Real-Time Systems Security through Scheduler Constraints

Mohan, Sibin; Yoon, Man Ki; Pellizzoni, Rodolfo; Bobba, Rakesh B.

doi:10.1109/ecrts.2014.28

Cited by 49 publications

(72 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We first describe how schedulability is tested for two tasks case to motivate our result. And then we generalize it to result stronger schedulability condition than proposed in [6].…”

Section: Lsf Schedulability Analysismentioning

confidence: 99%

“…In both cases, security constraint is satisfied with FT * ki and j * i can execute without any interference from FT * ki reserved and invoked by LSF scheduler. Unlike LSF using flush task reservation, conventional scheduling algorithms [6] adopt a greedy approach for flush task invocation. When a job is released, a flush task is invoked if the latest finished job has a higher security level.…”

Section: Flush Task Mechanismsmentioning

confidence: 99%

“…We follow the adversary model and the system model proposed in [6] derived from actual examples of real-time systems such as an avionics system designed by the DO-178B model [12] and the "RePLACE" system of Northrop Grumman [13]- [15]. Operation of some sub-systems in these systems depends on another sub-system designed by a less trustworthy vendor, which can cause an information leakage problem.…”

Section: Adversary and System Modelsmentioning

confidence: 99%

“…It is well known that information leakage can occur between tasks sharing resources without explicit communication [7], [8]. A previous work [6] suggested a preflush mechanism in which the state of shared resources such as cache, DRAMs and even I/O bus are flushed if there is a possibility of information leakage after a real-time task finishes its execution. It also proposed an improved fixed priority (FP) [9] scheduler incorporating a security constraint and schedulability analysis techniques that are aware of the pre-flush task to reduce the potential for information leakage via shared resources.…”

Section: Introductionmentioning

confidence: 99%

“…Taking advantage of such approaches, several researches resolved the information leakage problem that can arise between real-time tasks with different security levels [5], [6]. It is well known that information leakage can occur between tasks sharing resources without explicit communication [7], [8].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Preemptive Real-Time Scheduling Incorporating Security Constraint for Cyber Physical Systems

Baek

Lee

et al. 2016

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYSince many cyber-physical systems (CPSs) manipulate security-sensitive data, enhancing the quality of security in a CPS is a critical and challenging issue in CPS design. Although there has been a large body of research on securing general purpose PCs, directly applying such techniques to a CPS can compromise the real-time property of CPSs since the timely execution of tasks in a CPS typically relies on real-time scheduling. Recognizing this property, previous works have proposed approaches to add a security constraint to the real-time properties to cope with the information leakage problem that can arise between real-time tasks with different security levels. However, conventional works have mainly focused on non-preemptive scheduling and have suggested a very naive approach for preemptive scheduling, which shows limited analytical capability. In this paper, we present a new preemptive fixed-priority scheduling algorithm incorporating a security constraint, called lowest security-level first (LSF) and its strong schedulability analysis to reduce the potential of information leakage. Our simulation results show that LSF schedulability analysis outperforms state-of-the-art FP analysis when the security constraint has reasonable timing penalties.

show abstract

“…We first describe how schedulability is tested for two tasks case to motivate our result. And then we generalize it to result stronger schedulability condition than proposed in [6].…”

Section: Lsf Schedulability Analysismentioning

confidence: 99%

Section: Flush Task Mechanismsmentioning

confidence: 99%

Section: Adversary and System Modelsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Preemptive Real-Time Scheduling Incorporating Security Constraint for Cyber Physical Systems

Baek

Lee

et al. 2016

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

Information Leakage as a Scheduling Resource

Biondi

Chadli

Given-Wilson

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

High-security processes have to load confidential information into shared resources as part of their operation. This confidential information may be leaked (directly or indirectly) to low-security processes via the shared resource. This paper considers leakage from high-security to low-security processes from the perspective of scheduling. The workflow model is here extended to support preemption, security levels, and leakage. Formalization of leakage properties is then built upon this extended model, allowing formal reasoning about the security of schedulers. Several heuristics are presented in the form of compositional preprocessors and postprocessors as part of a more general scheduling approach. The effectiveness of such heuristics are evaluated experimentally, showing them to achieve significantly better schedulability than the state of the art. Modeling of leakage from cache attacks is presented as a case study.

show abstract