Abstract
Object Management Group's Data Distribution Service for Real-Time Systems (DDS) middleware standard is a popular technology that forms the core of many mission-critical distributed real-time, data-centric systems, including command and control systems, Air Traffic Control (ATC) systems and critical infrastructure systems. This paper shows how DDS can be manipulated to support malicious activity. We focus on client-side attacks by modelling and demonstrating five attacks in self-contained and isolated environments and by validating them using an end-to-end demonstrative scenario. This research enables further work in detecting and defending against cyberattacks on ATC systems, control systems or any other DDS-based critical infrastructure system.