When it comes to computer security, there are three main objectives: confidentiality—ensuring no one can steal your data; integrity—ensuring that your data has not been changed in any unauthorized way; and availability—making sure that you have access to the resources you need to do what you need to do.
Most research focuses on the first two, said Ning Zhang, assistant professor of computer science and engineering at the McKelvey School of Engineering at Washington University in St. Louis. It’s easy to see why. “If you are stopping me from using my credit card, that’s fine. It’s not as bad as if it were stolen and used by a thief,” he said, but what about when it comes to a self-driving car that’s barreling down a pothole-riddled road at 80 mph surrounded by other vehicles doing the same? In that situation, a little access—to the brakes, maybe?—would come in handy.
Zhang’s student presented research at the 43rd IEEE Symposium on Security and Privacy in San Francisco, May 23-25, which outlined a new framework for system availability in cyber-physical systems such as self-driving cars. It ensures the user has availability assurance to some of the mission controls so that, in the event of a cyber attack, the system remains safe.
The method Zhang outlined relies on two principles, isolation between critical and non-critical components and complete mediation over critical system resources. In order to keep critical components out of a hacker’s reach, it needs to be isolated from the rest of complex system. “It’s like a fortified castle,” Zhang said, referring to the isolated environment where computers keep potentially dangerous software away from its critical components.
In order to keep the trusted computing base small, this trusted execution environment maintains a very narrow bit of functionality for the cyber-physical system, such as the ability to brake, or disengage the gas or maybe to turn the wheel a little. These functionalities remain accessible to…