research-article

Public Access

Indistinguishability Prevents Scheduler Side Channels in Real-Time Systems

Authors:

Chien-Ying Chen,

Debopam Sanyal,

Sibin MohanAuthors Info & Claims

CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Pages 666 - 684

https://doi.org/10.1145/3460120.3484769

Published: 13 November 2021 Publication History

Abstract

Scheduler side-channels can leak critical information in real-time systems, thus posing serious threats to many safety-critical applications. The main culprit is the inherent determinism in the runtime timing behavior of such systems, e.g., the (expected) periodic behavior of critical tasks. In this paper, we introduce the notion of "schedule indistinguishability/", inspired by work in differential privacy, that introduces diversity into the schedules of such systems while offering analyzable security guarantees. We achieve this by adding a sufficiently large (controlled) noise to the task schedules in order to break their deterministic execution patterns. An "epsilon-Scheduler" then implements schedule indistinguishability in real-time Linux. We evaluate our system using two real applications: (a) an autonomous rover running on a real hardware platform (Raspberry Pi) and (b) a video streaming application that sends data across large geographic distances. Our results show that the epsilon-Scheduler offers better protection against scheduler side-channel attacks in real-time systems while still maintaining good performance and quality-of-service(QoS) requirements.

References

[1]

Fardin Abdi, Chien-Ying Chen, Monowar Hasan, Songran Liu, Sibin Mohan, and Marco Caccamo. 2018a. Guaranteed physical security with restart-based design for cyber-physical systems. In Proceedings of the 9th ACM/IEEE International Conference on Cyber-Physical Systems. IEEE Press, 10--21.

Digital Library

[2]

Fardin Abdi, Chien-Ying Chen, Monowar Hasan, Songran Liu, Sibin Mohan, and Marco Caccamo. 2018b. Preserving Physical Safety Under Cyber Attacks. IEEE Internet of Things Journal (2018).

[3]

Dakshi Agrawal, Bruce Archambeault, Josyula R Rao, and Pankaj Rohatgi. 2002. The EM side-channel (s). In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 29--45.

[4]

Hyeongboo Baek and Chang Mook Kang. 2020. Scheduling Randomization Protocol to Improve Schedule Entropy for Multiprocessor Real-Time Systems. Symmetry, Vol. 12, 5 (2020), 753.

[5]

Hagai Bar-El, Hamid Choukri, David Naccache, Michael Tunstall, and Claire Whelan. 2006. The sorcerer's apprentice guide to fault attacks. Proc. IEEE, Vol. 94, 2 (2006), 370--382.

[6]

Donald J Berndt and James Clifford. 1994. Using dynamic time warping to find patterns in time series. In KDD workshop, Vol. 10. Seattle, WA, USA:, 359--370.

Digital Library

[7]

Marko Bertogna and Sanjoy Baruah. 2010. Limited preemption EDF scheduling of sporadic task systems. IEEE Trans. on Ind. Info., Vol. 6, 4 (2010), 579--591.

[8]

Enrico Bini and Giorgio C Buttazzo. 2005. Measuring the performance of schedulability tests. RTS Journal, Vol. 30, 1--2 (2005), 129--154.

[9]

Alan Burns and Stewart Edgar. 2000. Predicting computation time for advanced processor architectures. In Real-Time Systems, 2000. Euromicro RTS 2000. 12th Euromicro Conference on. IEEE, 89--96.

[10]

Nathan Burow, Ryan Burrow, Roger Khazan, Howard Shrobe, and Bryan C Ward. 2020. Moving Target Defense Considerations in Real-Time Safety-and Mission-Critical Systems. In Proceedings of the 7th ACM Workshop on Moving Target Defense. 81--89.

Digital Library

[11]

Defense Use Case. 2016. Analysis of the cyber attack on the Ukrainian power grid. Electricity Information Sharing and Analysis Center (E-ISAC) (2016).

[12]

Francisco J Cazorla, Eduardo Qui nones, Tullio Vardanega, Liliana Cucu, Benoit Triquet, Guillem Bernat, Emery Berger, Jaume Abella, Franck Wartel, Michael Houston, et al. 2013. Proartis: Probabilistically analyzable real-time systems. ACM Transactions on Embedded Computing Systems (2013).

