REORDER: Securing Dynamic-Priority Real-Time Systems Using Schedule Obfuscation

The deterministic (timing) behavior of real-time systems (RTS) can be used by adversaries - say, to launch side channel attacks or even destabilize the system by denying access to critical resources. We propose a protocol (named REORDER) to obfuscate this predictable timing behavior of RTS, especially ones designed using dynamic-priority scheduling algorithms (e.g., EDF). We also present a metric (named "schedule entropy") that measures the levels of obfuscation introduced into a given real-time system. The REORDER protocol was integrated into the standard Linux real-time scheduler and evaluated on a realistic embedded platform (Raspberry Pi) running the MiBench automotive benchmark workloads. We also demonstrate how designers of RTS can increase the security of their systems and also quantitatively measure the impact (both in terms of security and performance) of using this protocol.

[1]  Meikang Qiu,et al.  Static Security Optimization for Real-Time Systems , 2009, IEEE Transactions on Industrial Informatics.

[2]  Ankur Srivastava,et al.  A Secure Algorithm for Task Scheduling against Side-channel Attacks , 2014, TrustED '14.

[3]  Gerhard Fohler,et al.  Improving Security for Time-Triggered Real-Time Systems against Timing Inference Based Attacks by Schedule Obfuscation , 2017 .

[4]  Lui Sha,et al.  TaskShuffler: A Schedule Randomization Protocol for Obfuscation against Timing Inference Attacks in Real-Time Systems , 2016, 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS).

[5]  Dan Page,et al.  Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel , 2002, IACR Cryptol. ePrint Arch..

[6]  Chung Laung Liu,et al.  Scheduling Algorithms for Multiprogramming in a Hard-Real-Time Environment , 1989, JACM.

[7]  John P. Lehoczky,et al.  Fixed priority scheduling of periodic task sets with arbitrary deadlines , 1990, [1990] Proceedings 11th Real-Time Systems Symposium.

[8]  Rocquencourt,et al.  Analysis of Deadline Scheduled Real-Time Systems , 1996 .

[9]  Frank Mueller,et al.  Time-based intrusion detection in cyber-physical systems , 2010, ICCPS '10.

[10]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[11]  Bruce Schneier,et al.  Side channel cryptanalysis of product ciphers , 2000 .

[12]  Rakesh Bobba,et al.  Exploring Opportunistic Execution for Integrating Security into Legacy Hard Real-Time Systems , 2016, 2016 IEEE Real-Time Systems Symposium (RTSS).

[13]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[14]  Arpan Gujarati,et al.  Outstanding Paper Award: Schedulability Analysis of the Linux Push and Pull Scheduler with Arbitrary Processor Affinities , 2013, 2013 25th Euromicro Conference on Real-Time Systems.

[15]  Lui Sha,et al.  SecureCore: A multicore-based intrusion detection architecture for real-time embedded systems , 2013, 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[16]  Man-Ki Yoon,et al.  A generalized model for preventing information leakage in hard real-time systems , 2015, 21st IEEE Real-Time and Embedded Technology and Applications Symposium.

[17]  Aloysius Ka-Lau Mok,et al.  Fundamental design problems of distributed systems for the hard-real-time environment , 1983 .

[18]  Lui Sha,et al.  Memory Heat Map: Anomaly detection in real-time embedded systems using memory behavior , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[19]  Claudio Scordino,et al.  An EDF scheduling class for the Linux kernel ∗ , 2009 .

[20]  Sanjoy K. Baruah,et al.  Limited Preemption EDF Scheduling of Sporadic Task Systems , 2010, IEEE Transactions on Industrial Informatics.

[21]  Hermann Härtig,et al.  Avoiding timing channels in fixed-priority schedulers , 2008, ASIACCS '08.

[22]  Damir Isovic,et al.  Handling sporadic tasks in real-time systems : Combined offline and online approach , 2001 .

[23]  Sibin Mohan,et al.  Schedule-Based Side-Channel Attack in Fixed-Priority Real-time Systems , 2015 .

[24]  Alan Burns,et al.  Applying new scheduling theory to static priority pre-emptive scheduling , 1993, Softw. Eng. J..

[25]  Trevor Mudge,et al.  MiBench: A free, commercially representative embedded benchmark suite , 2001 .

[26]  Marco Spuri,et al.  Preemptive and Non-Preemptive Real-Time UniProcessor Scheduling , 1996 .

[27]  Sanjoy K. Baruah,et al.  Preemptively scheduling hard-real-time sporadic tasks on one processor , 1990, [1990] Proceedings 11th Real-Time Systems Symposium.

[28]  J. Alves-Foss,et al.  Covert Timing Channel Analysis of Rate Monotonic Real-Time Scheduling Algorithm in MLS Systems , 2006, 2006 IEEE Information Assurance Workshop.

[29]  Jakob Engblom,et al.  The worst-case execution-time problem—overview of methods and survey of tools , 2008, TECS.

[30]  Giorgio C. Buttazzo,et al.  Measuring the Performance of Schedulability Tests , 2005, Real-Time Systems.

[31]  Hermann Härtig,et al.  On confidentiality-preserving real-time locking protocols , 2013, 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[32]  Sanjoy K. Baruah,et al.  Resource Sharing in EDF-Scheduled Systems: A Closer Look , 2006, 2006 27th IEEE International Real-Time Systems Symposium (RTSS'06).

[33]  Richard W. Hamming,et al.  Error detecting and error correcting codes , 1950 .

[34]  Xiao Qin,et al.  Improving security for periodic tasks in embedded systems through scheduling , 2007, TECS.

[35]  Jeffrey Westling,et al.  Future of the Internet of Things in Mission Critical Applications , 2016 .

[36]  Man-Ki Yoon,et al.  Integrating security constraints into fixed priority real-time schedulers , 2016, Real-Time Systems.

[37]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[38]  Man-Ki Yoon,et al.  Real-Time Systems Security through Scheduler Constraints , 2014, 2014 26th Euromicro Conference on Real-Time Systems.

[39]  Sebastian Fischmeister,et al.  SiPTA: Signal processing for trace-based anomaly detection , 2014, 2014 International Conference on Embedded Software (EMSOFT).

[40]  Marco Caccamo,et al.  S3A: secure system simplex architecture for enhanced security and robustness of cyber-physical systems , 2013, HiCoNS '13.

[41]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[42]  Petru Eles,et al.  Robustness Analysis of Real-Time Scheduling Against Differential Power Analysis Attacks , 2014, 2014 IEEE Computer Society Annual Symposium on VLSI.

[43]  Gerhard Fohler,et al.  Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems , 2018, ECRTS.

[44]  J. Leung,et al.  A Note on Preemptive Scheduling of Periodic, Real-Time Tasks , 1980, Inf. Process. Lett..