Integrating security constraints into fixed priority real-time schedulers

Mohan, Sibin; Yoon, Man-Ki; Pellizzoni, Rodolfo; Bobba, Rakesh B.

doi:10.1007/s11241-016-9252-5

Cited by 21 publications

(19 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As we follow the common assumptions of the existing studies for real-time systems that consider the timing-inference attacks to induce information leakage on shared resources [4], [27], [30], [32], we also assume that an adversary knows the task parameters of a target task (called victim task) for his security attack and aims at gleaning the sensitive data on the resources shared by different tasks. This assumption is based on the fact that many critical functions of a real-time the summation of all resource usage time for λx by any single job Ji of τi.…”

Section: A Adversary Modelmentioning

confidence: 99%

FT-PIP: Flush Task Incorporated Priority-Inheritance Protocol to Reduce Information Leakage on Multiprocessor Real-Time Systems

Baek

Lee

2021

IEEE Access

View full text Add to dashboard Cite

In a traditional real-time system, the major requirement is to finish every real-time task within its predefined time. However, as a modern real-time system is connected to external networks and its subsystems are developed by different vendors, it becomes an important requirement to address the problem of information leakage on resources shared by different real-time tasks. This triggers studies that incorporate security mechanisms into the real-time scheduling. While it is one of the most well-known approaches to add the flush task (FT) mechanism and analyze its effect on timing guarantees, the existing FT approaches have been limited to a real-time system that employs at most one resource shared by real-time tasks executed on a uniprocessor platform. In this paper, we propose a flush task incorporated priority-inheritance protocol (FT-PIP) for global fixed-priority multiprocessor scheduling and develop its schedulability analysis, which is the first attempt that not only (a) supports timing guarantees but also (b) satisfies security constraints for (c) a multiprocessor platform with multiple shared resources. Via simulations, we demonstrate that FT-PIP and its schedulability analysis are effective in achieving both (a) and (b) for (c).INDEX TERMS Real-time scheduling, multiprocessor systems, flush task incorporated priority-inheritance protocol, information leakage

show abstract

Section: A Adversary Modelmentioning

confidence: 99%

FT-PIP: Flush Task Incorporated Priority-Inheritance Protocol to Reduce Information Leakage on Multiprocessor Real-Time Systems

Baek

Lee

2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Note that the addition of any security mechanisms (such as IDS, encryption/authentication, behavior-based monitoring, etc.) may require modification of the system or the RT task parameters as was the case in prior work [7][8][9][10][11][12][13][14][15].…”

Section: Application Specific Checkingmentioning

confidence: 99%

Period Adaptation for Continuous Security Monitoring in Multicore Real-Time Systems

Hasan¹,

Mohan²,

Pellizzoni³

et al. 2019

Preprint

Self Cite

View full text Add to dashboard Cite

We propose a design-time framework (named HYDRA-C) for integrating security tasks into partitioned 1 real-time systems (RTS) running on multicore platforms. Our goal is to opportunistically execute security monitoring mechanisms in a 'continuous' manner i.e., as often as possible, across cores, to ensure that security tasks run with as few interruptions as possible. Our framework will allow designers to integrate security mechanisms without perturbing existing real-time (RT) task properties or execution order. We demonstrate the framework using a proof-of-concept implementation with intrusion detection mechanisms as security tasks. We develop and use both, (a) a custom intrusion detection system (IDS), as well as (b) Tripwire -an open source data integrity checking tool. These are implemented on a realistic rover platform designed using an ARM multicore chip. We compare the performance of HYDRA-C with a state-of-the-art RT security integration approach for multicore-based RTS and find that our method can, on average, detect intrusions 19.05% faster without impacting the performance of RT tasks.

show abstract

“…References Approaches Security-aware model and framework Pellizzoni et al 9 Generalized model Abdi et al 10 Restart-based framework Hasan et al 11 Contego Ma et al 12 Control and security management Paryab 13 Integrating security mechanisms Security-driven hardware design Tan et al 14 System-level method in MPSoC Saadatmand 15 Method using CBD and MDD Encryption algorithm Zhang et al 16 MTVOM Jiang et al 17 Hardware/software technology Jiang et al 18 FVUC Mohan et al 19 SCRTS analytical framework for system designers to determine the best trade-o®s between the control system performance and the security customizing parameters of the systems while ensuring the security of the physical system. Simulation results showed that ReSecure can guarantee a secure system under the unavailability of complex units.…”

Section: Servicesmentioning

confidence: 99%

“…Each time a hand-o® occurs between tasks that belong to di®erent levels of security, the information may leak through shared resources. To deal with the information leakage problem, Mohan et al 19 proposed a method named SCRTS to integrate security constraints into real-time scheduling algorithms. The main idea of the method is to amend the real-time scheduling method and use shared resources to alleviate the information leakage problem among tasks of di®erent security levels.…”

Section: Encryption Algorithmmentioning

confidence: 99%

“…The second category to realize a secure system is providing security-guaranteed services such as securityaware model and framework, [9][10][11][12][13] security-driven hardware design, 14,15 encryption algorithm. [16][17][18][19] The deployment of such security-guaranteed services would inevitably consume more energy. However, the energy supply of most embedded systems is very limited since many embedded systems are powered by battery or renewable energy that is either insu±cient or unstable.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Short Review of Security-Aware Techniques in Real-Time Embedded Systems

Chai

Zhang

Zhou

et al. 2018

J CIRCUIT SYST COMP

View full text Add to dashboard Cite

With the rapid development of embedded systems, users and services have been greatly facilitated while also experiencing security threats as a result of cyber-attacks and system vulnerabilities. Currently, the real-time embedded system (RTES) focus is to deal with these security issues. In this paper, we introduce a short review of security-aware techniques for RTES. We mainly discuss two common approaches to improve the security of RTESs. The first approach is achieved by exploring specific attacks. The second approach is realized by deploying security-guaranteed services. However, improving the security of embedded systems may cause excessive energy consumption at the same time. Therefore, we investigate the secure and energy-aware RTESs on a wide range of research. In addition, we study a number of common applications used in secure RETSs. This paper stands for providing awareness and better understanding of the current RTES research status as well as technical theory behind it. Hence, the RTES security issues are resolved.

show abstract

Integrating security constraints into fixed priority real-time schedulers

Cited by 21 publications

References 23 publications

FT-PIP: Flush Task Incorporated Priority-Inheritance Protocol to Reduce Information Leakage on Multiprocessor Real-Time Systems

FT-PIP: Flush Task Incorporated Priority-Inheritance Protocol to Reduce Information Leakage on Multiprocessor Real-Time Systems

Period Adaptation for Continuous Security Monitoring in Multicore Real-Time Systems

A Short Review of Security-Aware Techniques in Real-Time Embedded Systems

Contact Info

Product

Resources

About