research-article

Optimized trusted execution for hard real-time applications on COTS processors

Authors:

Anway Mukherjee,

Tanmaya Mishra,

Thidapat Chantem,

Ryan GerdesAuthors Info & Claims

RTNS '19: Proceedings of the 27th International Conference on Real-Time Networks and Systems

Pages 50 - 60

https://doi.org/10.1145/3356401.3356419

Published: 06 November 2019 Publication History

Abstract

While trusted execution environments (TEE) provide industry standard security and isolation, its implementation through secure monitor calls (SMC) attribute to large time overhead and weakened temporal predictability, potentially prohibiting the use of TEE in hard real-time systems. We propose super-TEEs, where multiple trusted execution sections are fused together to amortize TEE execution overhead and improve predictability through minimized I/O traffic and reduced switching between normal mode and TEE mode of execution. Super-TEEs may, however, violate a task's timing requirement and impact the schedulability of the system. We present a technique to enforce the correct timing requirement of a task, along with a sufficient test for schedulability in uniprocessors. We also, discuss ct-RM, a static task assignment and partitioned scheduling algorithm to schedule super-TEEs, alongside other real-time tasks, on multicore systems. Experimental results on a Raspberry Pi 3B, further confirmed by simulations, show that ct-RM outperforms the state-of-the-art technique in terms of usable utilization by 12% on average and up to 27%.

References

[1]

M. Sabt, M. Achemlal, and A. Bouabdallah, "Trusted execution environment: what it is, and what it is not," in Trustcom/BigDataSE/ISPA, 2015 IEEE, vol. 1, pp. 57--64, IEEE, 2015.

[2]

T. Frenzel, A. Lackorzynski, A. Warg, and H. Härtig, "Arm trustzone as a virtualization technique in embedded systems," in Proceedings of Twelfth Real-Time Linux Workshop, Nairobi, Kenya, 2010.

[3]

S. Pinto, J. Pereira, T. Gomes, A. Tavares, and J. Cabral, "LTZVisor: TrustZone is the Key," in 29th Euromicro Conference on Real-Time Systems (ECRTS 2017) (M. Bertogna, ed.), vol. 76 of Leibniz International Proceedings in Informatics (LIPIcs), (Dagstuhl, Germany), pp. 4:1--4:22, Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 2017.

[4]

D. C. Challener and D. R. Safford, "Encrypted file system using tcpa," Mar. 11 2008. US Patent 7,343,493.

[5]

S. M. Darwish, S. K. Guirguis, and M. S. Zalat, "Stealthy code obfuscation technique for software security," in Computer Engineering and Systems (ICCES), 2010 International Conference on, pp. 93--99, IEEE, 2010.

[6]

Y. Liu, K. An, and E. Tilevich, "Rt-trust: automated refactoring for trusted execution under real-time constraints," in Proceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences, pp. 175--187, ACM, 2018.

[7]

B. Ngabonziza, D. Martin, A. Bailey, H. Cho, and S. Martin, "Trustzone explained: Architectural features and use cases," in 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pp. 445--451, IEEE, 2016.

[8]

R. Pettersen, H. D. Johansen, and D. Johansen, "Secure edge computing with arm trustzone.," in IoTBDS, pp. 102--109, 2017.

[9]

L. Guan, P. Liu, X. Xing, X. Ge, S. Zhang, M. Yu, and T. Jaeger, "Trustshadow: Secure execution of unmodified applications with arm trustzone," in Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, pp. 488--501, ACM, 2017.

[10]

K. Ying, A. Ahlawat, B. Alsharifi, Y. Jiang, P. Thavai, and W. Du, "Truz-droid: Integrating trustzone with mobile operating system," in Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys '18, (New York, NY, USA), pp. 14--27, ACM, 2018.

Digital Library

[11]

Z. Hua, J. Gu, Y. Xia, H. Chen, B. Zang, and H. Guan, "vtz: Virtualizing arm trustzone," in In Proc. of the 26th USENIX Security Symposium, 2017.

[12]

ARM, "Security technology building a secure system using trustzone technology (white paper)," ARM Limited, 2009.

[13]

"OP-TEE (Open Portable Trusted Execution Environment)." https://www.op-tee.org/. Accessed: 2018-05-27.

[14]

"GlobalPlatform Device Technology TEE Client API Specification." https://www.globalplatform.org/mediaguidetee.asp. Accessed: 2017-10-05.

[15]

C. L. Liu and J. W. Layland, "Scheduling algorithms for multiprogramming in a hard-real-time environment," Journal of the ACM (JACM), vol. 20, no. 1, pp. 46--61, 1973.

Digital Library

[16]

A. Díaz-Ramírez, P. Mejía-Alvarez, and L. E. Leyva-del Foyo, "Comprehensive comparison of schedulability tests for uniprocessor rate-monotonic scheduling," Journal of applied research and technology, vol. 11, no. 3, pp. 408--436, 2013.

[17]

M. Nasri and G. Fohler, "An efficient method for assigning harmonic periods to hard real-time tasks with period ranges," in 2015 27th Euromicro Conference on Real-Time Systems, pp. 149--159, IEEE, 2015.

