Optimized trusted execution for hard real-time applications on COTS processors

While trusted execution environments (TEE) provide industry standard security and isolation, its implementation through secure monitor calls (SMC) attribute to large time overhead and weakened temporal predictability, potentially prohibiting the use of TEE in hard real-time systems. We propose super-TEEs, where multiple trusted execution sections are fused together to amortize TEE execution overhead and improve predictability through minimized I/O traffic and reduced switching between normal mode and TEE mode of execution. Super-TEEs may, however, violate a task's timing requirement and impact the schedulability of the system. We present a technique to enforce the correct timing requirement of a task, along with a sufficient test for schedulability in uniprocessors. We also, discuss ct-RM, a static task assignment and partitioned scheduling algorithm to schedule super-TEEs, alongside other real-time tasks, on multicore systems. Experimental results on a Raspberry Pi 3B, further confirmed by simulations, show that ct-RM outperforms the state-of-the-art technique in terms of usable utilization by 12% on average and up to 27%.

[1]  Rakesh Bobba,et al.  Exploring Opportunistic Execution for Integrating Security into Legacy Hard Real-Time Systems , 2016, 2016 IEEE Real-Time Systems Symposium (RTSS).

[2]  Saad M. Darwish,et al.  Stealthy code obfuscation technique for software security , 2010, The 2010 International Conference on Computer Engineering & Systems.

[3]  Jorge Pereira,et al.  LTZVisor: TrustZone is the Key , 2017, ECRTS.

[4]  Petru Eles,et al.  Energy-aware design of secure multi-mode real-time embedded systems with FPGA co-processors , 2013, RTNS '13.

[5]  Chenyang Lu,et al.  Feedback Thermal Control for Real-time Systems , 2010, 2010 16th IEEE Real-Time and Embedded Technology and Applications Symposium.

[6]  Abdelmadjid Bouabdallah,et al.  Trusted Execution Environment: What It is, and What It is Not , 2015, TrustCom 2015.

[7]  Luis E. Leyva-del-Foyo,et al.  Comprehensive Comparison of Schedulability Tests for Uniprocessor Rate-Monotonic Scheduling , 2013 .

[8]  Mani B. Srivastava,et al.  PROTC: PROTeCting Drone's Peripherals through ARM TrustZone , 2017, DroNet@MobiSys.

[9]  Håvard D. Johansen,et al.  Secure Edge Computing with ARM TrustZone , 2017, IoTBDS.

[10]  Stefan Mangard,et al.  ARMageddon: Cache Attacks on Mobile Devices , 2015, USENIX Security Symposium.

[11]  Yubin Xia,et al.  vTZ: Virtualizing ARM TrustZone , 2017, USENIX Security Symposium.

[12]  Nan Sang,et al.  ARCSM: A Distributed Feedback Control Mechanism for Security-critical Real-time System , 2012, 2012 IEEE 10th International Symposium on Parallel and Distributed Processing with Applications.

[13]  Nobuyuki Yamasaki,et al.  Design and implementation of reconfigurable modular humanoid robot architecture , 2005, 2005 IEEE/RSJ International Conference on Intelligent Robots and Systems.

[14]  James W. Layland,et al.  Scheduling Algorithms for Multiprogramming in a Hard-Real-Time Environment , 1989, JACM.

[15]  Andy J. Wellings,et al.  Using harmonic task-sets to increase the schedulable utilization of cache-based preemptive real-time systems , 1996, Proceedings of 3rd International Workshop on Real-Time Computing Systems and Applications.

[16]  Fernando Guirado,et al.  A New Task Graph Model for Mapping Message Passing Applications , 2007, IEEE Transactions on Parallel and Distributed Systems.

[17]  Prashant J. Shenoy,et al.  Real-time support for mobile robotics , 2003, The 9th IEEE Real-Time and Embedded Technology and Applications Symposium, 2003. Proceedings..

[18]  Gerhard Fohler,et al.  An Efficient Method for Assigning Harmonic Periods to Hard Real-Time Tasks with Period Ranges , 2015, 2015 27th Euromicro Conference on Real-Time Systems.

[19]  Jorge Pereira,et al.  FreeTEE: When real-time and security meet , 2015, 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation (ETFA).

[20]  Theodore P. Baker,et al.  The cyclic executive model and Ada , 2006, Real-Time Systems.

[21]  Trent Jaeger,et al.  TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone , 2017, MobiSys.

[22]  Yin Liu,et al.  RT-trust: automated refactoring for trusted execution under real-time constraints , 2018, GPCE.

[23]  Aurélien Francillon,et al.  Inception: System-Wide Security Testing of Real-World Embedded Systems Software , 2018, USENIX Security Symposium.

[24]  Vuk Lesi,et al.  Security-Aware Scheduling of Embedded Control Tasks , 2017, ACM Trans. Embed. Comput. Syst..

[25]  Sudarshan K. Dhall,et al.  On a Real-Time Scheduling Problem , 1978, Oper. Res..

[26]  Wenliang Du,et al.  TruZ-Droid: Integrating TrustZone with Mobile Operating System , 2018, MobiSys.

[27]  Daniel Martin,et al.  TrustZone Explained: Architectural Features and Use Cases , 2016, 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC).

[28]  Ching-Chih Han,et al.  A better polynomial-time schedulability test for real-time fixed-priority scheduling algorithms , 1997, Proceedings Real-Time Systems Symposium.