Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Real-Time Systems
Erschienen in: Real-Time Systems 5/2016

01.09.2016

Integrating security constraints into fixed priority real-time schedulers

verfasst von: Sibin Mohan, Man-Ki Yoon, Rodolfo Pellizzoni, Rakesh B. Bobba

Erschienen in: Real-Time Systems | Ausgabe 5/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Traditionally, most real-time systems (RTS) were considered to be invulnerable to security breaches and external attacks. This was mainly due to the use of proprietary hardware and protocols in such systems along with physical isolation. Hence, security and RTS were considered to be separate domains. This assumption is being challenged by recent events that highlight the vulnerabilities in such systems. In this paper, we focus on how to integrate security as a first-class principle in the design of RTS. We demonstrate how certain security requirements can be cast as real-time scheduling constraints. We use information leakage as a motivating problem to illustrate our techniques and focus on the class of fixed-priority real-time schedulers. We evaluate our approach both analytically as well as using simulations and discuss the tradeoffs in using such an approach. Our work shows that many real-time task sets can be scheduled using our methods without significant performance impact.
Vorheriger Artikel On the effectiveness of cache partitioning in hard real-time systems
Nächster Artikel Architecture and analysis of a dynamically-scheduled real-time memory controller

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Fußnoten
1
Information leakage happens when sensitive data leaks to unauthorized or unintended parties from a system that is supposed to be closed or secure.
 
2
A covert channel is a an unintended and unauthorized channel for information transfer between two processes. A covert timing channel refers to a covert channel where information is transmitted to receiving process by varying the timing of actions or resource usage.
 
3
Other than the processor core of course.
 
4
While earlier work (Mohan et al. 2014) presented these methods and analyses, we expand on this to improve the efficiency of the analysis—see Sect. 6.4.
 
5
Sometimes referred to as “storage channels with timing exploitation”.
 
6
We will discuss techniques to avoid an inordinate number of cache flushes later on in the paper.
 
7
We will relax this assumption later in the paper to obtain tighter bounds.
 
8
Note that a PF technique that invokes a FT during both high-to-low and low-to-high task transitions essentially can support security labels that from a partial order. This is because when a security label \(s_i\) is unrelated to \(s_j\) information leakage should not be allowed in either direction.
 
9
Essentially to flush and refill the cache.
 
10
As an example, a 6th generation Intel Core i7 processor (Intel Corporation 2015) has an 8 MB Level 3 cache and up to 31.128 GB/s memory bandwidth. This results in a best-case time of \(257 \mu s\) to flush the entire L3 cache content to main memory. We further experimented with a Xilinx FPGA platform using an ARM Cortex A9 hard core processor to obtain experimental measurements on an embedded system. Using the available flushing functionality in the cache controller, we measured a worst-case running time for FT equal to \(380\, \mu s\).
 
11
We get these bounds based on the upper bounds on the number of preemptions for basic and non-preemptive FP algorithms.
 
12
While the typical schedulability tests for FP put the theoretical upper bound at \(69~\%\) (Liu and Layland 1973), it is possible for FP to schedule task sets with higher utilizations—e.g., if they are harmonic in nature.
 
13
We also saw similar trends for other values of \(c_{ft}\) but omit them here since they don’t really add any new information.
 
14
We generated new task sets since the number of task sets in the original evaluation was not enough to show the differences in running times.
 