[13]

Konstantinos Chatzikokolakis, Miguel E Andrés, Nicolás Emilio Bordenabe, and Catuscia Palamidessi. 2013. Broadening the scope of differential privacy using metrics. In International Symposium on Privacy Enhancing Technologies Symposium. Springer, 82--102.

[14]

Chien-Ying Chen, Sibin Mohan, Rodolfo Pellizzoni, Rakesh B Bobba, and Negar Kiyavash. 2019. A Novel Side-Channel in Real-Time Schedulers. In 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 90--102.

[15]

Thomas M. Chen and Saeed Abu-Nimeh. 2011. Lessons from Stuxnet. Computer, Vol. 44, 4 (April 2011), 91--93.

Digital Library

[16]

Hoon Sung Chwa, Kang G Shin, and Jinkyu Lee. 2018. Closing the gap between stability and schedulability: a new task model for Cyber-Physical Systems. In 2018 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 327--337.

[17]

Jorge Cortés, Geir E Dullerud, Shuo Han, Jerome Le Ny, Sayan Mitra, and George J Pappas. 2016. Differential privacy in control and network systems. In 2016 IEEE 55th Conference on Decision and Control (CDC). IEEE, 4252--4272.

Digital Library

[18]

Cynthia Dwork. 2008. Differential privacy: A survey of results. In International conference on theory and applications of models of computation. Springer, 1--19.

Digital Library

[19]

Cynthia Dwork, Aaron Roth, et al. 2014. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science, Vol. 9, 3--4 (2014), 211--407.

[20]

Iker Esnaola-Gonzalez, Meritxell Gómez-Omella, Susana Ferreiro, Izaskun Fernandez, Ignacio Lázaro, and Elena Garc'ia. 2020. An IoT Platform towards the Enhancement of Poultry Production Chains. Sensors, Vol. 20, 6 (2020), 1549.

[21]

Dario Faggioli, Fabio Checconi, Michael Trimarchi, and Claudio Scordino. 2009. An EDF scheduling class for the Linux kernel. In Real-Time Linux Wkshp .

[22]

A. Ghassami, X. Gong, and N. Kiyavash. 2015. Capacity limit of queueing timing channel in shared FCFS schedulers. In 2015 IEEE International Symposium on Information Theory (ISIT). 789--793. https://doi.org/10.1109/ISIT.2015.7282563

[23]

Xun Gong and Negar Kiyavash. 2016. Quantifying the Information Leakage in Timing Side Channels in Deterministic Work-conserving Schedulers. IEEE/ACM Trans. Netw., Vol. 24, 3 (June 2016), 1841--1852. https://doi.org/10.1109/TNET.2015.2438860

Digital Library

[24]

Miguel Grinberg. 2018. Flask web development: developing web applications with python ." O'Reilly Media, Inc.".

[25]

Jiaxi Gu, Jiliang Wang, Zhiwen Yu, and Kele Shen. 2019. Traffic-Based Side-Channel Attack in Video Streaming. IEEE/ACM Transactions on Networking, Vol. 27, 3 (2019), 972--985.

Digital Library

[26]

Jeffery Hansen, Scott A Hissam, and Gabriel A Moreno. 2009. Statistical-based wcet estimation and validation. In Proceedings of the 9th Intl. Workshop on Worst-Case Execution Time (WCET) Analysis .

[27]

Monowar Hasan, Sibin Mohan, Rakesh B Bobba, and Rodolfo Pellizzoni. 2016. Exploring opportunistic execution for integrating security into legacy hard real-time systems. In 2016 IEEE Real-Time Systems Symposium (RTSS). IEEE, 123--134.

[28]

Jianping He and Lin Cai. 2016. Differential private noise adding mechanism and its application on consensus. arXiv preprint arXiv:1611.08936 (2016).

[29]

Naoise Holohan, Spiros Antonatos, Stefano Braghin, and Pól Mac Aonghusa. 2018. The bounded Laplace mechanism in differential privacy. arXiv preprint arXiv:1808.10410 (2018).

[30]

Zhenqi Huang, Yu Wang, Sayan Mitra, and Geir E Dullerud. 2014. On the cost of differential privacy in distributed control systems. In Proceedings of the 3rd international conference on High confidence networked systems. 105--114.