[18]

C. Roig, A. Ripoll, and F. Guirado, "A new task graph model for mapping message passing applications," IEEE transactions on Parallel and Distributed Systems, vol. 18, no. 12, pp. 1740--1753, 2007.

Digital Library

[19]

M. Lipp, D. Gruss, R. Spreitzer, C. Maurice, and S. Mangard, "Armageddon: Cache attacks on mobile devices," in 25th {USENIX} Security Symposium ({USENIX} Security 16), pp. 549--564, 2016.

[20]

G. Irazoqui and X. Guo, "Cache side channel attack: Exploitability and counter-measures," Black Hat Asia, vol. 2017, 2017.

[21]

V. Lesi, I. Jovanov, and M. Pajic, "Security-aware scheduling of embedded control tasks," ACM Transactions on Embedded Computing Systems (TECS), vol. 16, no. 5s, p. 188, 2017.

[22]

T. P. Baker and A. Shaw, "The cyclic executive model and ada," Real-Time Systems, vol. 1, no. 1, pp. 7--25, 1989.

[23]

S. K. Dhall and C. L. Liu, "On a real-time scheduling problem," Operations research, vol. 26, no. 1, pp. 127--140, 1978.

Digital Library

[24]

H. Li, J. Sweeney, K. Ramamritham, R. Grupen, and P. Shenoy, "Real-time support for mobile robotics," in The 9th IEEE Real-Time and Embedded Technology and Applications Symposium, 2003. Proceedings., pp. 10--18, IEEE, 2003.

[25]

J. V. Busquets-Mataix, J. J. Serrano, R. Ors, P. Gil, and A. Wellings, "Using harmonic task-sets to increase the schedulable utilization of cache-based preemptive real-time systems," in Proceedings of 3rd International Workshop on Real-Time Computing Systems and Applications, pp. 195--202, IEEE, 1996.

[26]

T. Taira, N. Kamata, and N. Yamasaki, "Design and implementation of reconfigurable modular humanoid robot architecture," in 2005 IEEE/RSJ International Conference on Intelligent Robots and Systems, pp. 3566--3571, IEEE, 2005.

[27]

Y. Fu, N. Kottenstette, Y. Chen, C. Lu, X. D. Koutsoukos, and H. Wang, "Feedback thermal control for real-time systems," in 2010 16th IEEE Real-Time and Embedded Technology and Applications Symposium, pp. 111--120, IEEE, 2010.

[28]

C.-C. Han and H.-Y. Tyan, "A better polynomial-time schedulability test for real-time fixed-priority scheduling algorithms," in Proceedings Real-Time Systems Symposium, pp. 36--45, IEEE, 1997.

[29]

K. Gai, L. Qiu, M. Chen, H. Zhao, and M. Qiu, "Sa-east: security-aware efficient data transmission for its in mobile heterogeneous cloud computing," ACM Transactions on Embedded Computing Systems (TECS), vol. 16, no. 2, p. 60, 2017.

Digital Library

[30]

N. Corteggiani, G. Camurati, and A. Francillon, "Inception: System-wide security testing of real-world embedded systems software," in 27th USENIX Security Symposium (USENIX Security 18), USENIX Association, 2018.

[31]

Y. Ma, W. Jiang, N. Sang, and X. Zhang, "ARCSM: A distributed feedback control mechanism for security-critical real-time system," in Proc. Int. Symp. Parallel and Distributed Processing with Applications, pp. 379--386, July 2012.

Digital Library

[32]

K. Jiang, A. Lifa, P. Eles, Z. Peng, and W. Jiang, "Energy-aware design of secure multi-mode real-time embedded systems with FPGA co-processors," in Proc. Int. Conf. Real-Time Networks and Systems, pp. 109--118, Oct. 2013.

[33]

M. Hasan, S. Mohan, R. B. Bobba, and R. Pellizzoni, "Exploring opportunistic execution for integrating security into legacy hard real-time systems," in Real-Time Systems Symposium (RTSS), 2016 IEEE, pp. 123--134, IEEE, 2016.

[34]

S. Pinto, D. Oliveira, J. Pereira, J. Cabral, and A. Tavares, "Freetee: When real-time and security meet," in Emerging Technologies & Factory Automation (ETFA), 2015 IEEE 20th Conference on, pp. 1--4, IEEE, 2015.

[35]

R. Liu and M. Srivastava, "Protc: Protecting drone's peripherals through arm trustzone," in Proceedings of the 3rd Workshop on Micro Aerial Vehicle Networks, Systems, and Applications, pp. 1--6, ACM, 2017.

