Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

On the Feasibility of CubeSats Application Sandboxing for Space Missions

Gabriele Marra, Ulysse Planta, Philipp Wüstenberg, Ali Abbasi

TL;DR

The paper addresses securing CubeSat payloads by applying application sandboxing to isolate software components and limit exploitation impact. The authors define objective criteria for sandbox selection, compare nsjail, firejail, and bubblewrap against mission requirements, and select nsjail as the preferred solution for Linux-based ROS 2 deployments. They validate the approach through real-world experiments on the SUCHAI and SALSAT satellites, demonstrating that nsjail can block a local vulnerability from giving an attacker control of critical nodes. They discuss integration strategies for the ongoing RACCOON mission and outline limitations and future work toward scalable sandboxing in space systems.

Abstract

This paper details our journey in designing and selecting a suitable application sandboxing mechanism for a satellite under development, with a focus on small satellites. Central to our study is the development of selection criteria for sandboxing and assessing its appropriateness for our satellite payload. We also test our approach on two already operational satellites, Suchai and SALSAT, to validate its effectiveness. These experiments highlight the practicality and efficiency of our chosen sandboxing method for real-world space systems. Our results provide insights and highlight the challenges involved in integrating application sandboxing in the space sector.

On the Feasibility of CubeSats Application Sandboxing for Space Missions

TL;DR

The paper addresses securing CubeSat payloads by applying application sandboxing to isolate software components and limit exploitation impact. The authors define objective criteria for sandbox selection, compare nsjail, firejail, and bubblewrap against mission requirements, and select nsjail as the preferred solution for Linux-based ROS 2 deployments. They validate the approach through real-world experiments on the SUCHAI and SALSAT satellites, demonstrating that nsjail can block a local vulnerability from giving an attacker control of critical nodes. They discuss integration strategies for the ongoing RACCOON mission and outline limitations and future work toward scalable sandboxing in space systems.

Abstract

This paper details our journey in designing and selecting a suitable application sandboxing mechanism for a satellite under development, with a focus on small satellites. Central to our study is the development of selection criteria for sandboxing and assessing its appropriateness for our satellite payload. We also test our approach on two already operational satellites, Suchai and SALSAT, to validate its effectiveness. These experiments highlight the practicality and efficiency of our chosen sandboxing method for real-world space systems. Our results provide insights and highlight the challenges involved in integrating application sandboxing in the space sector.
Paper Structure (33 sections, 5 figures, 1 table)

This paper contains 33 sections, 5 figures, 1 table.

Table of Contents

  1. Introduction
  2. Technical Background
  3. Sandboxing
  4. Application Sanboxing in Linux
  5. Satellite environment
  6. Operational Threats in Space
  7. Cybersecurity Threats in Space
  8. requirements for sandboxing in space mission
  9. Our Mission Specific Attacker Model
  10. Space-Related Requirements and Solutions:
  11. Security Requirements Based on Threat Model:
  12. Overview of Considered Solutions:
  13. Discarding MAC Policies:
  14. Comparative Analysis
  15. Selection of nsjail:
  16. ...and 18 more sections

Figures (5)

  • Figure 1: Example of the stack of an application sandbox
  • Figure 2: Example of a generic middleware architecture using both publish/subscribe and client/server mechanisms
  • Figure 3: Diagram of the SALSAT IPU Architecture
  • Figure 4: Diagram of the SUCHAI Software Architecture
  • Figure 5: Diagram of the architecture planned for our satellite