and open-source software. Our experimental results demonstrated the effectiveness of the proposed framework defending against various DoS attacks.

Original languageEnglish (US)
Title of host publicationProceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1222-1227
Number of pages6
ISBN (Electronic)9783981926323
DOIs
StatePublished - May 14 2019
Event22nd Design, Automation and Test in Europe Conference and Exhibition, DATE 2019 - Florence, Italy
Duration: Mar 25 2019Mar 29 2019

Publication series

NameProceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019

Conference

Conference22nd Design, Automation and Test in Europe Conference and Exhibition, DATE 2019
CountryItaly
CityFlorence
Period3/25/193/29/19

Fingerprint

Denial of Service
Unmanned aerial vehicles (UAV)
Container
Containers
Attack
Real-time
Data storage equipment
Program processors
Communication Channels
Computer hardware
Resources
Open Source Software
Computer systems
Deadline
Switches
Framework
Denial-of-service attack
Bandwidth
Driver
Controllers

Keywords

  • Cyber Physical System
  • Denial of Service attack
  • Linux Container
  • Real-time System
  • Security
  • Simplex
  • Unmanned Aerial Vehicle Systems

ASJC Scopus subject areas

  • Hardware and Architecture
  • Electrical and Electronic Engineering
  • Safety, Risk, Reliability and Quality
  • Control and Optimization

Cite this

Chen, J., Feng, Z., Wen, J. Y., Liu, B., & Sha, L. R. (2019). A Container-based DoS Attack-Resilient Control Framework for Real-Time UAV Systems. In Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019 (pp. 1222-1227). [8714888] (Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.23919/DATE.2019.8714888

A Container-based DoS Attack-Resilient Control Framework for Real-Time UAV Systems. / Chen, Jiyang; Feng, Zhiwei; Wen, Jen Yang; Liu, Bo; Sha, Lui Raymond.

Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 1222-1227 8714888 (Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chen, J, Feng, Z, Wen, JY, Liu, B & Sha, LR 2019, A Container-based DoS Attack-Resilient Control Framework for Real-Time UAV Systems. in Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019., 8714888, Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019, Institute of Electrical and Electronics Engineers Inc., pp. 1222-1227, 22nd Design, Automation and Test in Europe Conference and Exhibition, DATE 2019, Florence, Italy, 3/25/19. https://doi.org/10.23919/DATE.2019.8714888
Chen J, Feng Z, Wen JY, Liu B, Sha LR. A Container-based DoS Attack-Resilient Control Framework for Real-Time UAV Systems. In Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 1222-1227. 8714888. (Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019). https://doi.org/10.23919/DATE.2019.8714888
Chen, Jiyang ; Feng, Zhiwei ; Wen, Jen Yang ; Liu, Bo ; Sha, Lui Raymond. / A Container-based DoS Attack-Resilient Control Framework for Real-Time UAV Systems. Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 1222-1227 (Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019).
@inproceedings{1266d65854af4b30a9409fefbcbb3664,
title = "A Container-based DoS Attack-Resilient Control Framework for Real-Time UAV Systems",
abstract = "The Unmanned aerial vehicles (UAVs) sector is fast-expanding. Protection of real-time UAV applications against malicious attacks has become an urgent problem that needs to be solved. Denial-of-service (DoS) attack aims to exhaust system resources and cause important tasks to miss deadlines. DoS attack may be one of the common problems of UAV systems, due to its simple implementation. In this paper, we present a software framework that offers DoS attack-resilient control for real-time UAV systems using containers: ContainerDrone. The framework provides defense mechanisms for three critical system resources: CPU, memory, and communication channel. We restrict attacker's access to CPU core set and utilization. Memory bandwidth throttling limits attacker's memory usage. By simulating sensors and drivers in the container, a security monitor constantly checks DoS attacks over communication channels. Upon the detection of a security rule violation, the framework switches to the safety controller to mitigate the attack. We implemented a prototype quadcopter with commercially off-the-shelf (COTS) hardware and open-source software. Our experimental results demonstrated the effectiveness of the proposed framework defending against various DoS attacks.",
keywords = "Cyber Physical System, Denial of Service attack, Linux Container, Real-time System, Security, Simplex, Unmanned Aerial Vehicle Systems",
author = "Jiyang Chen and Zhiwei Feng and Wen, {Jen Yang} and Bo Liu and Sha, {Lui Raymond}",
year = "2019",
month = "5",
day = "14",
doi = "10.23919/DATE.2019.8714888",
language = "English (US)",
series = "Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "1222--1227",
booktitle = "Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019",
address = "United States",

}

TY - GEN

T1 - A Container-based DoS Attack-Resilient Control Framework for Real-Time UAV Systems

AU - Chen, Jiyang

AU - Feng, Zhiwei

AU - Wen, Jen Yang

AU - Liu, Bo

AU - Sha, Lui Raymond

PY - 2019/5/14

Y1 - 2019/5/14

N2 - The Unmanned aerial vehicles (UAVs) sector is fast-expanding. Protection of real-time UAV applications against malicious attacks has become an urgent problem that needs to be solved. Denial-of-service (DoS) attack aims to exhaust system resources and cause important tasks to miss deadlines. DoS attack may be one of the common problems of UAV systems, due to its simple implementation. In this paper, we present a software framework that offers DoS attack-resilient control for real-time UAV systems using containers: ContainerDrone. The framework provides defense mechanisms for three critical system resources: CPU, memory, and communication channel. We restrict attacker's access to CPU core set and utilization. Memory bandwidth throttling limits attacker's memory usage. By simulating sensors and drivers in the container, a security monitor constantly checks DoS attacks over communication channels. Upon the detection of a security rule violation, the framework switches to the safety controller to mitigate the attack. We implemented a prototype quadcopter with commercially off-the-shelf (COTS) hardware and open-source software. Our experimental results demonstrated the effectiveness of the proposed framework defending against various DoS attacks.

AB - The Unmanned aerial vehicles (UAVs) sector is fast-expanding. Protection of real-time UAV applications against malicious attacks has become an urgent problem that needs to be solved. Denial-of-service (DoS) attack aims to exhaust system resources and cause important tasks to miss deadlines. DoS attack may be one of the common problems of UAV systems, due to its simple implementation. In this paper, we present a software framework that offers DoS attack-resilient control for real-time UAV systems using containers: ContainerDrone. The framework provides defense mechanisms for three critical system resources: CPU, memory, and communication channel. We restrict attacker's access to CPU core set and utilization. Memory bandwidth throttling limits attacker's memory usage. By simulating sensors and drivers in the container, a security monitor constantly checks DoS attacks over communication channels. Upon the detection of a security rule violation, the framework switches to the safety controller to mitigate the attack. We implemented a prototype quadcopter with commercially off-the-shelf (COTS) hardware and open-source software. Our experimental results demonstrated the effectiveness of the proposed framework defending against various DoS attacks.

KW - Cyber Physical System

KW - Denial of Service attack

KW - Linux Container

KW - Real-time System

KW - Security

KW - Simplex

KW - Unmanned Aerial Vehicle Systems

UR - http://www.scopus.com/inward/record.url?scp=85066629863&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85066629863&partnerID=8YFLogxK

U2 - 10.23919/DATE.2019.8714888

DO - 10.23919/DATE.2019.8714888

M3 - Conference contribution

AN - SCOPUS:85066629863

T3 - Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019

SP - 1222

EP - 1227

BT - Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019

PB - Institute of Electrical and Electronics Engineers Inc.

ER -