Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

SchedGuard++: Protecting against Schedule Leaks Using Linux Containers on Multi-Core Processors

SchedGuard++: Protecting against Schedule Leaks Using Linux Containers on Multi-Core Processors Timing correctness is crucial in a multi-criticality real-time system, such as an autonomous driving system. It has been recently shown that these systems can be vulnerable to timing inference attacks, mainly due to their predictable behavioral patterns. Existing solutions like schedule randomization cannot protect against such attacks, often limited by the system’s real-time nature. This article presents “SchedGuard++”: a temporal protection framework for Linux-based real-time systems that protects against posterior schedule-based attacks by preventing untrusted tasks from executing during specific time intervals. SchedGuard++ supports multi-core platforms and is implemented using Linux containers and a customized Linux kernel real-time scheduler. We provide schedulability analysis assuming the Logical Execution Time (LET) paradigm, which enforces I/O predictability. The proposed response time analysis takes into account the interference from trusted and untrusted tasks and the impact of the protection mechanism. We demonstrate the effectiveness of our system using a realistic radio-controlled rover platform. Not only is “SchedGuard++” able to protect against the posterior schedule-based attacks, but it also ensures that the real-time tasks/containers meet their temporal requirements. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png ACM Transactions on Cyber-Physical Systems Association for Computing Machinery

SchedGuard++: Protecting against Schedule Leaks Using Linux Containers on Multi-Core Processors

Download PDF
25 pages

Loading next page...
 
/lp/association-for-computing-machinery/schedguard-protecting-against-schedule-leaks-using-linux-containers-on-6QkYrSkLg1

References

References for this paper are not available at this time. We will be adding them shortly, thank you for your patience.

Publisher
Association for Computing Machinery
Copyright
Copyright © 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM.
ISSN
2378-962X
eISSN
2378-9638
DOI
10.1145/3565974
Publisher site
See Article on Publisher Site

Abstract

Timing correctness is crucial in a multi-criticality real-time system, such as an autonomous driving system. It has been recently shown that these systems can be vulnerable to timing inference attacks, mainly due to their predictable behavioral patterns. Existing solutions like schedule randomization cannot protect against such attacks, often limited by the system’s real-time nature. This article presents “SchedGuard++”: a temporal protection framework for Linux-based real-time systems that protects against posterior schedule-based attacks by preventing untrusted tasks from executing during specific time intervals. SchedGuard++ supports multi-core platforms and is implemented using Linux containers and a customized Linux kernel real-time scheduler. We provide schedulability analysis assuming the Logical Execution Time (LET) paradigm, which enforces I/O predictability. The proposed response time analysis takes into account the interference from trusted and untrusted tasks and the impact of the protection mechanism. We demonstrate the effectiveness of our system using a realistic radio-controlled rover platform. Not only is “SchedGuard++” able to protect against the posterior schedule-based attacks, but it also ensures that the real-time tasks/containers meet their temporal requirements.

Journal

ACM Transactions on Cyber-Physical SystemsAssociation for Computing Machinery

Published: Feb 20, 2023

Keywords: Response time analysis

There are no references for this article.