Cited By

Hasan MKashinath AChen CMohan S(2024)SoK: Security in Real-Time SystemsACM Computing Surveys10.1145/364949956:9(1-31)Online publication date: 25-Apr-2024
https://dl.acm.org/doi/10.1145/3649499
Raadia FFisher NChantem TBaruah S(2024)An Improved Security-Cognizant Scheduling Model2024 IEEE 27th International Symposium on Real-Time Distributed Computing (ISORC)10.1109/ISORC61049.2024.10551349(1-8)Online publication date: 22-May-2024
https://doi.org/10.1109/ISORC61049.2024.10551349
Mishra TWang JChantem TGerdes RZhang N(2023)A Procrastinating Control-Flow Integrity Framework for Periodic Real-Time SystemsProceedings of the 31st International Conference on Real-Time Networks and Systems10.1145/3575757.3575762(132-142)Online publication date: 7-Jun-2023
https://dl.acm.org/doi/10.1145/3575757.3575762
Show More Cited By

Recommendations

Time analysable synchronisation techniques for parallelised hard real-time applications
DATE '12: Proceedings of the Conference on Design, Automation and Test in Europe

In this paper we present synchronisation techniques for hard real-time (HRT) capable execution of parallelised applications on embedded multi-core processors. We show how commonly used software synchronisation techniques can be implemented in a time ...
Quality of service capabilities for hard real-time applications on multi-core processors
RTNS '13: Proceedings of the 21st International conference on Real-Time Networks and Systems

Computing Worst-Case Execution Times (WCETs) for applications executed on multi-core processors is a challenging topic since possible interferences on shared resources need to be considered. Some approaches are already proposed in literature, but the ...
Parallelizing Industrial Hard Real-Time Applications for the parMERASA Multicore

The EC project parMERASA (Multicore Execution of Parallelized Hard Real-Time Applications Supporting Analyzability) investigated timing-analyzable parallel hard real-time applications running on a predictable multicore processor. A pattern-supported ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

RTNS '19: Proceedings of the 27th International Conference on Real-Time Networks and Systems

November 2019

221 pages

ISBN:9781450372237

DOI:10.1145/3356401

General Chair:
Jérôme Ermont
IRIT, ENSEEIHT, France
,
Program Chairs:
Ye-Qiong Song
LORIA - Université de Lorraine, France
,
Christopher Gill
Washington University in St. Louis

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

RTNS 2019

RTNS 2019: 27th International Conference on Real-Time Networks and Systems

November 6 - 8, 2019

Toulouse, France

Acceptance Rates

Overall Acceptance Rate 119 of 255 submissions, 47%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
260
Total Downloads

Downloads (Last 12 months)28
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hasan MKashinath AChen CMohan S(2024)SoK: Security in Real-Time SystemsACM Computing Surveys10.1145/364949956:9(1-31)Online publication date: 25-Apr-2024
https://dl.acm.org/doi/10.1145/3649499
Raadia FFisher NChantem TBaruah S(2024)An Improved Security-Cognizant Scheduling Model2024 IEEE 27th International Symposium on Real-Time Distributed Computing (ISORC)10.1109/ISORC61049.2024.10551349(1-8)Online publication date: 22-May-2024
https://doi.org/10.1109/ISORC61049.2024.10551349
Mishra TWang JChantem TGerdes RZhang N(2023)A Procrastinating Control-Flow Integrity Framework for Periodic Real-Time SystemsProceedings of the 31st International Conference on Real-Time Networks and Systems10.1145/3575757.3575762(132-142)Online publication date: 7-Jun-2023
https://dl.acm.org/doi/10.1145/3575757.3575762
Hasan MMohan S(2023)You Can’t Always Check What You Wanted: : Selective Checking and Trusted Execution to Prevent False Actuations in Real-Time Internet-of-Things2023 IEEE 26th International Symposium on Real-Time Distributed Computing (ISORC)10.1109/ISORC58943.2023.00017(42-53)Online publication date: May-2023
https://doi.org/10.1109/ISORC58943.2023.00017
Baruah SChantem TFisher NRaadia F(2023)A Scheduling Model Inspired by Security Considerations2023 IEEE 26th International Symposium on Real-Time Distributed Computing (ISORC)10.1109/ISORC58943.2023.00016(32-41)Online publication date: May-2023
https://doi.org/10.1109/ISORC58943.2023.00016
Queyrut SSchiavoni VFelber P(2023)Mitigating Adversarial Attacks in Federated Learning with Trusted Execution Environments2023 IEEE 43rd International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS57875.2023.00069(626-637)Online publication date: Jul-2023
https://doi.org/10.1109/ICDCS57875.2023.00069
Babar MHasan MFernandes EAlcaraz C(2022)Real-Time Scheduling of TrustZone-enabled DNN WorkloadsProceedings of the 4th Workshop on CPS & IoT Security and Privacy10.1145/3560826.3563386(63-69)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3560826.3563386
Baruah S(2022)Security-Cognizant Real-Time Scheduling2022 IEEE 25th International Symposium On Real-Time Distributed Computing (ISORC)10.1109/ISORC52572.2022.9812766(1-9)Online publication date: 17-May-2022
https://doi.org/10.1109/ISORC52572.2022.9812766
Adam G(2021)Real-Time Performance and Response Latency Measurements of Linux Kernels on Single-Board ComputersComputers10.3390/computers1005006410:5(64)Online publication date: 16-May-2021
https://doi.org/10.3390/computers10050064
Alder FVan Bulck JPiessens FMühlberg JKim YKim JVigna GShi E(2021)Aion: Enabling Open Systems through Strong Availability Guarantees for EnclavesProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484782(1357-1372)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484782
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents