POSTER: Sechduler: a security-aware kernel scheduler
Authors: 
Parisa Haghani and Saman ZonouzAuthors Info & Claims
Parisa Haghani and Saman ZonouzAuthors Info & ClaimsNovember 2013
Pages 1465 - 1468
Abstract
Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. We present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither realtime nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3 % on average to guarantee high level of combined security and realtimeness simultaneously.
References
[1]
DWYER, M. B., AVRUNIN, G. S., AND CORBETT, J. C. Patterns in property specifications for finite-state verification. In Proceedings of the 21st international conference on Software engineering (New York, NY, USA, 1999), ICSE '99, ACM, pp. 411--420.
[2]
JIANG, K., AND JONSSON, B. Using spin to model check concurrent algorithms, using a translation from c to promela. In Proc. 2nd Swedish Workshop on Multi-Core Computing (2009), Department of Information Technology, Uppsala University, pp. 67--69.
[3]
KING, S. T., AND CHEN, P. M. Backtracking intrusions. In Proceedings of the Nineteenth ACM symposium on Operating systems principles (2003), vol. 37, pp. 223--236.
[4]
PABLA, C. S. Completely fair scheduler. Linux J. 2009, 184 (Aug. 2009).
[5]
ROUTRAY, R., ZHANG, R., EYERS, D., WILLCOCKS, D., PIETZUCH, P., AND SARKAR, P. Policy generation framework for large-scale storage infrastructures. In IEEE Symposium on Policies for Distributed Systems and Networks (2010), pp. 65--72.
[6]
SATO, H., AND YAKOH, T. A real-time communication mechanism for rtlinux. In Annual Confjerence of the IEEE Industrial Electronics Society (2000), vol. 4, pp. 2437--2442 vol.4.
[7]
WOTRING, B., POTTER, B., RANUM, M., AND WICHMANN, R. Host Integrity Monitoring Using Osiris and Samhain. Syngress Publishing, 2005.
[8]
ZONOUZ, S. A., JOSHI, K. R., AND SANDERS, W. H. Floguard: cost-aware systemwide intrusion defense via online forensics and on-demand ids deployment. In International conference on Computer safety, reliability, and security (2011), pp. 338--354.
Index Terms
- POSTER: Sechduler: a security-aware kernel scheduler
Recommendations
Sechduler: A Security-Aware Kernel Scheduler
PRDC '13: Proceedings of the 2013 IEEE 19th Pacific Rim International Symposium on Dependable ComputingTrustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. In this paper, we present Sechduler, a formally verifiable security-aware operating system ...
Real-Time Systems Security through Scheduler Constraints
AGILE '14: Proceedings of the 2014 Agile ConferenceReal-time systems (RTS) were typically considered to be invulnerable to external attacks, mainly due to their use of proprietary hardware and protocols, as well as physical isolation. As a result, RTS and security have traditionally been separate ...
POSTER: Towards Exposing Internet of Things: A Roadmap
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityConsidering the exponential increase of Internet of Things (IoT) devices there is also unforeseen vulnerabilities associated with these IoT devices. One of the major problems in the IoT is the security testing and analysis due to the heterogeneous ...
Comments
Information & Contributors
Information
Published In
November 2013
1530 pages
ISBN:9781450324779
DOI:10.1145/2508859
- General Chair:
- Ahmad-Reza Sadeghi,
- Program Chairs:
- Virgil Gligor,
- Moti Yung
Copyright © 2013 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 November 2013
Check for updates
Author Tag
Qualifiers
- Poster
Conference
CCS'13
Sponsor:
CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security
November 4 - 8, 2013
Berlin, Germany
Acceptance Rates
CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '24
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 225Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in