Rachel McAmis (MIT Lincoln Laboratory and University of Washington), Connor Willison (MIT Lincoln Laboratory), Richard Skowyra (MIT Lincoln Laboratory), Samuel Mergendahl (MIT Lincoln Laboratory)
Satellite systems enable many capabilities for their users, such as high-speed, low-latency communications, weather forecasting, geographic imaging, and defense applications. As customers increase their reliance on this critical infrastructure, the risk of attack only increases, particularly from highly-resourced adversaries. However, in this work, we demonstrate that common existing space system software platforms are poorly equipped to handle malicious satellite peripherals. Using NASA’s popular open source core Flight System software (cFS), we show that with current satellite software and industry-standard reliability techniques, a system designer will inevitably confront a dilemma: Either the system deploys countermeasures against malicious components and suffers degraded nominal performance, or the system cannot survive malicious components. We conclude by proposing challenges and considerations towards resolving this dilemma.