Integrating security constraints into fixed priority real-time schedulers

Traditionally, most real-time systems (RTS) were considered to be invulnerable to security breaches and external attacks. This was mainly due to the use of proprietary hardware and protocols in such systems along with physical isolation. Hence, security and RTS were considered to be separate domains. This assumption is being challenged by recent events that highlight the vulnerabilities in such systems. In this paper, we focus on how to integrate security as a first-class principle in the design of RTS. We demonstrate how certain security requirements can be cast as real-time scheduling constraints. We use information leakage as a motivating problem to illustrate our techniques and focus on the class of fixed-priority real-time schedulers. We evaluate our approach both analytically as well as using simulations and discuss the tradeoffs in using such an approach. Our work shows that many real-time task sets can be scheduled using our methods without significant performance impact.

[1]  Man-Ki Yoon,et al.  Real-Time Systems Security through Scheduler Constraints , 2014, 2014 26th Euromicro Conference on Real-Time Systems.

[2]  Chung Laung Liu,et al.  Scheduling Algorithms for Multiprogramming in a Hard-Real-Time Environment , 1989, JACM.

[3]  Sang H. Son,et al.  Supporting timeliness and security in real-time database systems , 1997, Proceedings Ninth Euromicro Workshop on Real Time Systems.

[4]  Alan Burns,et al.  Applying new scheduling theory to static priority pre-emptive scheduling , 1993, Softw. Eng. J..

[5]  Sang Hyuk Son,et al.  Correction to 'Integrating Security and Real-Time Requirements Using Covert Channel Capacity' , 2000, IEEE Trans. Knowl. Data Eng..

[6]  Lui Sha,et al.  SecureCore: A multicore-based intrusion detection architecture for real-time embedded systems , 2013, 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[7]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[8]  Jane W.-S. Liu Real-Time Systems , 2000, Encyclopedia of Algorithms.

[9]  Sang Hyuk Son,et al.  Partial security policies to support timeliness in secure real-time databases , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[10]  Lui Sha,et al.  ASIIST: Application Specific I/O Integration Support Tool for Real-Time Bus Architecture Designs , 2009, 2009 14th IEEE International Conference on Engineering of Complex Computer Systems.

[11]  Lui Sha,et al.  Real-time synchronization protocols for multiprocessors , 1988, Proceedings. Real-Time Systems Symposium.

[12]  Radha Poovendran,et al.  Secure Operation, Control, and Maintenance of Future E-Enabled Airplanes , 2008, Proceedings of the IEEE.

[13]  Wei-Ming Hu Reducing Timing Channels with Fuzzy Time , 1992, J. Comput. Secur..

[14]  Susan V. Vrbsky,et al.  Maintaining security in firm real-time database systems , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[15]  James B. Orlin,et al.  Max flows in O(nm) time, or better , 2013, STOC '13.

[16]  Srivaths Ravi,et al.  Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..

[17]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[18]  Frank Mueller,et al.  Time-based intrusion detection in cyber-physical systems , 2010, ICCPS '10.

[19]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[20]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[21]  Hsien-Hsin S. Lee,et al.  An Integrated Framework for Dependable and Revivable Architectures Using Multicore Processors , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[22]  Colin Percival CACHE MISSING FOR FUN AND PROFIT , 2005 .

[23]  Marco Caccamo,et al.  S3A: secure system simplex architecture for enhanced security and robustness of cyber-physical systems , 2013, HiCoNS '13.

[24]  Derek Reinhardt,et al.  Certification criteria for emulation technology in the australian defence force military avionics context , 2007 .

[25]  Hermann Härtig,et al.  Avoiding timing channels in fixed-priority schedulers , 2008, ASIACCS '08.

[26]  Wei-Ming Hu,et al.  Lattice scheduling and covert channels , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[27]  Hermann Härtig,et al.  On confidentiality-preserving real-time locking protocols , 2013, 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[28]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[29]  J. Alves-Foss,et al.  Covert Timing Channel Analysis of Rate Monotonic Real-Time Scheduling Algorithm in MLS Systems , 2006, 2006 IEEE Information Assurance Workshop.

[30]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[31]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[32]  H.-H.S. Lee,et al.  An Integrated Framework for Dependable and Revivable Architectures Using Multicore Processors , 2006, ISCA 2006.

[33]  Taesoo Kim,et al.  STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud , 2012, USENIX Security Symposium.

[34]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[35]  Todd E. Humphreys,et al.  Drone Hack: Spoofing Attack Demonstration on a Civilian Unmanned Aerial Vehicle , 2012 .

[36]  Xiao Qin,et al.  Improving security for periodic tasks in embedded systems through scheduling , 2007, TECS.

[37]  Patrick Meumeu Yomsi,et al.  Extending Rate Monotonic Analysis with Exact Cost of Preemptions for Hard Real-Time Systems , 2007, 19th Euromicro Conference on Real-Time Systems (ECRTS'07).

[38]  Meikang Qiu,et al.  Static Security Optimization for Real-Time Systems , 2009, IEEE Transactions on Industrial Informatics.