Application layer is one of the most challenging part of security – as off-the-shelf and vendor built applications are often installed on CPS control, monitoring, archiving of historic data for further data analytics, state estimation, N-1 Contingency analysis etc. In Automotive, applications range from entertainment system to drive-by-wire control mechanism in software. In UAV similarly, there are multiple applications both on-board and ground stations. Applications tend to have software implementation vulnerabilities such as buffer overflow, string format vulnerability, integer overflow, heap spraying vulnerability etc. These are often exploited to escalate privilege and thereby make inroads into the network interface whereby a worm style malware can compromise the other critical functionalities such as control, breaking mechanism etc. Steve Savage’s group in UC San Diego showed how a buffer overflow vulnerability in a car’s entertainment system enabled them to take over the anti-lock braking mechanism of a car. The application vulnerability may be not only due to software bugs, but also in algorithmic design (state estimators in power system have been shown to have vulnerabilities if the attacker has knowledge of the system topology and parameters), in the software architecture and its dependence on privileged access to system kernel, in the control algorithms leading to destabilizing control, or in relaying mechanism such as the role of Zone-3 relays in power system in aggravating a cascading blackout. Extensive research is required for vulnerability analysis, development of tools and methodologies for automated vulnerability discovery and penetration testing, development of secure patching mechanism to prevent attacks by unauthorized and unauthenticated patches. The need for analysis of malware and classification of malware automatically using machine learning is also part of this layer. Creating Application specific firewall which regulates application specific protocol traffic and API calls using machine learning based approaches is another thread of research in this layer. Application specific honeypot creation for entrapment of attackers to collect threat intelligence, modus operandi of the attackers, collecting malware – is another area to develop in this layer. Another area we plan to pursue is formal modelling and formal verification (both model checking and program analysis techniques) to find security bugs in the applications.
The major thrusts of research this layer are:
i. Application vulnerability assessment and penetration testing
ii. Formal Methods and Verification Techniques for finding vulnerabilities, and proving security guarantees in application
iii. Application Specific firewalls for regulating application specific protocol interactions as well as API calls (this includes web application firewalls)
iv. Honeypots for collecting application specific threat intelligence
v. Secure patch management of applications etc.