Man-Ki Yoon,Jung-Eun Kim,Richard Bradford,Zhong Shao

DOI: https://doi.org/10.48550/arXiv.1911.07726

2019-11-18

Abstract:This paper presents a schedule randomization algorithm that reduces the vulnerability of real-time systems to timing inference attacks which attempt to learn the timing of task execution. It utilizes run-time information readily available at each scheduling decision point to increase the level of uncertainty in task schedules, while preserving the original schedulability. The randomization algorithm significantly reduces an adversary's best chance to correctly predict what tasks would run at arbitrary times. This paper also proposes an information-theoretic measure that can quantify the worst-case vulnerability, from the defender's perspective, of an arbitrary real-time schedule.

Cryptography and Security

Chien-Ying Chen,AmirEmad Ghassami,Sibin Mohan,Negar Kiyavash,Rakesh B. Bobba,Rodolfo Pellizzoni,Man-Ki Yoon

DOI: https://doi.org/10.48550/arXiv.1705.02561

2017-05-07

Abstract:In real-time embedded systems (RTS), failures due to security breaches can cause serious damage to the system, the environment and/or injury to humans. Therefore, it is very important to understand the potential threats and attacks against these systems. In this paper we present a novel reconnaissance attack that extracts the exact schedule of real-time systems designed using fixed priority scheduling algorithms. The attack is demonstrated on both a real hardware platform and a simulator, with a high success rate. Our evaluation results show that the algorithm is robust even in the presence of execution time variation.

Cryptography and Security,Operating Systems

Chien-Ying Chen,Sibin Mohan,Rodolfo Pellizzoni,Rakesh B. Bobba,Negar Kiyavash

DOI: https://doi.org/10.1109/RTAS.2019.00016

2019-05-10

Abstract:We demonstrate the presence of a novel scheduler side-channel in preemptive, fixed-priority real-time systems (RTS); examples of such systems can be found in automotive systems, avionic systems, power plants and industrial control systems among others. This side-channel can leak important timing information such as the future arrival times of real-time <a class="link-external link-http" href="http://tasks.This" rel="external noopener nofollow">this http URL</a> information can then be used to launch devastating attacks, two of which are demonstrated here (on real hardware platforms). Note that it is not easy to capture this timing information due to runtime variations in the schedules, the presence of multiple other tasks in the system and the typical constraints (e.g., deadlines) in the design of RTS. Our ScheduLeak algorithms demonstrate how to effectively exploit this side-channel. A complete implementation is presented on real operating systems (in Real-time Linux and FreeRTOS). Timing information leaked by ScheduLeak can significantly aid other, more advanced, attacks in better accomplishing their goals.

Cryptography and Security

Jiankang Ren,Chunxiao Liu,Chi Lin,Ran Bi,Simeng Li,Zheng Wang,Yicheng Qian,Zhichao Zhao,Guozhen Tan

DOI: https://doi.org/10.1145/3609098

2023-01-01

ACM Transactions on Embedded Computing Systems

Abstract:With widespread use of common-off-the-shelf components and the drive towards connection with external environments, the real-time systems are facing more and more security problems. In particular, the real-time systems are vulnerable to the schedule-based attacks because of their predictable and deterministic nature in operation. In this paper, we present a security-aware real-time scheduling scheme to counteract the schedulebased attacks by preventing the untrusted tasks from executing during the attack effective window (AEW). In order to minimize the AEW untrusted coverage ratio for the system with uncertain AEW size, we introduce the protection window to characterize the system protection capability limit due to the system schedulability constraint. To increase the opportunity of the priority inversion for the security-aware scheduling, we design an online feasibility test method based on the busy interval analysis. In addition, to reduce the runtime overhead of the online feasibility test, we also propose an efficient online feasibility test method based on the priority inversion budget analysis to avoid online iterative calculation through the offline maximum slack analysis. Owing to the protection window and the online feasibility test, our proposed approach can efficiently provide best-effort protection to mitigate the schedule-based attack vulnerability while ensuring system schedulability. Experiments show the significant security capability improvement of our proposed approach over the state-of-the-art coverage oriented scheduling algorithm.

