Manipulative Interference Attacks
CCS ’24, October 14–18, 2024, Salt Lake City, UT, USA
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
ACM|Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security
2025
|
| Online Access: | https://hdl.handle.net/1721.1/158086 |
| _version_ | 1824458233057640448 |
|---|---|
| author | Mergendahl, Samuel Fickas, Stephen Norris, Boyana Skowyra, Richard |
| author2 | Lincoln Laboratory |
| author_facet | Lincoln Laboratory Mergendahl, Samuel Fickas, Stephen Norris, Boyana Skowyra, Richard |
| author_sort | Mergendahl, Samuel |
| collection | MIT |
| description | CCS ’24, October 14–18, 2024, Salt Lake City, UT, USA |
| first_indexed | 2025-02-19T04:22:38Z |
| format | Article |
| id | mit-1721.1/158086 |
| institution | Massachusetts Institute of Technology |
| language | English |
| last_indexed | 2025-02-19T04:22:38Z |
| publishDate | 2025 |
| publisher | ACM|Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security |
| record_format | dspace |
| spelling | mit-1721.1/1580862025-01-28T14:54:15Z Manipulative Interference Attacks Mergendahl, Samuel Fickas, Stephen Norris, Boyana Skowyra, Richard Lincoln Laboratory CCS ’24, October 14–18, 2024, Salt Lake City, UT, USA A μ-kernel is an operating system (OS) paradigm that facilitates a strong cybersecurity posture for embedded systems. Unlike a monolithic OS such as Linux, a μ-kernel reduces overall system privilege by deploying most OS functionality within isolated, userspace protection domains. Moreover, a μ-kernel ensures confidentiality and integrity between protection domains (i.e., spatial isolation), and offers timing predictability for real-time tasks in mixed-criticality systems (i.e., temporal isolation). One popular μ-kernel is seL4 which offers extensive formal guarantees of implementation correctness and flexible temporal budgeting mechanisms. However, we show that an untrusted protection domain on a μ-kernel can abuse service requests to other protection domains in order to corrode system availability. We generalize this denial-of-service (DoS) attack strategy as Manipulative Interference Attacks (MIAs) and introduce techniques to efficiently identify instances of MIAs within a configured system. Specifically, we propose a novel hybrid approach that first leverages static analysis to identify software components with influenceable execution times, and second, uses an automatically generated model-based analysis to determine which compromised protection domains can manipulate the influenceable components and trigger MIAs. We investigate the risk of MIAs in several representative system examples including the seL4 Microkit, as well as a case study of seL4 software artifacts from the DARPA Cyber Assured Systems Engineering (CASE) program. In particular, we demonstrate that our analysis is efficient enough to discover practical instances of MIAs in real-world systems. 2025-01-28T14:54:13Z 2025-01-28T14:54:13Z 2024-12-02 2025-01-01T08:49:35Z Article http://purl.org/eprint/type/ConferencePaper 979-8-4007-0636-3 https://hdl.handle.net/1721.1/158086 Mergendahl, Samuel, Fickas, Stephen, Norris, Boyana and Skowyra, Richard. 2024. "Manipulative Interference Attacks." PUBLISHER_CC en https://doi.org/10.1145/3658644.3690246 Creative Commons Attribution https://creativecommons.org/licenses/by/4.0/ The author(s) application/pdf ACM|Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security Association for Computing Machinery |
| spellingShingle | Mergendahl, Samuel Fickas, Stephen Norris, Boyana Skowyra, Richard Manipulative Interference Attacks |
| title | Manipulative Interference Attacks |
| title_full | Manipulative Interference Attacks |
| title_fullStr | Manipulative Interference Attacks |
| title_full_unstemmed | Manipulative Interference Attacks |
| title_short | Manipulative Interference Attacks |
| title_sort | manipulative interference attacks |
| url | https://hdl.handle.net/1721.1/158086 |
| work_keys_str_mv | AT mergendahlsamuel manipulativeinterferenceattacks AT fickasstephen manipulativeinterferenceattacks AT norrisboyana manipulativeinterferenceattacks AT skowyrarichard manipulativeinterferenceattacks |