Digital Library

[31]

Aini Hussain, M. A. Hannan, Azah Mohamed, Hilmi Sanusi, and A. K. Ariffin. 2006. Vehicle crash analysis for airbag deployment decision. International Journal of Automotive Technology, Vol. 7, 2 (2006), 179--185.

[32]

Damir Isovic. 2001. Handling Sporadic Tasks in Real-time Systems: Combined Offline and Online Approach .M"alardalen University.

[33]

Ke Jiang, L. Batina, P. Eles, and Zebo Peng. 2014. Robustness Analysis of Real-Time Scheduling Against Differential Power Analysis Attacks. In 2014 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). 450--455. https://doi.org/10.1109/ISVLSI.2014.11

Digital Library

[34]

S. Kadloor, N. Kiyavash, and P. Venkitasubramaniam. 2016. Mitigating Timing Side Channel in Shared Schedulers. IEEE/ACM Transactions on Networking, Vol. 24, 3 (June 2016), 1562--1573. https://doi.org/10.1109/TNET.2015.2418194

Digital Library

[35]

Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage. 2010. Experimental Security Analysis of a Modern Automobile. In Security and Privacy (SP), 2010 IEEE Symposium on. 447 --462. https://doi.org/10.1109/SP.2010.34

Digital Library

[36]

Kristin Krü ger, Marcus Vö lp, and Gerhard Fohler. 2018. Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems. In 30th Euromicro Conference on Real-Time Systems (ECRTS). 22:1--22:17. https://doi.org/10.4230/LIPIcs.ECRTS.2018.22

[37]

Ben Lickly, Isaac Liu, Sungjun Kim, Hiren D. Patel, Stephen A. Edwards, and Edward A. Lee. 2008. Predictable Programming on a Precision Timed Architecture. In Proceedings of the 2008 International Conference on Compilers, Architectures and Synthesis for Embedded Systems. 137--146.

[38]

Bruno Monteiro Rocha Lima, Luiz Claudio Sampaio Ramos, Thiago Eustaquio Alves de Oliveira, Vinicius Prado da Fonseca, and Emil M Petriu. 2019. Heart Rate Detection Using a Multimodal Tactile Sensor and a Z-score Based Peak Detection Algorithm. CMBES Proceedings, Vol. 42 (2019).

[39]

C. L. Liu and J. W. Layland. 1973. Scheduling algorithms for multiprogramming in a hard real-time environment. J. ACM (1973).

[40]

Fang Liu. 2016. Statistical Properties of Sanitized Results from Differentially Private Laplace Mechanism with Univariate Bounding Constraints. arXiv preprint arXiv:1607.08554 (2016).

[41]

Fang Liu. 2018. Generalized gaussian mechanism for differential privacy. IEEE Transactions on Knowledge and Data Engineering, Vol. 31, 4 (2018), 747--756.

Digital Library

[42]

Songran Liu, Nan Guan, Dong Ji, Weichen Liu, Xue Liu, and Wang Yi. 2019. Leaking your engine speed by spectrum analysis of real-Time scheduling sequences. Journal of Systems Architecture (2019).

[43]

Chenyang Lu, John A Stankovic, Sang H Son, and Gang Tao. 2002. Feedback control real-time scheduling: Framework, modeling, and algorithms. Real-Time Systems, Vol. 23, 1--2 (2002), 85--126.

Digital Library

[44]

Pau Marti, Caixue Lin, Scott A Brandt, Manel Velasco, and Josep M Fuertes. 2004. Optimal state feedback based resource allocation for resource-constrained control tasks. In 25th IEEE International Real-Time Systems Symposium. IEEE, 161--172.

Digital Library

[45]

Frank J Massey Jr. 1951. The Kolmogorov-Smirnov test for goodness of fit. Journal of the American statistical Association, Vol. 46, 253 (1951), 68--78.

[46]

Frank D McSherry. 2009. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In Proceedings of the 2009 ACM SIGMOD International Conference on Management of data. 19--30.

