Protection Window Based Security-Aware Scheduling against Schedule-Based Attacks

IF 2.8 3区计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

ACM Transactions on Embedded Computing Systems Pub Date : 2023-09-09 DOI:10.1145/3609098

Jiankang Ren, Chunxiao Liu, Chi Lin, Ran Bi, Simeng Li, Zheng Wang, Yicheng Qian, Zhichao Zhao, Guozhen Tan

{"title":"Protection Window Based Security-Aware Scheduling against Schedule-Based Attacks","authors":"Jiankang Ren, Chunxiao Liu, Chi Lin, Ran Bi, Simeng Li, Zheng Wang, Yicheng Qian, Zhichao Zhao, Guozhen Tan","doi":"10.1145/3609098","DOIUrl":null,"url":null,"abstract":"With widespread use of common-off-the-shelf components and the drive towards connection with external environments, the real-time systems are facing more and more security problems. In particular, the real-time systems are vulnerable to the schedule-based attacks because of their predictable and deterministic nature in operation. In this paper, we present a security-aware real-time scheduling scheme to counteract the schedule-based attacks by preventing the untrusted tasks from executing during the attack effective window (AEW). In order to minimize the AEW untrusted coverage ratio for the system with uncertain AEW size, we introduce the protection window to characterize the system protection capability limit due to the system schedulability constraint. To increase the opportunity of the priority inversion for the security-aware scheduling, we design an online feasibility test method based on the busy interval analysis. In addition, to reduce the run-time overhead of the online feasibility test, we also propose an efficient online feasibility test method based on the priority inversion budget analysis to avoid online iterative calculation through the offline maximum slack analysis. Owing to the protection window and the online feasibility test, our proposed approach can efficiently provide best-effort protection to mitigate the schedule-based attack vulnerability while ensuring system schedulability. Experiments show the significant security capability improvement of our proposed approach over the state-of-the-art coverage oriented scheduling algorithm.","PeriodicalId":50914,"journal":{"name":"ACM Transactions on Embedded Computing Systems","volume":"35 1","pages":"0"},"PeriodicalIF":2.8000,"publicationDate":"2023-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Embedded Computing Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3609098","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

With widespread use of common-off-the-shelf components and the drive towards connection with external environments, the real-time systems are facing more and more security problems. In particular, the real-time systems are vulnerable to the schedule-based attacks because of their predictable and deterministic nature in operation. In this paper, we present a security-aware real-time scheduling scheme to counteract the schedule-based attacks by preventing the untrusted tasks from executing during the attack effective window (AEW). In order to minimize the AEW untrusted coverage ratio for the system with uncertain AEW size, we introduce the protection window to characterize the system protection capability limit due to the system schedulability constraint. To increase the opportunity of the priority inversion for the security-aware scheduling, we design an online feasibility test method based on the busy interval analysis. In addition, to reduce the run-time overhead of the online feasibility test, we also propose an efficient online feasibility test method based on the priority inversion budget analysis to avoid online iterative calculation through the offline maximum slack analysis. Owing to the protection window and the online feasibility test, our proposed approach can efficiently provide best-effort protection to mitigate the schedule-based attack vulnerability while ensuring system schedulability. Experiments show the significant security capability improvement of our proposed approach over the state-of-the-art coverage oriented scheduling algorithm.

查看原文本刊更多论文

基于保护窗口的安全感知调度防范基于调度的攻击

随着通用组件的广泛使用和与外部环境连接的推动，实时系统面临着越来越多的安全问题。特别是实时系统由于其运行的可预测性和确定性，极易受到基于调度的攻击。本文提出了一种安全感知的实时调度方案，通过防止不可信任务在攻击有效窗口(AEW)内执行来对抗基于调度的攻击。为了使预警规模不确定的系统的预警不可信覆盖率最小化，引入了保护窗口来表征系统可调度性约束下的系统保护能力极限。为了增加安全感知调度优先级反演的机会，我们设计了一种基于繁忙区间分析的在线可行性测试方法。此外，为了减少在线可行性测试的运行时开销，我们还提出了一种基于优先级反演预算分析的高效在线可行性测试方法，避免了通过离线最大松弛分析进行在线迭代计算。该方法利用保护窗口和在线可行性测试，在保证系统可调度性的同时，有效地提供最大限度的保护，以缓解基于调度的攻击漏洞。实验表明，与目前最先进的面向覆盖的调度算法相比，我们提出的方法的安全性能有了显著提高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Embedded Computing Systems 工程技术-计算机：软件工程

CiteScore

3.70

自引率

0.00%

发文量

138

审稿时长

6 months

期刊介绍： The design of embedded computing systems, both the software and hardware, increasingly relies on sophisticated algorithms, analytical models, and methodologies. ACM Transactions on Embedded Computing Systems (TECS) aims to present the leading work relating to the analysis, design, behavior, and experience with embedded computing systems.