Skip to Main content Skip to Navigation
Conference papers

Attack Injection into Avionic Systems through Application Code Mutation

Abstract : Given the continuous increase of malicious threats targeting embedded systems, the potential malicious modification of an aircraft application, by exploiting an unknown software or hardware vulnerability of the execution platform, must be seriously considered for future systems. Indeed, an insider attack breaking the organization's security measures to insert a malicious function on board could have significant consequences. Various solutions can be investigated to provide enhanced protection against such threats, including intrusion detection techniques. To design an Intrusion Detection System (IDS), and more specifically to evaluate its performance, abnormal data are required. However, to our knowledge, there is no publicly available attack data for aircraft applications. This paper proposes an approach and a tool aiming at automatically performing application code mutations that mimic the behavior of malevolent pieces of code introduced inside an application. The approach relies on three code modification strategies, designed to cover both generic and specific mutations. The tool takes into account the specific characteristics of avionic applications (dedicated hardware, real-time execution, threat model). This paper describes the architecture and implementation details of the tool, as well as some experiments, in which it is used in order to calibrate a Host-based Intrusion Detection System (HIDS) that we are currently implementing. For that purpose, specific code changes are introduced, targeting application integrity and availability as well as safety.
Complete list of metadata

https://hal.laas.fr/hal-03094185
Contributor : Aliénor Damien <>
Submitted on : Monday, January 4, 2021 - 11:35:15 AM
Last modification on : Thursday, June 10, 2021 - 3:48:22 AM
Long-term archiving on: : Monday, April 5, 2021 - 7:33:31 PM

File

PID6033481.pdf
Files produced by the author(s)

Identifiers

Citation

Aliénor Damien, Nathalie Feyt, Vincent Nicomette, Eric Alata, Mohamed Kaâniche. Attack Injection into Avionic Systems through Application Code Mutation. 2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC), Sep 2019, San Diego, United States. pp.1-8, ⟨10.1109/DASC43569.2019.9081616⟩. ⟨hal-03094185⟩

Share

Metrics

Record views

77

Files downloads

124