Digital Library

[47]

Byungho Min and Vijay Varadharajan. 2014. Design and Analysis of Security Attacks against Critical Smart Grid Infrastructures. 2014 19th International Conference on Engineering of Complex Computer Systems, Vol. 0 (2014), 59--68. https://doi.org/10.1109/ICECCS.2014.16

Digital Library

[48]

Mitra Nasri, Thidapat Chantem, Gedare Bloom, and Ryan M Gerdes. 2019. On the Pitfalls and Vulnerabilities of Schedule Randomization against Schedule-Based Attacks. In 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 103--116.

[49]

R. Pellizzoni, N. Paryab, M. Yoon, S. Bak, S. Mohan, and R. B. Bobba. 2015. A generalized model for preventing information leakage in hard real-time systems. In 21st IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS). 271--282. https://doi.org/10.1109/RTAS.2015.7108450

[50]

David Schneider. 2015. Jeep Hacking 101. IEEE Spectrum (Aug 2015). http://spectrum.ieee.org/cars-that-think/transportation/systems/jeep-hacking-101.

[51]

Michael Schwarz, Moritz Lipp, Daniel Gruss, Samuel Weiser, Clémentine Maurice, Raphael Spreitzer, and Stefan Mangard. 2018. Keydrown: Eliminating software-based keystroke timing side-channel attacks. In Network and Distributed System Security Symposium. Internet Society.

[52]

D. Shepard, J. Bhatti, and T. Humphreys. 2012. Drone Hack: Spoofing Attack Demonstration on a Civilian Unmanned Aerial Vehicle. GPS World (August 2012).

[53]

Joon Son and Alves-Foss. 2006. Covert Timing Channel Analysis of Rate Monotonic Real-Time Scheduling Algorithm in MLS Systems. In 2006 IEEE Information Assurance Workshop. 361--368. https://doi.org/10.1109/IAW.2006.1652117

[54]

Hugo Teso. 2013. Aicraft Hacking. In Fourth Annual HITB Security Conference in Europe .

[55]

Nick Tsalis, Efstratios Vasilellis, Despina Mentzelioti, and Theodore Apostolopoulos. 2019. A Taxonomy of Side Channel Attacks on Critical Infrastructures and Relevant Systems. In Critical Infrastructure Security and Resilience. Springer, 283--313.

[56]

Marcus Völp, Claude-Joachim Hamann, and Hermann H"artig. 2008. Avoiding Timing Channels in Fixed-priority Schedulers. In Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS) (Tokyo, Japan). 44--55. https://doi.org/10.1145/1368310.1368320

Digital Library

[57]

Nils Vreman, Richard Pates, Kristin Krüger, Gerhard Fohler, and Martina Maggio. 2019. Minimizing Side-Channel Attack Vulnerability via Schedule Randomization. In 2019 IEEE 58th Conference on Decision and Control (CDC). IEEE, 2928--2933.

Digital Library

[58]

M. Völp, B. Engel, C. Hamann, and H. Härtig. 2013. On confidentiality-preserving real-time locking protocols. In 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS). 153--162. https://doi.org/10.1109/RTAS.2013.6531088

Digital Library

[59]

Yu Wang, Zhenqi Huang, Sayan Mitra, and Geir E Dullerud. 2017. Differential privacy in linear distributed control systems: Entropy minimizing mechanisms and performance tradeoffs. IEEE Transactions on Control of Network Systems, Vol. 4, 1 (2017), 118--130.

[60]

Reinhard Wilhelm, Jakob Engblom, Andreas Ermedahl, Niklas Holsti, Stephan Thesing, David Whalley, Guillem Bernat, Christian Ferdinand, Reinhold Heckmann, Tulika Mitra, Frank Mueller, Isabelle Puaut, Peter Puschner, Jan Staschulat, and Per Stenström. 2008. The Worst-Case Execution-Time Problem-Overview of Methods and Survey of Tools. ACM Transactions on Embedded Computing Systems, Vol. 7, 3, Article 36 (May 2008), bibinfonumpages53 pages. https://doi.org/10.1145/1347375.1347389

Digital Library

[61]

M. Yoon, S. Mohan, C. Chen, and L. Sha. 2016. TaskShuffler: A Schedule Randomization Protocol for Obfuscation against Timing Inference Attacks in Real-Time Systems. In 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS). 1--12. https://doi.org/10.1109/RTAS.2016.7461362

[62]

Man-Ki Yoon, Bo Liu, Naira Hovakimyan, and Lui Sha. 2017. VirtualDrone: virtual sensing, actuation, and communication for attack-resilient unmanned aerial systems. In Proceedings of the 8th International Conference on Cyber-Physical Systems. ACM, 143--154.

