research-article

Protection Window Based Security-Aware Scheduling against Schedule-Based Attacks

Authors:

Guozhen TanAuthors Info & Claims

ACM Transactions on Embedded Computing Systems, Volume 22, Issue 5s

Article No.: 103, Pages 1 - 22

https://doi.org/10.1145/3609098

Published: 09 September 2023 Publication History

Abstract

With widespread use of common-off-the-shelf components and the drive towards connection with external environments, the real-time systems are facing more and more security problems. In particular, the real-time systems are vulnerable to the schedule-based attacks because of their predictable and deterministic nature in operation. In this paper, we present a security-aware real-time scheduling scheme to counteract the schedule-based attacks by preventing the untrusted tasks from executing during the attack effective window (AEW). In order to minimize the AEW untrusted coverage ratio for the system with uncertain AEW size, we introduce the protection window to characterize the system protection capability limit due to the system schedulability constraint. To increase the opportunity of the priority inversion for the security-aware scheduling, we design an online feasibility test method based on the busy interval analysis. In addition, to reduce the run-time overhead of the online feasibility test, we also propose an efficient online feasibility test method based on the priority inversion budget analysis to avoid online iterative calculation through the offline maximum slack analysis. Owing to the protection window and the online feasibility test, our proposed approach can efficiently provide best-effort protection to mitigate the schedule-based attack vulnerability while ensuring system schedulability. Experiments show the significant security capability improvement of our proposed approach over the state-of-the-art coverage oriented scheduling algorithm.

References

[1]

Suzhi Bi and Ying Jun Zhang. 2013. False-data injection attack to control real-time price in electricity market. In 2013 IEEE Global Communications Conference (GLOBECOM’13). 772–777. DOI:

[2]

Enrico Bini and Giorgio C. Buttazzo. 2005. Measuring the performance of schedulability tests. Real-Time Systems 30, 1-2 (2005), 129–154. DOI:

Digital Library

[3]

ChienYing Chen, Monowar Hasan, and Sibin Mohan. 2018. Securing real-time Internet-of-Things. Sensors 18, 12 (2018), 43–56. DOI:

[4]

ChienYing Chen, Sibin Mohan, Rodolfo Pellizzoni, Rakesh B. Bobba, and Negar Kiyavash. 2019. A novel side-channel in real-time schedulers. In 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS’19). 90–102. DOI:

[5]

ChienYing Chen, Debopam Sanyal, and Sibin Mohan. 2021. Indistinguishability prevents scheduler side channels in real-time systems. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS’21). 666–684. DOI:

Digital Library

[6]

Jiyang Chen, Tomasz Kloda, Ayoosh Bansal, et al. 2021. SchedGuard: Protecting against schedule leaks using linux containers. In 2021 IEEE 27th Real-Time and Embedded Technology and Applications Symposium (RTAS’21). 14–26. DOI:

[7]

Simon Kramer, Dirk Ziegenbein, and Arne Hamann. 2015. Real world automotive benchmarks for free. In 6th International Workshop on Analysis Tools and Methodologies for Embedded and Real-time Systems (WATERS’15). 1–6.

[8]

Mulong Luo, Andrew C. Myers, and G. Edward Suh. 2020. Stealthy tracking of autonomous vehicles with cache side channels. In 29th USENIX Security Symposium (USENIX Security’20). USENIX Association, 859–876. https://www.usenix.org/conference/usenixsecurity20/presentation/luo

[9]

Mitra Nasri, Thidapat Chantem, Gedare Bloom, and Ryan M. Gerdes. 2019. On the pitfalls and vulnerabilities of schedule randomization against schedule-based attacks. In 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS’19). 103–116. DOI:

[10]

Rodolfo Pellizzoni, Neda Paryab, et al. 2015. A generalized model for preventing information leakage in hard real-time systems. In 21st IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS’15). 271–282. DOI:

[11]

Joon Son and Alves-Foss. 2006. Covert timing channel analysis of rate monotonic real-time scheduling algorithm in MLS systems. In 2006 IEEE Information Assurance Workshop. 361–368. DOI:

[12]

David Trilla, Carles Hernandez, Jaume Abella, and Francisco J. Cazorla. 2018. Cache side-channel attacks and time-predictability in high-performance critical real-time systems. 1–6. DOI:

Digital Library

[13]

ManKi Yoon, JungEun Kim, Richard Bradford, and Zhong Shao. 2022. TimeDice: Schedulability-preserving priority inversion for mitigating covert timing channels between real-time partitions. In 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’22). 453–465. DOI:

[14]

ManKi Yoon, Sibin Mohan, ChienYing Chen, and Lui Sha. 2016. TaskShuffler: A schedule randomization protocol for obfuscation against timing inference attacks in real-time systems. In 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS’16). 1–12. DOI:

[15]

Man-Ki Yoon, Jung-Eun Kim, Richard Bradford, and Zhong Shao. 2019. TaskShuffler++: Real-Time Schedule Randomization for Reducing Worst-Case Vulnerability to Timing Inference Attacks. (2019). arxiv:cs.CR/1911.07726

Cited By

Ren JLiu CLin CJiang WWang PQi XLi SLi S(2024)Multimode Security-Aware Real-Time Scheduling on MultiprocessorsIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.344526043:11(3407-3418)Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1109/TCAD.2024.3445260

Index Terms

Protection Window Based Security-Aware Scheduling against Schedule-Based Attacks
1. Computer systems organization
  1. Real-time systems
2. Security and privacy
  1. Systems security

Recommendations

Impact of priority assignment on schedule-based attacks in real-time embedded systems
Abstract
In this paper, we investigate the impact of priority assignment on schedule-based attacks in fixed-priority real-time systems. Through the schedule-based attacks, attackers may manipulate the input and output buffers of victim tasks, cause ...
Adversarial attacks on machine learning-based cyber security systems: a survey of techniques and defences

Machine learning (ML) has been increasingly adopted in the field of cyber security to enhance the detection and prevention of cyber threats. However, recent studies have demonstrated that ML-based cyber security systems are vulnerable to adversarial ...
Protection Against Denial of Service Attacks

Denial of service (DoS) is a prevalent threat in today's networks because DoS attacks are easy to launch, while defending a network resource against them is disproportionately difficult. Despite the extensive research in recent years, DoS attacks ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Embedded Computing Systems

ACM Transactions on Embedded Computing Systems Volume 22, Issue 5s

Special Issue ESWEEK 2023

October 2023

1394 pages

ISSN:1539-9087

EISSN:1558-3465

DOI:10.1145/3614235

Editor:
Tulika Mitra
National University of Singapore, Singapore

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 09 September 2023

Accepted: 30 June 2023

Revised: 02 June 2023

Received: 23 March 2023

Published in TECS Volume 22, Issue 5s

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Natural Science Foundation of China
Dalian Young Star of Science and Technology Project
Social Science Foundation of Liaoning Province
Fundamental Research Funds for the Central Universities

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
248
Total Downloads

Downloads (Last 12 months)91
Downloads (Last 6 weeks)4

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ren JLiu CLin CJiang WWang PQi XLi SLi S(2024)Multimode Security-Aware Real-Time Scheduling on MultiprocessorsIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.344526043:11(3407-3418)Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1109/TCAD.2024.3445260

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

Figures

Tables

Media

View full text|Download PDF

View Issue’s Table of Contents