[Avionics Magazine 05-17-2016] Rockwell Collins is leading a research program funded by the Defense Advanced Projects Research Agency (DARPA) that is making significant progress producing technologies and concepts designed to prevent aircraft cyber security attacks. Using Unmanned Aerial Vehicles (UAVs) as research platforms, the High Assurance Cyber Military Systems (HACMS) program is proving that a formal methods approach can aid in the development of software designed to prevent hackers from accessing critical flight control and other onboard avionics systems.
Modified unmanned quadcopter being used for prototyping cyber security software by the HACMS team. Photo: DARPA.
HACMS was launched by DARPA in 2012 with the goal of creating technology designed to construct high-assurance cyber-physical systems using a formal-methods-based approach to software and hardware development. Rockwell Collins is the prime contractor for the air vehicle team, working with Boeing, Australian data innovation group Data 61, the University of Minnesota (UMN) and Galois, a research firm based in Portland, Ore. The program's goal, according to DARPA, is to generate open-source, high-assurance operating system and control system components to construct high-assurance military network-enabled aircraft platforms, while also transitioning its technology to both the defense and commercial sectors.
While the HACMS air vehicle team is using small quadcopter Remotely Piloted Aircraft (RPA) for its research, the overall goal is to be able to transition these technologies and concepts to full-scale passenger carrying aircraft, Darren Cofer, a fellow at Rockwell Collins advanced technology center and a member of the air vehicle team for DARPA's HACMS project, told Avionics Magazine. To replicate the structure of large-scale passenger aircraft and Beyond Line Of Sight (BLOS)-capable UAVs, the HACMS team has modified its quadcopter to feature an onboard network, flight control computer and mission computer capable of sending commands to the flight control computer and managing external data links while also performing encryption and decryption of data links along with hosting other payload functions, such as a surveillance camera.
"As far as the technologies that we are developing, there are really three categories of technologies that we have developed and demonstrated on this program. The first is a secure kernel that provides separation between the components. This kernel was developed by our partners Data 61 in Australia. What’s unique about this is that it is using formal methods, the application of mathematical techniques, specifically from logic and discrete mathematics to analyze and complete proofs of correctness of software as a mathematical object just as you would do in other engineering disciplines if you were analyzing a mechanical structure," said Cofer.
According to Microsoft, in most computer operating systems, the kernel serves as a central component managing communication between hardware and software components. What Cofer says is unique about this particular kernel is that Data 61 has developed it in a way so that it has a complete proof of correctness from its high level security specifications, all the way down to the binary information and data that gets flown on the aircraft.
The second category of technologies the HACMS air vehicle team is looking at is concerned with the applications software running on top of the kernel.
"You have to look at the applications software itself, the control functions, the communications functions, everything that’s running on top of this kernel. One of our partners in the HACMS program, Galois, has developed a new language that allows us to synthesize software that doesn’t have memory vulnerabilities that would be exploitable by an attacker," said Cofer.
"For example one of the classic security vulnerabilities is a buffer overrun error which allows one function or data to come in and overwrite memory where its not supposed to, and that can be exploited by a hacker. So Galois developed languages that allow us to produce software that doesn’t have these types of memory vulnerabilities. We have used this language to reverse engineer a lot of the functionality on our research platforms, Boeing did the same thing on the unmanned little bird that they flew,” he said, referring to a flight test of the kernel and software that occurred onboard a Boeing Unmanned Little Bird last summer. The Unmanned Little Bird is the unmanned variant of Boeing’s AH-6i manned scout helicopter.
Rockwell Collins and the University of Minnesota are jointly developing the third piece of technology for the HACMS program, an analysis tool that evaluates the overall architecture of the system.
"So, we have the software components running on top of the secure kernel and they have interfaces and they are communicating with each other and sending data back and forth. Our tools allow us to model the overall architecture of the vehicle and then do proofs of correctness about that architecture. We follow how data is passed through the systems, as well as the interactions and the behaviors of the individual components to provide proof of system level properties about the aircraft,” said Cofer.
The HACMS air vehicle team works in 18-month phases, and at the end of each phase, the team submits the software running on its quadcopter to a team of hackers comprised of individuals from applied research firm Draper, and AIS, an IT penetration testing firm. The hacker team then uses all of its available hacking tools to attempt to break all of the cyber security tools produced by the HACMS team. So far, they have not been able to break into anything developed by HACMS.
The next big milestone for the HACMS program is a final flight test scheduled for early 2017.
"The next big milestone is this flight test coming up. So far we’ve been applying these technologies to the mission computer on the Unmanned Little Bird. In our final flight test we will be re-engineering the flight control computer for the Little Bird, so that will be an important milestone for us," said Cofer.