Chen Yan,Hocheol Shin,Connor Bolton,Wenyuan Xu,Yongdae Kim,Kevin Fu

DOI: https://doi.org/10.1109/sp40000.2020.00026

2020-01-01

Abstract:Over the last six years, several papers demonstrated how intentional analog interference based on acoustics, RF, lasers, and other physical modalities could induce faults, influence, or even control the output of sensors. Damage to the availability and integrity of sensor output carries significant risks to safety-critical systems that make automated decisions based on trusted sensor measurement. Established signal processing models use transfer functions to express reliability and dependability characteristics of sensors, but existing models do not provide a deliberate way to express and capture security properties meaningfully. Our work begins to fill this gap by systematizing knowledge of analog attacks against sensor circuitry and defenses. Our primary contribution is a simple sensor security model such that sensor engineers can better express analog security properties of sensor circuitry without needing to learn significantly new notation. Our model introduces transfer functions and a vector of adversarial noise to represent adversarial capabilities at each stage of a sensor's signal conditioning chain. The primary goals of the systematization are (1) to enable more meaningful quantification of risk for the design and evaluation of past and future sensors, (2) to better predict new attack vectors, and (3) to establish defensive design patterns that make sensors more resistant to analog attacks.

Chien-Ying Chen,AmirEmad Ghassami,Sibin Mohan,Negar Kiyavash,Rakesh B. Bobba,Rodolfo Pellizzoni,Man-Ki Yoon

DOI: https://doi.org/10.48550/arXiv.1705.02561

2017-05-07

Abstract:In real-time embedded systems (RTS), failures due to security breaches can cause serious damage to the system, the environment and/or injury to humans. Therefore, it is very important to understand the potential threats and attacks against these systems. In this paper we present a novel reconnaissance attack that extracts the exact schedule of real-time systems designed using fixed priority scheduling algorithms. The attack is demonstrated on both a real hardware platform and a simulator, with a high success rate. Our evaluation results show that the algorithm is robust even in the presence of execution time variation.

Cryptography and Security,Operating Systems

Man Lin,Li Xu,Laurence T. Yang,Xiao Qin,Nenggan Zheng,Zhaohui Wu,Meikang Qiu

DOI: https://doi.org/10.1109/tii.2009.2014055

IF: 12.3

2009-01-01

IEEE Transactions on Industrial Informatics

Abstract:An increasing number of real-time applications like railway signaling control systems and medical electronics systems require high quality of security to assure confidentiality and integrity of information. Therefore, it is desirable and essential to fulfill security requirements in security-critical real-time systems. This paper addresses the issue of optimizing quality of security in real-time systems. To meet the needs of a wide variety of security requirements imposed by real-time systems, a group-based security service model is used in which the security services are partitioned into several groups depending on security types. While services within the same security group provide the identical type of security service, the services in the group can achieve different quality of security. Security services from a number of groups can be combined to deliver better quality of security. In this study, we seamlessly integrate the group-based security model with a traditional real-time scheduling algorithm, namely earliest deadline first (EDF). Moreover, we design and develop a security-aware EDF schedulability test. Given a set of real-time tasks with chosen security services, our scheduling scheme aims at optimizing the combined security value of the selected services while guaranteeing the schedulability of the real-time tasks. We study two approaches to solve the security-aware optimization problem. Experimental results show that the combined security values are substantially higher than those achieved by alternatives for real-time tasks without violating real-time constraints.

Peili Ding,Yinan Wang,Gangfeng Yan,Wei Li

DOI: https://doi.org/10.1109/cac.2017.8243929

2017-01-01

Abstract:Recent years, the issue of cyber security has become ever more prevalent in the analysis and design of electrical cyber-physical systems (ECPSs). In this paper, we present the TrueTime Network Library for modeling the framework of ECPSs and focuses on the vulnerability analysis of ECPSs under DoS attacks. Model predictive control algorithm is used to control the ECPS under disturbance or attacks. The performance of decentralized and distributed control strategies are compared on the simulation platform. It has been proved that DoS attacks happen at dada collecting sensors or control instructions actuators will influence the system differently.

Monowar Hasan,Sibin Mohan,Rodolfo Pellizzoni,Rakesh B. Bobba

DOI: https://doi.org/10.48550/arXiv.1711.04808

2017-11-14

Abstract:The increased capabilities of modern real-time systems (RTS) expose them to various security threats. Recently, frameworks that integrate security tasks without perturbing the real-time tasks have been proposed, but they only target single core systems. However, modern RTS are migrating towards multicore platforms. This makes the problem of integrating security mechanisms more complex, as designers now have multiple choices for where to allocate the security tasks. In this paper we propose HYDRA, a design space exploration algorithm that finds an allocation of security tasks for multicore RTS using the concept of opportunistic execution. HYDRA allows security tasks to operate with existing real-time tasks without perturbing system parameters or normal execution patterns, while still meeting the desired monitoring frequency for intrusion detection. Our evaluation uses a representative real-time control system (along with synthetic task sets for a broader exploration) to illustrate the efficacy of HYDRA.

