skip to main content
10.1145/2508859.2512527acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
poster

POSTER: Sechduler: a security-aware kernel scheduler

Published: 04 November 2013 Publication History

Abstract

Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. We present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither realtime nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3 % on average to guarantee high level of combined security and realtimeness simultaneously.

References

[1]
DWYER, M. B., AVRUNIN, G. S., AND CORBETT, J. C. Patterns in property specifications for finite-state verification. In Proceedings of the 21st international conference on Software engineering (New York, NY, USA, 1999), ICSE '99, ACM, pp. 411--420.
[2]
JIANG, K., AND JONSSON, B. Using spin to model check concurrent algorithms, using a translation from c to promela. In Proc. 2nd Swedish Workshop on Multi-Core Computing (2009), Department of Information Technology, Uppsala University, pp. 67--69.
[3]
KING, S. T., AND CHEN, P. M. Backtracking intrusions. In Proceedings of the Nineteenth ACM symposium on Operating systems principles (2003), vol. 37, pp. 223--236.
[4]
PABLA, C. S. Completely fair scheduler. Linux J. 2009, 184 (Aug. 2009).
[5]
ROUTRAY, R., ZHANG, R., EYERS, D., WILLCOCKS, D., PIETZUCH, P., AND SARKAR, P. Policy generation framework for large-scale storage infrastructures. In IEEE Symposium on Policies for Distributed Systems and Networks (2010), pp. 65--72.
[6]
SATO, H., AND YAKOH, T. A real-time communication mechanism for rtlinux. In Annual Confjerence of the IEEE Industrial Electronics Society (2000), vol. 4, pp. 2437--2442 vol.4.
[7]
WOTRING, B., POTTER, B., RANUM, M., AND WICHMANN, R. Host Integrity Monitoring Using Osiris and Samhain. Syngress Publishing, 2005.
[8]
ZONOUZ, S. A., JOSHI, K. R., AND SANDERS, W. H. Floguard: cost-aware systemwide intrusion defense via online forensics and on-demand ids deployment. In International conference on Computer safety, reliability, and security (2011), pp. 338--354.

Index Terms

  1. POSTER: Sechduler: a security-aware kernel scheduler

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
      November 2013
      1530 pages
      ISBN:9781450324779
      DOI:10.1145/2508859
      Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 04 November 2013

      Check for updates

      Author Tag

      1. real-time security

      Qualifiers

      • Poster

      Conference

      CCS'13
      Sponsor:

      Acceptance Rates

      CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;
      Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

      Upcoming Conference

      CCS '25

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 228
        Total Downloads
      • Downloads (Last 12 months)3
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 20 Feb 2025

      Other Metrics

      Citations

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media