Session
Swifty Session 6: Ground Systems & Operations
Location
Utah State University, Logan, UT
Abstract
In this paper we present The Gestalt, a novel security methodology developed with support from the Office of Naval Research for satellite ground stations systems. While security is often a stated priority for these systems, often it is traded off for better performance, lower cost and reduced design complexity.
We identified two main classes of security vulnerabilities that can be exploited by attackers in small-sat systems: 1) intentionally introduced supply chain vulnerabilities in both software and hardware, and 2) inadvertent coding and logic vulnerabilities in code.
Our engineering methodology reduces the risk of attacks through four methods:
1. Debloating: Ground stations are complex and involve the integration of many hardware and software systems. This complexity makes them vulnerable to a range of software, and hardware based attacks. Our method of implementing what was previously software functionality in hardware through system debloating achieves this attack surface reduction.
2. Hardware synthesis from Specifications: The use of legacy-free high-level synthesis (HLS) for the specification of processing functions reduces implementation errors, increases productivity, and permits hardware validation using commercial software fuzz testing techniques.
3. Use of hardware scanning techniques: We use a novel method for performing security scans of hardware blocks generated by High-level Synthesis. This step reduces the risk of backdoors inserted by specification developers, attackers modifying the code without knowledge of developers or high-level synthesis tools going undetected.
4. Static memory allocation: A majority of software attacks today are due to memory safety problems in software: Microsoft revealed that 70% of the exploited software vulnerabilities are related to the absence of memory safety. When we use software in the The Gestalt, we take a radical approach to solving the pervasive memory safety problem by completely eliminating the use of dynamic memory. Instead, data processing takes place in hardware using static memory allocation.
The result of these approaches is the Exos FEP, a tightly-integrated ground station system that operates in a bit-serial manner. Compared to conventional designs, the Exos FEP achieves high performance by implementing all data processing functions in hardware. Our solution is able to achieve data rates up to 125 Mbps per FPGA in a commodity, commercially cloud-based environment. Perhaps, the most important benefit is a 1000-fold reduction in lines of code compared to state-of-the-art FEP implementation, and achieves Zero Trust supply chain guarantees.
With the increased adoption of smallsats, the security problems normally only associated with large military control centers are now spreading to smaller organizations which may not have the necessary security infrastructure to fully understand or cope with the threats. The possibility of using a security-forward approach such as The Gestalt methodology and the resulting ground system architecture and implementation are a promising approach for protecting the smallsat ecosystem.
The Gestalt: A Secure, High Performance, Low Cost Satellite Ground Station Architecture and its Implementation
Utah State University, Logan, UT
In this paper we present The Gestalt, a novel security methodology developed with support from the Office of Naval Research for satellite ground stations systems. While security is often a stated priority for these systems, often it is traded off for better performance, lower cost and reduced design complexity.
We identified two main classes of security vulnerabilities that can be exploited by attackers in small-sat systems: 1) intentionally introduced supply chain vulnerabilities in both software and hardware, and 2) inadvertent coding and logic vulnerabilities in code.
Our engineering methodology reduces the risk of attacks through four methods:
1. Debloating: Ground stations are complex and involve the integration of many hardware and software systems. This complexity makes them vulnerable to a range of software, and hardware based attacks. Our method of implementing what was previously software functionality in hardware through system debloating achieves this attack surface reduction.
2. Hardware synthesis from Specifications: The use of legacy-free high-level synthesis (HLS) for the specification of processing functions reduces implementation errors, increases productivity, and permits hardware validation using commercial software fuzz testing techniques.
3. Use of hardware scanning techniques: We use a novel method for performing security scans of hardware blocks generated by High-level Synthesis. This step reduces the risk of backdoors inserted by specification developers, attackers modifying the code without knowledge of developers or high-level synthesis tools going undetected.
4. Static memory allocation: A majority of software attacks today are due to memory safety problems in software: Microsoft revealed that 70% of the exploited software vulnerabilities are related to the absence of memory safety. When we use software in the The Gestalt, we take a radical approach to solving the pervasive memory safety problem by completely eliminating the use of dynamic memory. Instead, data processing takes place in hardware using static memory allocation.
The result of these approaches is the Exos FEP, a tightly-integrated ground station system that operates in a bit-serial manner. Compared to conventional designs, the Exos FEP achieves high performance by implementing all data processing functions in hardware. Our solution is able to achieve data rates up to 125 Mbps per FPGA in a commodity, commercially cloud-based environment. Perhaps, the most important benefit is a 1000-fold reduction in lines of code compared to state-of-the-art FEP implementation, and achieves Zero Trust supply chain guarantees.
With the increased adoption of smallsats, the security problems normally only associated with large military control centers are now spreading to smaller organizations which may not have the necessary security infrastructure to fully understand or cope with the threats. The possibility of using a security-forward approach such as The Gestalt methodology and the resulting ground system architecture and implementation are a promising approach for protecting the smallsat ecosystem.