Christos Tsanikidis,Javad Ghaderi

DOI: https://doi.org/10.48550/arXiv.2001.05146

2020-01-15

Abstract:In this paper, we consider the problem of scheduling real-time traffic in wireless networks under a conflict-graph interference model and single-hop traffic. The objective is to guarantee that at least a certain fraction of packets of each link are delivered within their deadlines, which is referred to as delivery ratio. This problem has been studied before under restrictive frame-based traffic models, or greedy maximal scheduling schemes like LDF (Largest-Deficit First) that provide poor delivery ratio for general traffic patterns. In this paper, we pursue a different approach through randomization over the choice of maximal links that can transmit at each time. We design randomized policies in collocated networks, multi-partite networks, and general networks, that can achieve delivery ratios much higher than what is achievable by LDF. Further, our results apply to traffic (arrival and deadline) processes that evolve as positive recurrent Markov Chains. Hence, this work is an improvement with respect to both efficiency and traffic assumptions compared to the past work. We further present extensive simulation results over various traffic patterns and interference graphs to illustrate the gains of our randomized policies over LDF variants.

Networking and Internet Architecture,Information Theory,Optimization and Control

Jiankang Ren,Zichuan Xu,Chao Yu,Chi Lin,Guowei Wu,Guozhen Tan

DOI: https://doi.org/10.1016/j.jss.2019.03.001

2019-01-01

Abstract:Real-time systems tend to be probabilistic in nature because of the performance variations of complex chips. We present an execution allowance based fixed priority scheduling scheme for probabilistic real-time systems. This scheme consists of a probabilistic Worst Case Execution Time reshaping algorithm and a fixed priority scheduling strategy. It assigns a specific execution allowance to each task and schedules tasks under the Rate Monotonic policy. We present a schedulability analysis and show how to determine an appropriate execution allowance for each task. Evaluation shows that our proposed scheme can significantly outperform the existing approaches. (C) 2019 Elsevier Inc. All rights reserved.

Shujuan Huang,Yi'an Zhu,Junhua Duan

DOI: https://doi.org/10.1109/icicip.2013.6568037

2013-01-01

Abstract:Many safety-critical embedded systems are subject to meet multiple sets of certification requirements from different certification authorities. The techniques from the traditional scheduling theory cannot be satisfactorily addressed the scheduling problems in such “mixed-criticality” systems. So some scheduling algorithms such as OCBP(Own Criticality Based Priority) and CM(criticality monotonically) were presented. But they all only adapted to some cases. In this paper, we propose a new scheduling algorithm-BTW(Based Time Windows) for solving such mixed-criticality workloads. Our simulations show that BTW algorithm are most likely to be able to schedule a randomly selected task set than OCBP and CM. And it also can owns the better system utilization and the lower miss deadline ratio.

ZHU Yi-an,HUANG Shu-juan,DUAN Jun-hua,LU Wei

DOI: https://doi.org/10.3969/j.issn.1001-0548.2014.02.021

2014-01-01

Abstract:By analyzing the problems of real-time scheduling in mix-criticality systems, a new scheduling algorithm, forward and backward time window partition-criticality factor prior (FBTWP-CFP), is proposed. It can separate the running time windows for the tasks of all criticality levels offline from the forward direction and backward direction and generate the idle windows for the tasks which get the lower priority by the criticality factor for the criticality level changed. The simulation results show that FBTWP-CFP is better than criticality assigned priority algorithm (CAPA) and own criticality based priority (OCBP) in completed tasks number and reduced miss deadline ratio.

Yi Zhang,Xiaohui Cheng,Wandong Cai,Tao Zhan

DOI: https://doi.org/10.3969/j.issn.1000-2758.2012.04.025

2012-01-01

Xibei Gongye Daxue Xuebao/Journal of Northwestern Polytechnical University

Abstract:In many cases unexpected workload spikes are likely to occur due to unpredictable changes in the physical environment. In this paper we present a mixed-criticality driven asymmetric overload-protected shortest slack scheduling algorithm that implements an alternative protection scheme to avoid the criticality inversion problem. Sections 1 through 4 of the full paper explain our algorithm mentioned in the title, which we believe is new and effective and whose core consists of: "This algorithm can be used with rate monotonic based preemptive scheduler with deadline driven scheme to resume the blocked tasks. The potential processor utilization of the new algorithm can reach 100%. Section 1 briefs relevant past research. Section 2 deals with the model of the objects to be scheduled and relevant semantics. Section 3 deals with the problem of criticality inversion. Section 4 deals with our algorithm mentioned in the title." The experimental results, presented In Figs. 2 through 5 and Table 2, show preliminarily that our new algorithm provides performance higher than those of two existing algorithms for mix-criticality task scheduling.

