CICI: SSC: Real-Time Operating System and Network Security for Scientific Middleware

CICI：SSC：科学中间件的实时操作系统和网络安全

• 批准号: 1839321
• 负责人: Gedare Bloom
• 金额: $ 99.99万
• 依托单位: Howard University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2019-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1839321&HistoricalAwards=false
• 关键词: CICI; SSC; Real; Time; Operating

Remote monitoring and control of industrial control systems are protected using firewalls and user passwords. Cyberattacks that get past firewalls have unfettered access to command industrial control systems with potential to harm digital assets, environmental resources, and humans in proximity to the compromised system. To prevent and mitigate such harms in scientific industrial control systems, this project enhances the security of open-source cyberinfrastructure used for high energy physics, astronomy, and space sciences. The results of this project enhance the security of scientific instruments used in particle accelerators, large-scale telescopes, satellites, and space probes. The benefits to science and the public include greater confidence in the fidelity of experimental data collected from these scientific instruments, and increased reliability of scientific cyberinfrastructure that reduces the costs associated with accidental misconfigurations or malicious cyberattacks.The objective of this project is to enhance the security of the open-source Real-Time Executive for Multiprocessor Systems (RTEMS) real-time operating system and the Experimental Physics and Industrial Control System (EPICS) software and networks; RTEMS and EPICS are widely used cyberinfrastructure for controlling scientific instruments. The security enhancements span eight related project activities: (1) static analysis and security fuzzing as part of continuous integration; (2) cryptographic security for the open-source software development life cycle; (3) secure boot and update for remotely-managed scientific instruments; (4) open-source cryptographic libraries for secure communication; (5) real-time memory protection; (6) formal modeling and analysis of network protocols; (7) enhanced security event logging; and (8) network-based intrusion detection for scientific industrial control systems. The project outcomes provide a roadmap for enculturating cybersecurity best practices in open-source, open-science communities while advancing the state-of-the-art research in cyberinfrastructure software engineering and industrial control system security.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

使用防火墙和用户密码保护工业控制系统的远程监视和控制。越过防火墙的网络攻击不受限制地访问命令工业控制系统，该系统可能会损害数字资产，环境资源和人类与受损系统的距离。 为了预防和减轻科学工业控制系统中的这种危害，该项目增强了用于高能物理，天文学和太空科学的开源网络基础设施的安全性。该项目的结果增强了粒子加速器，大规模望远镜，卫星和空间探针中使用的科学仪器的安全性。 The benefits to science and the public include greater confidence in the fidelity of experimental data collected from these scientific instruments, and increased reliability of scientific cyberinfrastructure that reduces the costs associated with accidental misconfigurations or malicious cyberattacks.The objective of this project is to enhance the security of the open-source Real-Time Executive for Multiprocessor Systems (RTEMS) real-time operating system and the Experimental Physics and Industrial Control System (EPICS)软件和网络； RTEM和EPICS广泛用于控制科学仪器的网络基础设施。安全性增强范围涵盖了八项相关项目活动：（1）作为连续集成的一部分，静态分析和安全性构成； （2）开源软件开发生命周期的加密安全； （3）安全启动并更新以远程管理的科学仪器； （4）用于安全通信的开源加密库； （5）实时内存保护； （6）网络协议的正式建模和分析； （7）增强的安全事件记录； （8）基于网络的科学工业控制系统的入侵检测。该项目成果为在开源，开放科学社区中提供网络安全的最佳实践提供了路线图，同时推进了网络基础设施软件工程和工业控制系统安全的最先进研究。这奖反映了NSF的法定任务，并通过评估基础的智力效果和广阔的范围来评估，并被视为值得通过评估来进行评估。

项目成果

Controller Area Network Intrusion Prevention System Leveraging Fault Recovery

利用故障恢复的控制器局域网入侵防御系统

• DOI: 10.1145/3338499.3357360
• 发表时间: 2019
• 期刊: Proceedings of the ACM Workshop on Cyber-Physical Systems Security & Privacy
• 作者: Olufowobi, Habeeb;Hounsinou, Sena;Bloom, Gedare
• 通讯作者: Bloom, Gedare

On the Pitfalls and Vulnerabilities of Schedule Randomization Against Schedule-Based Attacks

• DOI: 10.1109/rtas.2019.00017
• 发表时间: 2019-04
• 期刊: 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS)
• 作者: M. Nasri;Thidapat Chantem;Gedare Bloom;Ryan M. Gerdes