Disrupting the Cyber Kill Chain with Virtualization and System-of-Systems Testing

By Darren Cummings, DoD/Cyber Leader

The Cyber Kill Chain, defined by Lockheed Martin and others, is the sequence of steps a skilled attacker takes to compromise a system, beginning with external reconnaissance and proceeding through digital weapons development, deployment to a target network (and target devices), installing additional capabilities in the victim’s environment, and, ultimately, carrying out mission objectives like information theft, denial-of-service, or destruction of the target system and its data.  These effects have the potential to go even further in the case of air and space systems, where errant commands can cause not just electronics, but the airborne platform itself to crash, leading to a catastrophic loss of the system, and potentially loss of life.

Consider a typical satellite system. The platform has electronics in support of its guidance and telemetry, interoperating with onboard sensors and mission payloads, systems for power generation and distribution, and communications channels with the ground, and, occasionally, other space-based systems.  The successful operation of all of these systems is necessary to accomplish the platform’s mission. With limited space, weight, and power, complete isolation and redundancy are often not possible, so vulnerabilities in one system might also propagate to others.

The long life cycles and challenges with operational maintenance and upgrades make defense and aerospace systems particularly vulnerable to latent cybersecurity flaws, even as they represent the ideal target for advanced persistent threats such as foreign nation-state attackers. In order to defend against the cyber kill chain, aerospace developers need to employ a defense-in-depth strategy that offers countermeasures at every step. Comprehensive security testing early in the development life cycle is critical to achieving this, as is the deployment of best-in-breed security strategies including “security by design.” One important capability that enhances the security of a product through its life cycle is software virtualization.

Virtualization helps in the discovery of security vulnerabilities by enhancing the visibility that developers have into the effects software flaws have on subsystems and the system as a whole. Often, virtualization can be used to extend debugging capabilities beyond what is typically available via JTAG or system-specific solutions. When flaws are found, they can be caught and diagnosed quickly. Careful inspection of a systems boundaries through virtualization of system interfaces can also identify potential information disclosures an attacker can use to enhance his knowledge of the system. When combined with fault injection, virtualization also makes it much easier to find and fix data-format vulnerabilities such as buffer overflows and remote-code injection, which have often led to the most serious categories of attacks.

Virtualization can also provide isolation that prevents attackers from moving “up the kill chain.” In fact, there is a role to play for virtualization in preventing an attack at multiple stages. Strategies like address space randomization or dynamic instruction set architectures, for example, can prevent attacks from being weaponized.  Anti-persistence mechanisms, which reset the virtual machine to a known good state, can prevent the installation of the attacker’s malware. Virtual environments also offer a space outside the visibility of an attacker, where side-channel communications and command-and-control can be monitored and thwarted, a virtual “cyber range” for embedded devices.

Virtual machines already play a critical role in vulnerability assessment, reverse engineering prevention, and counter-malware strategies for conventional software. Until now, embedded-systems developers have not been able to benefit from virtualization due to the lack of comprehensive multi-platform solutions with support for cybersecurity. Ultimately, however, aerospace developers and integrators will need these solutions to prevent the most sophisticated categories of attacks against high-value targets, where human safety, mission effectiveness, or national security are at risk.

To learn more about how Performance Software’s virtualization solutions can help improve the security of your aerospace system, contact us today.