CShield: Enabling code privacy for Cyber–Physical systems

Abstract

Cyber–Physical systems (CPS) play significant roles in critical infrastructure, smart facility and industrial control system. Lacking adequate security mechanism makes them more vulnerable and fragile than conventional computer systems (Ashibani and Mahmoud, 2017) [1], which brings about new potential threat to control system. The privacy data of CPS is critical and sensitive in terms of safety and security, of which leakage would facilitate the attacker corrupting manufacturer infrastructures, increasing the risks of human injury and enhancing the potential loss of assets. In particular, we reveal a new threat target to CPS that adversary can remotely and easily steal CPS sensitive data, e.g. control program, without requirement for any authentication. Furthermore, to enhance the privacy of CPS program and mitigate the privacy threat target to CPS, in this paper, we propose a novel CPS code protection approach adapting to various control scenarios. We pioneer CSheild, an automatic code obfuscation tool for CPS privacy protection through concealing the sensitive data of CPS control program. Our technique renames and splits the register variables which are used in CPS control program, modifies program’s control flow and appends heterogeneous confusion code to the program. We present a prototype of CSheild which can automatically generate various mutant programs, and demonstrate the feasibility of our CPS code obfuscation approach in real-world experiments. We also validate Csheild obfuscation effectiveness through volunteers test, Kolmogorov–Smirnov test and Shannon Entropy test. Result shows that our approach works well on CPS device and it is effective in code obfuscation.