Digital Library

[63]

Man-Ki Yoon, Mengqi Liu, Hao Chen, Jung-Eun Kim, and Zhong Shao. 2021. Blinder: Partition-Oblivious Hierarchical Scheduling. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association. https://www.usenix.org/conference/usenixsecurity21/presentation/yoon

[64]

Yuting Zhang and Richard West. 2006. Process-Aware Interrupt Scheduling and Accounting. In Proc. of the 27th IEEE International Real-Time Systems Symposium .

Digital Library

Cited By

Lu PZhang LLiu MSridhar KSokolsky OKong FLee I(2024)Recovery from Adversarial Attacks in Cyber-physical Systems: Shallow, Deep, and Exploratory WorksACM Computing Surveys10.1145/365397456:8(1-31)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3653974
Hao SHe JLi WLi TYang GFang WChen W(2024)CSCAD: An adaptive LightGBM algorithm to detect cache side-channel attacksFuture Generation Computer Systems10.1016/j.future.2024.07.018Online publication date: Jul-2024
https://doi.org/10.1016/j.future.2024.07.018
Chen JWang TZhang ZZhang YJha SLi Z(2023)Differentially Private Resource AllocationProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627181(772-786)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627181
Show More Cited By

Index Terms

Indistinguishability Prevents Scheduler Side Channels in Real-Time Systems
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Scheduler Side-Channels in Preemptive Real-Time Systems: Attack and Defense Techniques
Experimental Evaluation of a Real-Time Scheduler for a Multiprocessor System

A description is given of the design, implementation, and experimental evaluation of a multiprocessor scheduler used with robotics applications and other real-time programs. The scheduler makes decisions concerning both the assignment of processes and ...
A Pre-Run-Time Scheduling Algorithm for Hard Real-Time Systems

Process scheduling, an important issue in the design and maintenance of hard real-time systems, is discussed. A pre-run-time scheduling algorithm that addresses the problem of process sequencing is presented. The algorithm is designed for multiprocessor ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

November 2021

3558 pages

ISBN:9781450384544

DOI:10.1145/3460120

General Chairs:
Yongdae Kim
KAIST, Republic of Korea
,
Jong Kim
POSTECH, Republic of Korea
,
Program Chairs:
Giovanni Vigna
University of California, Santa Barbara / VMware, USA
,
Elaine Shi
Carnegie Mellon University, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

CCS '21

Sponsor:

SIGSAC

CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security

November 15 - 19, 2021

Virtual Event, Republic of Korea

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
499
Total Downloads

Downloads (Last 12 months)141
Downloads (Last 6 weeks)20

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lu PZhang LLiu MSridhar KSokolsky OKong FLee I(2024)Recovery from Adversarial Attacks in Cyber-physical Systems: Shallow, Deep, and Exploratory WorksACM Computing Surveys10.1145/365397456:8(1-31)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3653974
Hao SHe JLi WLi TYang GFang WChen W(2024)CSCAD: An adaptive LightGBM algorithm to detect cache side-channel attacksFuture Generation Computer Systems10.1016/j.future.2024.07.018Online publication date: Jul-2024
https://doi.org/10.1016/j.future.2024.07.018
Chen JWang TZhang ZZhang YJha SLi Z(2023)Differentially Private Resource AllocationProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627181(772-786)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627181
Ren JLiu CLin CBi RLi SWang ZQian YZhao ZTan G(2023)Protection Window Based Security-Aware Scheduling against Schedule-Based AttacksACM Transactions on Embedded Computing Systems10.1145/360909822:5s(1-22)Online publication date: 9-Sep-2023
https://dl.acm.org/doi/10.1145/3609098
Wang JLi ALi HLu CZhang N(2022)RT-TEE: Real-time System Availability for Cyber-physical Systems using ARM TrustZone2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833604(352-369)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833604

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents