Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems

Much effort has been put into improving the predictability of real-time systems, especially in safety-critical environments, which provides designers with a rich set of methods and tools to attest safety in situations with no or a limited number of accidental faults. However, with increasing connectivity of real-time systems and a wide availability of increasingly sophisticated exploits, security and, in particular, the consequences of predictability on security become concerns of equal importance. Time-triggered scheduling with offline constructed tables provides determinism and simplifies timing inference, however, at the same time, time-triggered scheduling creates vulnerabilities by allowing attackers to target their attacks to specific, deterministically scheduled and possibly safety-critical tasks. In this paper, we analyze the severity of these vulnerabilities by assuming successful compromise of a subset of the tasks running in a real-time system and by investigating the attack potential that attackers gain from them. Moreover, we discuss two ways to mitigate direct attacks: slot-level online randomization of schedules, and offline schedulediversification. We evaluate these mitigation strategies with a real-world case study to show their practicability for mitigating not only accidentally malicious behavior, but also malicious behavior triggered by attackers on purpose. 2012 ACM Subject Classification Computer systems organization → Real-time systems, Software and its engineering → Scheduling, Security and privacy → Operating systems security

[1]  Hermann Kopetz,et al.  Authentication in Time-Triggered Systems Using Time-Delayed Release of Keys , 2011, 2011 14th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing.

[2]  Günter Grünsteidl,et al.  TTP - A Protocol for Fault-Tolerant Real-Time Systems , 1994, Computer.

[3]  Reinhard Wilhelm,et al.  Efficient and Precise Cache Behavior Prediction for Real-Time Systems , 1999, Real-Time Systems.

[4]  Florian Skopik,et al.  Towards Secure Time-Triggered Systems , 2012, SAFECOMP Workshops.

[5]  Silviu S. Craciunas,et al.  SMT-based Task- and Network-level Static Schedule Generation for Time-Triggered Networked Systems , 2014, RTNS.

[6]  Abhik Roychoudhury,et al.  Scope-Aware Data Cache Analysis for WCET Estimation , 2011, 2011 17th IEEE Real-Time and Embedded Technology and Applications Symposium.

[7]  Stefan Schorr,et al.  Adaptive Real-Time Scheduling and Resource Management on Multicore Architectures , 2015 .

[8]  Hermann Härtig,et al.  On confidentiality-preserving real-time locking protocols , 2013, 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[9]  Hermann Härtig,et al.  Avoiding timing channels in fixed-priority schedulers , 2008, ASIACCS '08.

[10]  Wei-Ming Hu,et al.  Lattice scheduling and covert channels , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  C.B. Watkins,et al.  Transitioning from federated avionics architectures to Integrated Modular Avionics , 2007, 2007 IEEE/AIAA 26th Digital Avionics Systems Conference.

[12]  Lui Sha,et al.  TaskShuffler: A Schedule Randomization Protocol for Obfuscation against Timing Inference Attacks in Real-Time Systems , 2016, 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS).

[13]  Man-Ki Yoon,et al.  Integrating security constraints into fixed priority real-time schedulers , 2016, Real-Time Systems.

[14]  Claire Pagetti,et al.  The ROSACE case study: From Simulink specification to multi/many-core execution , 2014, 2014 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[15]  Jochen Liedtke,et al.  OS-controlled cache predictability for real-time systems , 1997, Proceedings Third IEEE Real-Time Technology and Applications Symposium.

[16]  Rodolfo Pellizzoni,et al.  PALLOC: DRAM bank-aware memory allocator for performance isolation on multicore platforms , 2014, 2014 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[17]  Paulo Veríssimo,et al.  Improving Security for Time-Triggered Real-Time Systems with Task Replication , 2018, 2018 IEEE 24th International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA).