Work-in-Progress: Measuring Security Protection in Real-time Embedded Firmware

The proliferation of real-time cyber-physical systems (CPS) is making profound changes to our daily life. Many real-time CPSs are security and safety-critical because of their continuous interactions with the physical world. While the general perception is that the security protection mechanism deployment is often absent in real-time embedded systems, there is no existing empirical study that measures the adoption of these mechanisms in the ecosystem. To bridge this gap, we conduct a measurement study for real-time embedded firmware from both a security perspective and a real-time perspective. To begin with, we collected more than 16 terabytes of embedded firmware and sampled 1,000 of them for the study. Then, we analyzed the adoption of security protection mechanisms and their potential impacts on the timeliness of real-time embedded systems. Besides, we measured the scheduling algorithms supported by real-time embedded systems since they are also security-critical.

[1]  Han Liu,et al.  PolyRhythm: Adaptive Tuning of a Multi-Channel Attack Template for Timing Interference , 2022, 2022 IEEE Real-Time Systems Symposium (RTSS).

[2]  Han Liu,et al.  From Timing Variations to Performance Degradation: Understanding and Mitigating the Impact of Software Execution Timing in SLAM , 2022, 2022 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS).

[3]  Ning Zhang,et al.  RT-TEE: Real-time System Availability for Cyber-physical Systems using ARM TrustZone , 2022, 2022 IEEE Symposium on Security and Privacy (SP).

[4]  M. Conti,et al.  Building Embedded Systems Like It's 1996 , 2022, NDSS.

[5]  M. Nasri,et al.  Vulnerability of Controller Area Network to Schedule-Based Attacks , 2021, 2021 IEEE Real-Time Systems Symposium (RTSS).

[6]  Ning Zhang,et al.  Chronos: Timing Interference as a New Attack Vector on Autonomous Cyber-physical Systems , 2021, CCS.

[7]  Robert I. Davis,et al.  An Empirical Survey-based Study into Industry Practice in Real-time Systems , 2020, 2020 IEEE Real-Time Systems Symposium (RTSS).

[8]  Zhiqiang Lin,et al.  FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware , 2020, CCS.

[9]  Sushil Jajodia,et al.  Memory Forensic Challenges Under Misused Architectural Features , 2018, IEEE Transactions on Information Forensics and Security.

[10]  Eran Yahav,et al.  FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware , 2018, ASPLOS.

[11]  Rakesh Bobba,et al.  Exploring Opportunistic Execution for Integrating Security into Legacy Hard Real-Time Systems , 2016, 2016 IEEE Real-Time Systems Symposium (RTSS).

[12]  Dawn Xiaodong Song,et al.  SoK: Eternal War in Memory , 2013, 2013 IEEE Symposium on Security and Privacy.

[13]  Mike Thelwall,et al.  Web crawling ethics revisited: Cost, privacy, and denial of service , 2006, J. Assoc. Inf. Sci. Technol..