| dc.contributor.author | Mergendahl, Samuel | |
| dc.contributor.author | Fickas, Stephen | |
| dc.contributor.author | Norris, Boyana | |
| dc.contributor.author | Skowyra, Richard | |
| dc.date.accessioned | 2025-01-28T14:54:13Z | |
| dc.date.available | 2025-01-28T14:54:13Z | |
| dc.date.issued | 2024-12-02 | |
| dc.identifier.isbn | 979-8-4007-0636-3 | |
| dc.identifier.uri | https://hdl.handle.net/1721.1/158086 | |
| dc.description | CCS ’24, October 14–18, 2024, Salt Lake City, UT, USA | en_US |
| dc.description.abstract | A μ-kernel is an operating system (OS) paradigm that facilitates a strong cybersecurity posture for embedded systems. Unlike a monolithic OS such as Linux, a μ-kernel reduces overall system privilege by deploying most OS functionality within isolated, userspace protection domains. Moreover, a μ-kernel ensures confidentiality and integrity between protection domains (i.e., spatial isolation), and offers timing predictability for real-time tasks in mixed-criticality systems (i.e., temporal isolation). One popular μ-kernel is seL4 which offers extensive formal guarantees of implementation correctness and flexible temporal budgeting mechanisms.
However, we show that an untrusted protection domain on a μ-kernel can abuse service requests to other protection domains in order to corrode system availability. We generalize this denial-of-service (DoS) attack strategy as Manipulative Interference Attacks (MIAs) and introduce techniques to efficiently identify instances of MIAs within a configured system. Specifically, we propose a novel hybrid approach that first leverages static analysis to identify software components with influenceable execution times, and second, uses an automatically generated model-based analysis to determine which compromised protection domains can manipulate the influenceable components and trigger MIAs. We investigate the risk of MIAs in several representative system examples including the seL4 Microkit, as well as a case study of seL4 software artifacts from the DARPA Cyber Assured Systems Engineering (CASE) program. In particular, we demonstrate that our analysis is efficient enough to discover practical instances of MIAs in real-world systems. | en_US |
| dc.publisher | ACM|Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security | en_US |
| dc.relation.isversionof | https://doi.org/10.1145/3658644.3690246 | en_US |
| dc.rights | Creative Commons Attribution | en_US |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | en_US |
| dc.source | Association for Computing Machinery | en_US |
| dc.title | Manipulative Interference Attacks | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Mergendahl, Samuel, Fickas, Stephen, Norris, Boyana and Skowyra, Richard. 2024. "Manipulative Interference Attacks." | |
| dc.contributor.department | Lincoln Laboratory | en_US |
| dc.identifier.mitlicense | PUBLISHER_CC | |
| dc.eprint.version | Final published version | en_US |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | en_US |
| eprint.status | http://purl.org/eprint/status/NonPeerReviewed | en_US |
| dc.date.updated | 2025-01-01T08:49:35Z | |
| dc.language.rfc3066 | en | |
| dc.rights.holder | The author(s) | |
| dspace.date.submission | 2025-01-01T08:49:35Z | |
| mit.license | PUBLISHER_CC | |
| mit.metadata.status | Authority Work and Publication Information Needed | en_US |
