Session
Weekend Session V: Automation - Research and Academia
Location
Utah State University, Logan, UT
Abstract
F Prime (F’) is a multi-platform, open-source flight software (FSW) framework developed by the Jet Propulsion Laboratory (JPL). F’ provides a highly capable, component-driven framework tailored towards, but not limited to, small-scale systems like CubeSats, SmallSats, and instruments. We conducted an adversarial assessment of F’ aimed at evaluating its security vulnerabilities. This preliminary assessment of F’ entailed a multi-stage simulation of a malicious actor’s activities, including open-source reconnaissance, passive and active reconnaissance, and exploitation. In this paper, we present our methodology and discuss the preliminary findings of this assessment, which highlighted several areas where F’ could be enhanced. These areas include the implementation of encryption for uplink and down-link communication, command authentication, the establishment of community standard cybersecurity practices, remediation of information leakage, and development of an opcode randomizer to provide secure defaults. We expect this preliminary work to inspire further detailed security assessments, and further the design and development of more secure and resilient flight software architectures.
Adversarial Assessment of the F Prime Flight Software Framework: Findings and Recommendations
Utah State University, Logan, UT
F Prime (F’) is a multi-platform, open-source flight software (FSW) framework developed by the Jet Propulsion Laboratory (JPL). F’ provides a highly capable, component-driven framework tailored towards, but not limited to, small-scale systems like CubeSats, SmallSats, and instruments. We conducted an adversarial assessment of F’ aimed at evaluating its security vulnerabilities. This preliminary assessment of F’ entailed a multi-stage simulation of a malicious actor’s activities, including open-source reconnaissance, passive and active reconnaissance, and exploitation. In this paper, we present our methodology and discuss the preliminary findings of this assessment, which highlighted several areas where F’ could be enhanced. These areas include the implementation of encryption for uplink and down-link communication, command authentication, the establishment of community standard cybersecurity practices, remediation of information leakage, and development of an opcode randomizer to provide secure defaults. We expect this preliminary work to inspire further detailed security assessments, and further the design and development of more secure and resilient flight software architectures.