Secure reboots for real-time cyber-physical systems

Abstract

Cyber-Physical Systems (CPS) such as industrial control systems, automobiles, and medical devices often consist of applications with real-time properties. Due to the safety-critical nature of the application domain, multiple security and fault tolerance approaches have been studied and used in safety-critical CPS. One of the popular approaches for CPS safety is the Simplex architecture, which has also been used recently to strengthen the security of the CPS. The simplex architecture supports the integration of safe controllers for dependable systems, and when combined with periodic restarts, the architecture can reset the CPS into a safe state after each restart. However, these restart-based systems do not protect the system against attacks that persist beyond a restart. Such attacks can be mitigated using secure boot, which is a widely used approach for securing general computing systems but is not used in real-time systems due to the overhead of the boot process. This paper presents an analytical framework and derives feasibility conditions to enable secure reboots in real-time applications. The schedulability conditions presented can be used to design and integrate secure reboot into Simplex-based CPS. Our analysis shows that secure boot adds a deterministic and low-performance overhead, which can be as low as 0.08%.