Cryptography and Security,Operating Systems

Tao Xie,Andrew H. Sung,Xiao Qin

DOI: https://doi.org/10.1109/ipdps.2005.185

2005-01-01

Abstract:An increasing number of real-time applications, such as aircraft control and medical electronics systems, require high quality of security to assure confidentiality, authenticity and integrity of information. However, most existing algorithms for scheduling independent tasks in real-time systems do not adequately consider security requirements of real-time tasks. In recognition of this problem we propose a novel dynamic scheduling algorithm with security awareness, which is capable of achieving high quality of security for real-time tasks while improving resource utilization. We have conducted extensive simulation experiments to quantitatively evaluate the performance of our approach. Specifically, experimental results show that compared with three heuristic algorithms, the proposed algorithm can consistently improve overall system performance in terms of quality of security and system guarantee ratio under a wide range of workload characteristics.

Monowar Hasan,Sibin Mohan,Rodolfo Pellizzoni,Rakesh B. Bobba

DOI: https://doi.org/10.48550/arXiv.1911.11937

2020-03-14

Abstract:We propose a design-time framework (named HYDRA-C) for integrating security tasks into partitioned real-time systems (RTS) running on multicore platforms. Our goal is to opportunistically execute security monitoring mechanisms in a 'continuous' manner -- i.e., as often as possible, across cores, to ensure that security tasks run with as few interruptions as possible. Our framework will allow designers to integrate security mechanisms without perturbing existing real-time (RT) task properties or execution order. We demonstrate the framework using a proof-of-concept implementation with intrusion detection mechanisms as security tasks. We develop and use both, (a) a custom intrusion detection system (IDS), as well as (b) Tripwire -- an open source data integrity checking tool. These are implemented on a realistic rover platform designed using an ARM multicore chip. We compare the performance of HYDRA-C with a state-of-the-art RT security integration approach for multicore-based RTS and find that our method can, on average, detect intrusions 19.05% faster without impacting the performance of RT tasks.

Operating Systems,Cryptography and Security

Tao Xie,Xiao Qin

DOI: https://doi.org/10.1007/11605300_11

2005-01-01

Abstract:Real-time applications with security requirements are emerging in various areas including government, education, and business. However, conventional real-time scheduling algorithms failed to fulfill the security requirements of real-time applications. In this paper we propose a dynamic real-time scheduling algorithm, or SAREG, which is capable of enhancing quality of security for real-time applications running on Grids. In addition, we present a mathematical model to formally describe a scheduling framework, security-sensitive real-time applications, and security overheads. We leverage the model to measure security overheads incurred by security services, including encryption, authentication, integrity check, etc. The SAREG algorithm seamlessly integrates security requirements into real-time scheduling by employing the security overhead model. To evaluate the effectiveness of SAREG, we conducted extensive simulations using a real world trace from a supercomputing center. Experimental results show that SAREG significantly improves system performance in terms of quality of security and schedulability over three existing scheduling algorithms.

Chien-Ying Chen,Sibin Mohan,Rodolfo Pellizzoni,Rakesh B. Bobba,Negar Kiyavash

DOI: https://doi.org/10.1109/RTAS.2019.00016

2019-05-10

Abstract:We demonstrate the presence of a novel scheduler side-channel in preemptive, fixed-priority real-time systems (RTS); examples of such systems can be found in automotive systems, avionic systems, power plants and industrial control systems among others. This side-channel can leak important timing information such as the future arrival times of real-time <a class="link-external link-http" href="http://tasks.This" rel="external noopener nofollow">this http URL</a> information can then be used to launch devastating attacks, two of which are demonstrated here (on real hardware platforms). Note that it is not easy to capture this timing information due to runtime variations in the schedules, the presence of multiple other tasks in the system and the typical constraints (e.g., deadlines) in the design of RTS. Our ScheduLeak algorithms demonstrate how to effectively exploit this side-channel. A complete implementation is presented on real operating systems (in Real-time Linux and FreeRTOS). Timing information leaked by ScheduLeak can significantly aid other, more advanced, attacks in better accomplishing their goals.