Jiankang Ren,Chunxiao Liu,Chi Lin,Wei Jiang,Pengfei Wang,Xiangwei Qi,Simeng Li,Shengyu Li

DOI: https://doi.org/10.1109/tcad.2024.3445260

IF: 2.9

2024-11-09

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Embedded real-time systems generally execute in a predictable and deterministic manner to deliver critical functionality within stringent timing constraints. However, the predictable execution behavior leaves the system vulnerable to schedule-based attacks. In this article, we present a multimode security-aware real-time scheduling scheme to counteract schedule-based attacks on multiprocessor real-time systems. To mitigate the vulnerability to the schedule-based attack, we propose a multimode scheduling method to reduce the accumulative attack effective window (AEW) of multiple victim tasks and prevent the untrusted tasks from executing during the AEW by distinctively scheduling mixed-trust tasks according to the system mode. To avoid the protection degradation due to the excessive blocking of untrusted tasks, we introduce a protection window for multiple victims on multiprocessors by analyzing the system protection capability limit under the system schedulability constraint. Furthermore, to maximize the protection capability of the multimode security-aware scheduling strategy on a multiprocessor platform, we also propose a security-aware packing algorithm to balance the workloads of mixed-trust tasks on different processors using a mixed-trust worst-fit decreasing heuristic strategy. The experimental results demonstrate that our proposed approach significantly outperforms the state-of-the-art method. Specifically, the AEW ratio and the AEW untrusted execution time ratio are reduced by 18.8% and 62.8%, respectively, while the defense success rate against ScheduLeak attack is improved by 16.3%.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Arkaprava Sain,Sunandan Adhikary,Ipsita Koley,Soumyajit Dey

2024-08-01

Abstract:Modern Cyber-Physical Systems (CPSs) consist of numerous control units interconnected by communication networks. Each control unit executes multiple safety-critical and non-critical tasks in real-time. Most of the safety-critical tasks are executed with a fixed sampling period to ensure deterministic timing behaviour that helps in its safety and performance analysis. However, adversaries can exploit this deterministic behaviour of safety-critical tasks to launch inference-based-based attacks on them. This paper aims to prevent and minimize the possibility of such timing inference or schedule-based attacks to compromise the control units. This is done by switching between strategically chosen execution rates of the safety-critical control tasks such that their performance remains unhampered. Thereafter, we present a novel schedule vulnerability analysis methodology to switch between valid schedules generated for these multiple periodicities of the control tasks in run time. Utilizing these strategies, we introduce a novel Multi-Rate Attack-Aware Randomized Scheduling (MAARS) framework for preemptive fixed-priority schedulers that minimize the success rate of timing-inference-based attacks on safety-critical real-time systems. To our knowledge, this is the first work to propose a schedule randomization method with attack awareness that preserves both the control and scheduling aspects. The efficacy of the framework in terms of attack prevention is finally evaluated on several automotive benchmarks in a Hardware-in-loop (HiL) environment.

Systems and Control,Cryptography and Security,Operating Systems

Yi-an Zhu,Shuyan Luo,He Lin,Linlin Huang

DOI: https://doi.org/10.1007/978-3-319-93659-8_65

2019-01-01

Abstract:With the development of embedded technology, more and more security critical tasks appeared in embedded application fields, which requires higher real-time and reliability of the system. ARINC 653 standard proposed the concept of partition, and improves the security and reliability of the system in the system kernel aspect. Time-window and priority strategy are the primary methods in task scheduling, but there are many shortcomings in the traditional partition window time zoning. The smaller window requires higher switch frequency, the larger window will result unexpected time segments. In order to solve the problems above, this paper proposes a dynamic cycle execution time (DCET) scheduling algorithm. The algorithm can prevent task in low level key partition preempting the task in high level key partition. Make use of free time segments to execute the task, thus improve the efficiency of the system. At last, a partition environment was built by lC/OS-II on the ML507 development board, and the experimental result confirms the effectiveness of the algorithm.

Yue Ma,Wei Jiang,Nan Sang,Ziguo Zhong

DOI: https://doi.org/10.1109/ares.2012.45

2012-01-01

Abstract:Traditional mechanisms for risk control and task scheduling may not be very suitable for security-critical embedded real-time systems under dynamic operation environments. In this paper, we are interested in design of an adaptive risk control and management mechanism of the uniprocessor system for real-time embedded applications. With the purpose of obtaining adaptive capability to reduce system risks without sacrificing soft real-time performance, a two-level feedback scheduling framework was deployed at runtime. The upper-level component automatically monitors the status of the waiting queue, then admits or rejects the input workloads and assigns a reasonable security level for ready tasks. The lower-level scheduling framework can dynamically adjust the security level of ready tasks based on the runtime situation. Simulation results show the superiority of the proposed mechanism, especially the good adaptivity under dynamic system workloads.

Jiang Wei,Nan Sang,Chang Zhengwei,Xiong Guangze

DOI: https://doi.org/10.3321/j.issn:1000-6893.2009.12.020

2009-01-01

Abstract:Security-critical systems tend to be subjected to much more serious security threats,therefore it poses a great challenge to reduce the risk of security-critical applications.This article proposes a risk-driven task scheduling mechanism by incorporating risk assessment with real time scheduling.Based on the concept of synthetic utilization of aperiodic tasks,an online task scheduling algorithm is designed to schedule security-sensitive aperiodic tasks with minimal security risk.This algorithm is an approximate algorithm,which can yield security performance guaranteed near-optimal solution in low time complexity without violating the security-critical and time-critical constraints of tasks.Simulation results show that the proposed algorithm can significantly reduce the risk of security-critical real time applications and satisfy the bound of risk approximation ratio.Specifically,maximal security risk reduction of up to 22.2% is achieved,and minimal approximation ratio of security risk can decrease to 102.4% for the bound of 110%.

Xiaomin Zhu,Peizhong Lu

DOI: https://doi.org/10.1016/j.compeleceng.2008.11.022

IF: 4.152

2009-01-01

Computers & Electrical Engineering

Abstract:Nowadays, increasing attention has been directed towards the issue of security service for real-time applications with security requirements on clusters. However, the study of integrating security demands of real-time applications into scheduling is rare. In this paper, we propose a novel two-phase scheduling strategy TPSS which takes timing constraints and security needs into consideration for security-critical real-time applications on heterogeneous clusters. In the first-phase, a novel algorithm DSRF is proposed to schedule real-time tasks. When the system is in heavy burden, DSRF is able to degrade the security levels of new tasks and tasks waiting in local queues so as to enhance guarantee ratio. On the contrary, when the system is in light burden, DSRF is capable of employing slack time to improve the security quality of new tasks and adequately utilize the system resource. The minimal security level can guarantee the system security, and higher security level is able to make the system more secure. In the second-phase, a new algorithm FMSL is proposed to minimize the difference of security levels of accepted tasks and further improve the security levels of accepted tasks on the whole, which degrades the probability of the applications being attacked. We compare TPSS, DSRF, SAEDF and RF by extensive simulations. The experimental results indicate that TPSS significantly improves the flexibility of scheduling and outperforms other algorithms.

