alex c. snoeren stefan savage, aaron schulman, brown farinholt, … · alex c. snoeren karl koscher...
TRANSCRIPT
![Page 1: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/1.jpg)
Triton: A Software-Reconfigurable Federated Avionics Testbed
Sam Crow, Brown Farinholt,Stefan Savage, Aaron Schulman,
Alex C. Snoeren
Karl Koscher Stephen Checkoway Kirill Levchenko
Brian Johannesmeyer
![Page 2: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/2.jpg)
We created a testbed to analyze the security of aircraft
Analyzing the security of aircraft systems
What happens if an attacker compromises an airplane’s electronics?- Can it make the airplane operate in an unsafe manner?
- Can it make the pilots think an unsafe condition is safe?
We need to attack a genuine airplane to answer these questions- Attacks in simulation or theory are difficult to believe
- Testing on an airplane is impractical
![Page 3: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/3.jpg)
Real aircraft systems
![Page 4: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/4.jpg)
Inputs
Airborne Data Loader (ADL)
● Connects to all other computers
● Loads software/data updates
● Security: Malicious software
![Page 5: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/5.jpg)
Inputs
VHF Data Radio (VDR)
● For ACARS: Air-ground text communication
● Converts radio↔text
● Security: Entry point, accepts all messages
![Page 6: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/6.jpg)
Inputs
Multifunction control and display unit (MCDU)
● Interface between pilots and computers
![Page 7: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/7.jpg)
Inputs
![Page 8: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/8.jpg)
The CMU is the heart
Communications Management Unit (CMU)
● Processes all ACARS messages from VDR
● Forwards messages to other devices
● Security: Parses untrusted input, well-connected
![Page 9: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/9.jpg)
The CMU is the heart
![Page 10: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/10.jpg)
More computers
Flight Management Computer (FMC)
● Navigates, calculates performance parameters
● Sometimes controls autopilot
● Receives ACARS messages through CMU
● Security: Directly influences flight
![Page 11: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/11.jpg)
How to make a testbench
![Page 12: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/12.jpg)
How to make a testbench
![Page 13: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/13.jpg)
How to make a testbench
![Page 14: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/14.jpg)
Connections: ARINC 429
One transmitter per bus -> Many buses
![Page 15: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/15.jpg)
r429: Virtual interconnection
![Page 16: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/16.jpg)
Attack vector: Software updates
![Page 17: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/17.jpg)
Design
![Page 18: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/18.jpg)
How it looks
~16 cm
![Page 19: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/19.jpg)
Experiments: Software update
![Page 20: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/20.jpg)
Attack vector: ACARS
![Page 21: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/21.jpg)
Design: ACARS
![Page 22: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/22.jpg)
Experiments: ACARS
![Page 23: Alex C. Snoeren Stefan Savage, Aaron Schulman, Brown Farinholt, … · Alex C. Snoeren Karl Koscher Stephen Checkoway Kirill Levchenko Brian Johannesmeyer. We created a testbed to](https://reader033.vdocument.in/reader033/viewer/2022050205/5f58b3960a873552ea7468a2/html5/thumbnails/23.jpg)
Conclusion● Triton: Runs real computers, simulates an airplane
on a workbench● Use to test security● Next steps: Flight Control Computer