Cryptography and Security

Eman Abu Ishgair,Marcela S. Melara,Santiago Torres-Arias

2024-05-29

Abstract:The software supply chain comprises a highly complex set of operations, processes, tools, institutions and human factors involved in creating a piece of software. A number of high-profile attacks that exploit a weakness in this complex ecosystem have spurred research in identifying classes of supply chain attacks. Yet, practitioners often lack the necessary information to understand their security posture and implement suitable defenses against these attacks. We argue that the next stage of software supply chain security research and development will benefit greatly from a defense-oriented approach that focuses on holistic bottom-up solutions. To this end, this paper introduces the AStRA model, a framework for representing fundamental software supply chain elements and their causal relationships. Using this model, we identify software supply chain security objectives that are needed to mitigate common attacks and systematize knowledge on recent and well-established security techniques for their ability to meet these objectives. We validate our model against prior attacks and taxonomies. Finally, we identify emergent research gaps and propose opportunities to develop novel software development tools and systems that are secure-by-design.

Cryptography and Security

Tao Xie,Xiao Qin

DOI: https://doi.org/10.1109/tc.2006.110

2006-01-01

Abstract:Security-critical real-time applications such as military aircraft flight control systems have mandatory security requirements in addition to stringent timing constraints. Conventional real-time scheduling algorithms, however, either disregard applications' security needs and thus expose the applications to security threats or run applications at inferior security levels without optimizing security performance. In recognition that many applications running on clusters demand both real-time performance and security, we investigate the problem of scheduling a set of independent real-time tasks with various security requirements. We build a security overhead model that can be used to reasonably measure security overheads incurred by the security-critical tasks. Next, we propose a security-aware real-time heuristic strategy for clusters (SAREC), which integrates security requirements into the scheduling for real-time applications on clusters. Further, to evaluate the performance of SAREC, we incorporate the earliest deadline first (EDF) scheduling policy into SAREC to implement a novel security-aware real-time scheduling algorithm (SAEDF). Experimental results from both real-world traces and a real application show that SAEDF significantly improves security over three existing scheduling algorithms (EDF, Least Laxity First, and First Come First Serve) by up to 266.7 percent while achieving high schedulability.

Chien-Ying Chen,Monowar Hasan,Sibin Mohan

DOI: https://doi.org/10.3390/s18124356

2018-12-11

Abstract:Modern embedded and cyber-physical systems are ubiquitous. A large number of critical cyber-physical systems have real-time requirements (e.g., avionics, automobiles, power grids, manufacturing systems, industrial control systems, etc.). Recent developments and new functionality requires real-time embedded devices to be connected to the Internet. This gives rise to the real-time Internet-of-things (RT-IoT) that promises a better user experience through stronger connectivity and efficient use of next-generation embedded devices. However RT- IoT are also increasingly becoming targets for cyber-attacks which is exacerbated by this increased connectivity. This paper gives an introduction to RT-IoT systems, an outlook of current approaches and possible research challenges towards secure RT- IoT frameworks.

Networking and Internet Architecture,Cryptography and Security

Arkaprava Sain,Sunandan Adhikary,Ipsita Koley,Soumyajit Dey

2024-08-01

Abstract:Modern Cyber-Physical Systems (CPSs) consist of numerous control units interconnected by communication networks. Each control unit executes multiple safety-critical and non-critical tasks in real-time. Most of the safety-critical tasks are executed with a fixed sampling period to ensure deterministic timing behaviour that helps in its safety and performance analysis. However, adversaries can exploit this deterministic behaviour of safety-critical tasks to launch inference-based-based attacks on them. This paper aims to prevent and minimize the possibility of such timing inference or schedule-based attacks to compromise the control units. This is done by switching between strategically chosen execution rates of the safety-critical control tasks such that their performance remains unhampered. Thereafter, we present a novel schedule vulnerability analysis methodology to switch between valid schedules generated for these multiple periodicities of the control tasks in run time. Utilizing these strategies, we introduce a novel Multi-Rate Attack-Aware Randomized Scheduling (MAARS) framework for preemptive fixed-priority schedulers that minimize the success rate of timing-inference-based attacks on safety-critical real-time systems. To our knowledge, this is the first work to propose a schedule randomization method with attack awareness that preserves both the control and scheduling aspects. The efficacy of the framework in terms of attack prevention is finally evaluated on several automotive benchmarks in a Hardware-in-loop (HiL) environment.