LEI Ting,HU Xiao,ZHOU Xue-hai

DOI: https://doi.org/10.3969/j.issn.0253-2778.2006.02.018

2006-01-01

Abstract:Power is a valuable resource in embedded real-time systems as the lifetime of many such systems is constrained by their battery capacity.Recent advances in processor design have added support for dynamic frequency/voltage scaling for saving power and energy.Static priority scheduling algorithms is widely used in real-time systems and energy-efficient scheduling algorithms for static priority real-time systems are urgently needed to be designed. The limitations of energy-efficient scheduling were discussed and a new energy-efficient voltage scaling algorithm was proposed based on the rate monotonic algorithms.The algorithm can analyze slack time more effectively and try to balance the distribution of slack time among tasks of different priorities.A two-phase frequency scaling strategy was designed in order to change the execution time of real-time tasks.The proposed algorithm tried to lower the frequency of real-time tasks of higher priority by analyzing all the slack times.Experimental results demonstrate that this algorithm can save up to 26.2% more energy than the DPM algorithm.

Xun Zhan,Tao Zheng,Shixiang Gao

DOI: https://doi.org/10.1109/sere-c.2014.28

2014-01-01

Abstract:Code reuse attacks such as return-oriented programming, one of the most powerful threats to software system, rely on the absolute address of instructions. Therefore, address space randomization should be an effective defending method. However, current randomization techniques either are lack of enough entropy or have significant time or space overhead. In this paper, we present a novel fine-grained randomization technique at basic block level. In contrast to previous work, our technique dealt with critical technical challenges including indirect branches, callbacks and position independent codes properly at least cost. We implement an efficient prototype randomization system which supports Linux ELF file format and x86 architecture. Our evaluation demonstrated that it can defend ROP attacks with tiny performance overhead (4% on average) successfully.

Yulong Wu,Weizhe Zhang,Nan Guan,Yue Tang

DOI: https://doi.org/10.1109/TC.2021.3092181

2022-01-01

Abstract:Real-time systems with strict timing constraints have been widely applied in many fields. The Directed acyclic graph (DAG) task model has been widely studied and applied to model real-time systems with partial parallelism and precedence constraints in each task. Our paper focuses on the worst-case response time (WCRT) analysis of DAG tasks under partitioned scheduling on multiprocessors. We investigate a parallel structure named Str, which helps obtain more accurate analysis results, and propose a new offline scheduling analysis algorithm named reducing repetitive calculation (RRC). Experiments with synthetic workload are conducted to compare the results calculated by RRC and the state-of-the-art, as well as the observed average response time on a real embedded system. Results show that RRC has better performance in terms of analysis accuracy.

XUE An-qi,QU Yu-gui,ZHAO Bao-hua

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.06.099

2011-01-01

Abstract:Aiming at the characteristics of node operating system and its demands for real-time performance,security and concurrency,this paper proposes a new kernel schedule algorithm for real-time system.By combining task priority dispatching with time slot cycling,it boosts the response speed of the processor,and improves the real-time characteristics of the system.The strategy is implemented on μCOS-Ⅱ,and the modified kernel is applied to the wireless acquisition system,whose result proves that the algorithm reduces response time of the system and improves its efficiency.

Ping Chen,Jun Xu,Jun Wang,Peng Liu

DOI: https://doi.org/10.48550/arXiv.1507.02786

2015-07-10

Abstract:Fine-grained Address Space Randomization has been considered as an effective protection against code reuse attacks such as ROP/JOP. However, it only employs a one-time randomization, and such a limitation has been exploited by recent just-in-time ROP and side channel ROP, which collect gadgets on-the-fly and dynamically compile them for malicious purposes. To defeat these advanced code reuse attacks, we propose a new defense principle: instantly obsoleting the address-code associations. We have initialized this principle with a novel technique called virtual space page table remapping and implemented the technique in a system CHAMELEON. CHAMELEON periodically re-randomizes the locations of code pages on-the-fly. A set of techniques are proposed to achieve our goal, including iterative instrumentation that instruments a to-be-protected binary program to generate a re-randomization compatible binary, runtime virtual page shuffling, and function reordering and instruction rearranging optimizations. We have tested CHAMELEON with over a hundred binary programs. Our experiments show that CHAMELEON can defeat all of our tested exploits by both preventing the exploit from gathering sufficient gadgets, and blocking the gadgets execution. Regarding the interval of our re-randomization, it is a parameter and can be set as short as 100ms, 10ms or 1ms. The experiment results show that CHAMELEON introduces on average 11.1%, 12.1% and 12.9% performance overhead for these parameters, respectively.

Cryptography and Security