A Container-based DoS Attack-Resilient Control Framework for Real-Time UAV Systems
This addresses security vulnerabilities in UAV systems, which is critical for real-time applications, but it is an incremental improvement using existing container technology.
The paper tackled the problem of protecting real-time UAV systems from Denial-of-Service (DoS) attacks by proposing ContainerDrone, a container-based framework that defends CPU, memory, and communication channels, and experimental results showed its effectiveness in mitigating various attacks.
The Unmanned aerial vehicles (UAVs) sector is fast-expanding. Protection of real-time UAV applications against malicious attacks has become an urgent problem that needs to be solved. Denial-of-service (DoS) attack aims to exhaust system resources and cause important tasks to miss deadlines. DoS attack may be one of the common problems of UAV systems, due to its simple implementation. In this paper, we present a software framework that offers DoS attack-resilient control for real-time UAV systems using containers: ContainerDrone. The framework provides defense mechanisms for three critical system resources: CPU, memory, and communication channel. We restrict attacker's access to CPU core set and utilization. Memory bandwidth throttling limits attacker's memory usage. By simulating sensors and drivers in the container, a security monitor constantly checks DoS attacks over communication channels. Upon the detection of a security rule violation, the framework switches to the safety controller to mitigate the attack. We implemented a prototype quadcopter with commercially off-the-shelf (COTS) hardware and open-source software. Our experimental results demonstrated the effectiveness of the proposed framework defending against various DoS attacks.