Literatur
Ahmed Q, Vrbsky S (1998) Maintaining security in firm real-time database systems. In Proceedings 14th annual computer security applications conference, pp 83–90
Audsley AN, Burns A, Richardson M, Tindell K (1993) Applying new scheduling theory to static priority pre-emptive scheduling. Softw Eng J 8:284–292CrossRef
Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H, Savage S, Koscher K, Czeskis A, Roesner F, Kohno T (2011) Comprehensive experimental analyses of automotive attack surfaces. In USENIX security
Cormen T, Leiserson C, Charles E (1993) Introduction to algorithms. MIT Press, CambridgeMATH
European Organisation for Civil Aviation Electronics (1992) DO-178B: software considerations in airborne systems and equipment certification
Goguen J, Meseguer J (1982) Security policies and security models. In IEEE symposium on security and privacy, pp 11–20
Hu W-M (1991) Reducing timing channels with fuzzy time. In Proceedings IEEE computer society symposium on 1991, research in security and privacy, pp 8–20
Hu W-M (1992) Lattice scheduling and covert channels. In Proceedings of the IEEE symposium on security and privacy
Kim T, Peinado M, Mainar-Ruiz G (2012) Stealthmem: system-level protection against cache-based side channel attacks in the cloud. In Proceedings of the 21st USENIX conference on security symposium, Security’12, USENIX Association, Berkeley, pp 11–11
Kocher P, Lee R, McGraw G, Raghunathan A, Ravi S (2004) Security as a new dimension in embedded system design. In Proceedings of the 41st annual conference on design automation, pp 753–760
Kocher PC (1996) Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In Proceedings advances in cryptology—CRYPTO ’96, 16th annual international cryptology conference, Santa Barbara, California, USA, Aug 18–22, 1996, vol 1109 of Lecture Notes in Computer Science, Springer, New York, pp 104–113
Koscher K, Czeskis A, Roesner F, Patel S, Kohno T, Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H, Savage S (2010) Experimental security analysis of a modern automobile. In IEEE symposium on security and privacy (SP), pp 447–462
Lin M, Xu L, Yang L, Qin X, Zheng N, Wu Z, Qiu M (2009) Static security optimization for real-time systems. IEEE Trans Ind Inform 5(1):22–37CrossRef
Liu J (2000) Real-time systems. Prentice Hall, Upper Saddle River
Mohan S, Bak S, Betti E, Yun H, Sha L, Caccamo M (2013) S3A: secure system simplex architecture for enhanced security and robustness of cyber-physical systems. In ACM Conference on High Confidence Networked Systems
Mohan S, Yoon M, Pellizzoni R, Bobba R (2014) Real-time systems security through scheduler constraints. In 26th Euromicro Conference on Real-Time Systems, ECRTS 2014, Madrid, Spain, 8–11 July 2014, pp 129–140
Nam M-Y, Pellizzoni R, Sha L, Bradford R (2009) Asiist: application specific i/o integration support tool for real-time bus architecture designs. In 14th IEEE international conference on engineering of complex computer systems, pp 11–22
Orlin J (2013) Max flows in O(nm) time, or better. In Proceedings of the ACM symposium on theory of computing (STOC13), Palo Alto
Percival C (2005) Cache missing for fun and profit. In Proceedings of BSDCan
Rajkumar R, Sha L, Lehoczky J (1988) Real-time synchronization protocols for multiprocessors. In IEEE real-time systems symposium, pp 259–269
Reinhardt D (2006) Certification criteria for emulation technology in the australian defence force military avionics context. In Proceedings of the Eleventh Australian Workshop on Safety Critical Systems and Software, Vol 69, SCS ’06, Australian Computer Society Inc, Darlinghurst, Australia, pp 79–92
Sampigethaya K, Poovendran R, Bushnell L (2008) Secure operation, control, and maintenance of future E-enabled airplanes. IEEE Proc 96(12):1992–2007CrossRef
Shepard D, Bhatti J, Humphreys T (2012) Drone hack: spoofing attack demonstration on a civilian unmanned aerial vehicle. GPS World
Shi W, Lee H-HS, Falk L, Ghosh M (2006) An integrated framework for dependable and revivable architectures using multicore processors. In Proceedings of the 33rd annual international symposium on Computer Architecture, ISCA ’06, pp 102–113
Son J, Alves-Foss J (2006) Covert timing channel analysis of rate monotonic real-time scheduling algorithm in mls systems. In IEEE on information assurance workshop, pp 361–368
Son S (1997) Supporting timeliness and security in real-time database systems. In Proceedings Ninth euromicro workshop on real-time systems, pp 266–273
Son S, Chaney C, Thomlinson N (1998) Partial security policies to support timeliness in secure real-time databases. In Proceedings IEEE symposium on security and privacy, pp 136–147
Son S, Mukkamala R, David R (2000) Integrating security and real-time requirements using covert channel capacity. IEEE Trans Knowl Data Eng 12(6):865–879CrossRef
Suh GE, Lee JW, Zhang D, Devadas S (2004) Secure program execution via dynamic information flow tracking. In Proceedings of the 11th international conference on architectural support for programming languages and operating systems, ASPLOS-XI, pp 85–96
Teso H (2013) Aicraft hacking. In Fourth Annual HITB security conference in Europe
Völp M, Engel B, Hamann C-J, Härtig H (2013) On confidentiality preserving real-time locking protocols. In IEEE real-time embedded technology and applications symposium
Völp M, Hamann C-J, Härtig H (2008) Avoiding timing channels in fixed-priority schedulers. In ACM symposium on information, computer and communication security, ACM, New York, pp 44–55
Xie T, Qin X (2007) Improving security for periodic tasks in embedded systems through scheduling. ACM Trans Embed Comput Syst 6(3):20CrossRef
Yomsi PM, Sorel Y (2007) Extending rate monotonic analysis with exact cost of preemptions for hard real-time systems. In Euromicro Conference on Real-Time Systems (ECRTS), 2007 19th IEEE, pp 280–290
Yoon M-K, Mohan S, Choi J, Kim J-E, Sha L (2013) SecureCore: a multicore based intrusion detection architecture for real-time embedded systems. In IEEE real-time embedded technology and applications symposium
Zimmer C, Bhatt B, Mueller F, Mohan S (2010) Time-based intrusion detection in cyber-physical systems. In International conference on cyber-physical systems
Metadaten
Titel
Integrating security constraints into fixed priority real-time schedulers
verfasst von
Sibin Mohan
Man-Ki Yoon
Rodolfo Pellizzoni
Rakesh B. Bobba
Publikationsdatum
01.09.2016
Verlag
Springer US
Erschienen in
Real-Time Systems / Ausgabe 5/2016
Print ISSN: 0922-6443
Elektronische ISSN: 1573-1383
DOI
https://doi.org/10.1007/s11241-016-9252-5

Weitere Artikel der Ausgabe 5/2016

Real-Time Systems 5/2016 Zur Ausgabe

OriginalPaper

Quasi-partitioned scheduling: optimality and adaptation in multiprocessor real-time systems

OriginalPaper

On the effectiveness of cache partitioning in hard real-time systems

OriginalPaper

Architecture and analysis of a dynamically-scheduled real-time memory controller

EditorialNotes

Special issue of the Euromicro Conference on Real-Time Systems (ECRTS)

Premium Partner

    Bildnachweise