Systems and Control,Cryptography and Security,Operating Systems

Xi Tan,Zheyuan Ma,Sandro Pinto,Le Guan,Ning Zhang,Jun Xu,Zhiqiang Lin,Hongxin Hu,Ziming Zhao

2024-05-14

Abstract:Arm Cortex-M processors are the most widely used 32-bit microcontrollers among embedded and Internet-of-Things devices. Despite the widespread usage, there has been little effort in summarizing their hardware security features, characterizing the limitations and vulnerabilities of their hardware and software stack, and systematizing the research on securing these systems. The goals and contributions of this paper are multi-fold. First, we analyze the hardware security limitations and issues of Cortex-M systems. Second, we conducted a deep study of the software stack designed for Cortex-M and revealed its limitations, which is accompanied by an empirical analysis of 1,797 real-world firmware. Third, we categorize the reported bugs in Cortex-M software systems. Finally, we systematize the efforts that aim at securing Cortex-M systems and evaluate them in terms of the protections they offer, runtime performance, required hardware features, etc. Based on the insights, we develop a set of recommendations for the research community and MCU software developers.

Cryptography and Security,Hardware Architecture

Jiankang Ren,Chunxiao Liu,Chi Lin,Wei Jiang,Pengfei Wang,Xiangwei Qi,Simeng Li,Shengyu Li

DOI: https://doi.org/10.1109/tcad.2024.3445260

IF: 2.9

2024-11-09

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Embedded real-time systems generally execute in a predictable and deterministic manner to deliver critical functionality within stringent timing constraints. However, the predictable execution behavior leaves the system vulnerable to schedule-based attacks. In this article, we present a multimode security-aware real-time scheduling scheme to counteract schedule-based attacks on multiprocessor real-time systems. To mitigate the vulnerability to the schedule-based attack, we propose a multimode scheduling method to reduce the accumulative attack effective window (AEW) of multiple victim tasks and prevent the untrusted tasks from executing during the AEW by distinctively scheduling mixed-trust tasks according to the system mode. To avoid the protection degradation due to the excessive blocking of untrusted tasks, we introduce a protection window for multiple victims on multiprocessors by analyzing the system protection capability limit under the system schedulability constraint. Furthermore, to maximize the protection capability of the multimode security-aware scheduling strategy on a multiprocessor platform, we also propose a security-aware packing algorithm to balance the workloads of mixed-trust tasks on different processors using a mixed-trust worst-fit decreasing heuristic strategy. The experimental results demonstrate that our proposed approach significantly outperforms the state-of-the-art method. Specifically, the AEW ratio and the AEW untrusted execution time ratio are reduced by 18.8% and 62.8%, respectively, while the defense success rate against ScheduLeak attack is improved by 16.3%.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Uday Tupakula,Vijay Varadharajan,Kallol Krishna Karmakar

DOI: https://doi.org/10.48550/arXiv.2006.15272

2020-06-27

Cryptography and Security

Abstract:Increasingly Industrial Control Systems (ICS) systems are being connected to the Internet to minimise the operational costs and provide additional flexibility. These control systems such as the ones used in power grids, manufacturing and utilities operate continually and have long lifespans measured in decades rather than years as in the case of IT systems. Such industrial control systems require uninterrupted and safe operation. However, they can be vulnerable to a variety of attacks, as successful attacks on critical control infrastructures could have devastating consequences to the safety of human lives as well as a nation's security and prosperity. Furthermore, there can be a range of attacks that can target ICS and it is not easy to secure these systems against all known attacks let alone unknown ones. In this paper, we propose a software enabled security architecture using Software Defined Networking (SDN) and Network Function Virtualisation (NFV) that can enhance the capability to secure industrial control systems. We have designed such an SDN/NFV enabled security architecture and developed a Control System Security Application (CSSA) in SDN Controller for enhancing security in ICS against certain specific attacks namely denial of service attacks, from unpatched vulnerable control system components and securing the communication flows from the legacy devices that do not support any security functionality. In this paper, we discuss the prototype implementation of the proposed architecture and the results obtained from our analysis.

Roberto Vigo,Flemming Nielson,Hanne Riis Nielson

DOI: https://doi.org/10.2168/LMCS-12%284%3A5%292016

2016-10-19

Abstract:In the design of software and cyber-physical systems, security is often perceived as a qualitative need, but can only be attained quantitatively. Especially when distributed components are involved, it is hard to predict and confront all possible attacks. A main challenge in the development of complex systems is therefore to discover attacks, quantify them to comprehend their likelihood, and communicate them to non-experts for facilitating the decision process. To address this three-sided challenge we propose a protection analysis over the Quality Calculus that (i) computes all the sets of data required by an attacker to reach a given location in a system, (ii) determines the cheapest set of such attacks for a given notion of cost, and (iii) derives an attack tree that displays the attacks graphically. The protection analysis is first developed in a qualitative setting, and then extended to quantitative settings following an approach applicable to a great many contexts. The quantitative formulation is implemented as an optimisation problem encoded into Satisfiability Modulo Theories, allowing us to deal with complex cost structures. The usefulness of the framework is demonstrated on a national-scale authentication system, studied through a Java implementation of the framework.

Cryptography and Security,Logic in Computer Science

Anil Kumar,Amit Kumar Gupta,Deepak Panwar,Sandeep Chaurasia,Dinesh Goyal

DOI: https://doi.org/10.47974/jdmsc-1816

2023-01-01

Journal of Discrete Mathematical Sciences and Cryptography

Abstract:These days, the problems of scheduling and security are increasingly pressing as a result of the rapidly growing number of implementations that are operated in operating systems. Process scheduling and scheduling security is the most effective methodology of operating a system which can improve and degrade the performance of the computer system. The performance of scheduling algorithm in operating system can be measured by scheduling principles like average waiting time, average turnaround time, response time, throughput etc. Much research carried out over operating system security and round robin scheduling used in time sharing operating system in previous years to resolve the issues regarding to improvement in the performance of round robin (RR) scheduling and improving the security in the scheduling approach. This study discussed the security issues in operating systems, scheduling security and discrete structure of a new approach for RR scheduling. The researcher has suggested a list of policy for scheduling method security and proposed a new approach for RR scheduling and investigated the scheduling principles. The proposed methodology covers distinctive strategy for selection manner of process from ready queue than RR and used diverges time quantum. The proposed methodology has been validated experimentally by comparing with a numerous scheduling algorithm namely as Round Robin (RR), Adaptive Round Robin (ARR), Round Robin Remaining time (RRRT), improved Round Robin (IRR), an additional improvement on the improved Round Robin (AAAIRR), and an Enhanced Round Robin (ERR). Numerous simulations have been conducted to validate the effectiveness of the proposed algorithm to compelling the performance of system. At the conclusion the performance of computing system is dependent on security of operating system as well as secluding methods.

Jiyang Chen,Tomasz Kloda,Ayoosh Bansal,Rohan Tabish,Chien-Ying Chen,Bo Liu,Sibin Mohan,Marco Caccamo,Lui Sha

DOI: https://doi.org/10.48550/arXiv.2104.04528

2021-04-09

Abstract:Real-time systems have recently been shown to be vulnerable to timing inference attacks, mainly due to their predictable behavioral patterns. Existing solutions such as schedule randomization lack the ability to protect against such attacks, often limited by the system's real-time nature. This paper presents SchedGuard: a temporal protection framework for Linux-based hard real-time systems that protects against posterior scheduler side-channel attacks by preventing untrusted tasks from executing during specific time segments. SchedGuard is integrated into the Linux kernel using cgroups, making it amenable to use with container frameworks. We demonstrate the effectiveness of our system using a realistic radio-controlled rover platform and synthetically generated workloads. Not only is SchedGuard able to protect against the attacks mentioned above, but it also ensures that the real-time tasks/containers meet their temporal requirements.

Cryptography and Security,Operating Systems

Chunjie Zhou,Xuan Li,Shuanghua Yang,Yu-Chu Tian

DOI: https://doi.org/10.1109/tii.2019.2903224

IF: 12.3

2020-05-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial control systems (ICSs) in networked environments face severe cyber-security risks and challenges. A timely response to cyber-attacks is of paramount importance for mitigating risks. However, the security policy developed for an ICS may be conflicting with the ICS&#x27;s safety policy, on which much attention has been paid for a long time in industrial control. An inappropriate enforcement of the security policy may deteriorate the ICS performance or even result in severe unexpected consequences. To tackle this problem, a risk-based security task scheduling approach is presented for ICSs with consideration of the safety policy. It ensures a timely response to cyber-attacks without compromising safety. More specifically, the approach reconciles security tasks and safety tasks according to a designed resolution policy, so as to acquire contradiction-free security and safety (S&amp;S) tasks. Then, a real-time risk assessment method is developed to characterize the subtle change of the system risk with the implementation of the reconciled S&amp;S tasks. After that, a task scheduling method is designed with the risk as the optimization objective, i.e., it searches the optimal task scheduling scheme by minimizing the risk posture. The resulting scheduling scheme ensures the smooth implementation of the S&amp;S policy, which reflects the optimal recovery process against the risk. Finally, case studies on a hardware-in-the-loop testbed are conducted to demonstrate the effectiveness of the proposed approach.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial