research-article

Beyond Just Safety: Delay-aware Security Monitoring for Real-time Control Systems

Authors:

Rakesh B. Bobba,

Rodolfo PellizzoniAuthors Info & Claims

ACM Transactions on Cyber-Physical Systems (TCPS), Volume 6, Issue 3

Article No.: 22, Pages 1 - 25

https://doi.org/10.1145/3520136

Published: 07 September 2022 Publication History

Abstract

Modern embedded real-time systems (RTS) are increasingly facing more security threats than the past. A simplistic straightforward integration of security mechanisms might not be able to guarantee the safety and predictability of such systems. In this article, we focus on integrating security mechanisms into RTS (especially legacy RTS). We introduce Contego-C, an analytical model to integrate security tasks into RTS that will allow system designers to improve the security posture without affecting temporal and control constraints of the existing real-time control tasks. We also define a metric (named tightness of periodic monitoring) to measure the effectiveness of such integration. We demonstrate our ideas using a proof-of-concept implementation on an ARM-based rover platform and show that Contego-C can improve security without degrading control performance.

References

[1]

Monowar Hasan, Sibin Mohan, Rakesh B. Bobba, and Rodolfo Pellizzoni. 2016. Exploring opportunistic execution for integrating security into legacy hard real-time systems. In IEEE RTSS. 123–134.

[2]

Marshall Abrams and Joe Weiss. 2008. Malicious control system cyber security attack case study—Maroochy Water Services, Australia. The MITRE Corporation, McLean, VA.https://www.mitre.org/sites/default/files/pdf/08_1145.pdf.

[3]

Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, Tadayoshi Kohno, et al. 2011. Comprehensive experimental analyses of automotive attack surfaces. In USENIX Security Symposium.

Digital Library

[4]

Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, et al. 2010. Experimental security analysis of a modern automobile. In IEEE S&P. 447–462.

[5]

Shane S. Clark and Kevin Fu. 2011. Recent results in computer security for medical devices. In MobiHealth. 111–118.

[6]

Nicolas Falliere, Liam O. Murchu, and Eric Chien. 2011. W32. Stuxnet Dossier. White paper, Symantec Corp., Secur. Resp. 5 (2011), 6.

[7]

Robert M. Lee, Michael J. Assante, and Tim Conway. 2016. Analysis of the cyber attack on the Ukrainian power grid. SANS Industr. Contr. Syst. (2016).

[8]

Man Lin, Li Xu, Laurence T. Yang, Xiao Qin, Nenggan Zheng, Zhaohui Wu, and Meikang Qiu. 2009. Static security optimization for real-time systems. IEEE Trans. Industr. Inf. 5, 1 (2009), 22–37.

[9]

Tao Xie and Xiao Qin. 2007. Improving security for periodic tasks in embedded systems through scheduling. ACM Trans. Embed. Comput. Syst. 6, 3 (2007), 20.

Digital Library

[10]

Vuk Lesi, Ilija Jovanov, and Miroslav Pajic. 2017. Network scheduling for secure cyber-physical systems. In IEEE RTSS. 45–55.

[11]

Vuk Lesi, Ilija Jovanov, and Miroslav Pajic. 2017. Security-aware scheduling of embedded control tasks. ACM Trans. Embed. Comput. Syst. 16 (2017), 188:1–188:21.

Digital Library

[12]

Monowar Hasan, Sibin Mohan, Rodolfo Pellizzoni, and Rakesh B. Bobba. 2017. Contego: An adaptive framework for integrating security tasks in real-time systems. In Euromicro ECRTS. 23:1–23:22.

[13]

Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Jung-Eun Kim, and Lui Sha. 2013. SecureCore: A multicore-based intrusion detection architecture for real-time embedded systems. In IEEE RTAS. 21–32.

[14]

Sibin Mohan, Stanley Bak, Emiliano Betti, Heechul Yun, Lui Sha, and Marco Caccamo. 2013. S3A: Secure system simplex architecture for enhanced security and robustness of cyber-physical systems. In ACM HiCoNS. ACM, 65–74.

[15]

Jiguo Song, Gerald Fry, Curt Wu, and Gabriel Parmer. 2016. CAML: Machine learning-based predictable system-level anomaly detection. In IEEE CERTS. 12–18.

[16]

Tripwire. Retrieved from https://github.com/Tripwire/tripwire-open-source.

[17]

Advanced Intrusion Detection Environment (AIDE). Retrieved from http://aide.sourceforge.net/.

[18]

The Bro Network Security Monitor. Retrieved from https://www.bro.org.

[19]

Martin Roesch. 1999. Snort—Lightweight intrusion detection for networks. In USENIX Conference on Systems Administration.229–238.

[20]

Lai Leng Woo, Mark Zwolinski, and Basel Halak. 2018. Early detection of system-level anomalous behaviour using hardware performance counters. In DATE. 485–490.

[21]

Vincent M. Weaver. 2013. Linux perf_event features and overhead. In IEEE FastPath.

[22]

OProfile. Retrieved from http://oprofile.sourceforge.net/.

[23]

Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2009. Anomaly detection: A survey. ACM Comput. Surv. 41, 3 (2009), 15.

Digital Library

[24]

Man-Ki Yoon, Sibin Mohan, Jaesik Choi, and Lui Sha. 2015. Memory heat map: Anomaly detection in real-time embedded systems using memory behavior. In ACM/EDAC/IEEE DAC. 1–6.

[25]

Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Mihai Christodorescu, and Lui Sha. 2017. Learning execution contexts from system call distribution for anomaly detection in smart embedded system. In ACM/IEEE IoTDI. 191–196.

[26]

Sanjoy K. Baruah, Alan Burns, and Robert I. Davis. 2011. Response-time analysis for mixed criticality systems. In IEEE RTSS. 34–43.

[27]

Steve Vestal. 2007. Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance. In IEEE RTSS. 239–243.

[28]

Chung Laung Liu and James W. Layland. 1973. Scheduling algorithms for multiprogramming in a hard-real-time environment. J. ACM 20, 1 (1973), 46–61.

Digital Library

[29]

Ken W. Tindell, Alan Burns, and Andy J. Wellings. 1994. An extendible approach for analyzing fixed priority hard real-time tasks. Real-time Syst. J. 6, 2 (1994), 133–151.

Digital Library

[30]

Emanuel Todorov. 2006. Optimal control theory. Bayesian Brain: Probabilistic Approaches to Neural Coding. The MIT Press, Cambridge, 269–298.

[31]

Anton Cervin, Johan Eker, Bo Bernhardsson, and Karl-Erik Årzén. 2002. Feedback-feedforward scheduling of control tasks. Real-time Syst. J. 23, 1–2 (2002), 25–53.

Digital Library

[32]

Enrico Bini and Anton Cervin. 2008. Delay-aware period assignment in control systems. In IEEE RTSS. 291–300.

[33]

Yang Xu, Karl-Erik Årzén, Enrico Bini, and Anton Cervin. 2014. Response time driven design of control systems. IFAC Proc. 47, 3 (2014), 6098–6104.

[34]

Yifan Wu, Giorgio Buttazzo, Enrico Bini, and Anton Cervin. 2010. Parameter selection for real-time controllers in resource-constrained systems. IEEE Trans. Industr. Inf. 6, 4 (2010), 610–620.

[35]

John P. Lehoczky. 1990. Fixed priority scheduling of periodic task sets with arbitrary deadlines. In IEEE RTSS. 201–209.

[36]

Lui Sha. 2001. Using simplicity to control complexity. IEEE Softw. 18, 4 (2001), 20–28.

Digital Library

[37]

X. Wang, N. Hovakimyan, and L. Sha. 2013. L1Simplex: Fault-tolerant control of cyber-physical systems. In ACM/IEEE ICCPS. 41–50.

[38]

Sibin Mohan, Man-Ki Yoon, Rodolfo Pellizzoni, and Rakesh B. Bobba. 2016. Integrating security constraints into fixed priority real-time schedulers. Real-time Syst. J. 52, 5 (2016), 644–674.

Digital Library

[39]

Xia Zhang, Jinyu Zhan, Wei Jiang, Yue Ma, and Ke Jiang. 2013. Design optimization of security-sensitive mixed-criticality real-time embedded systems. In IEEE ReTiMiCS.

[40]

Ke Jiang, Petru Eles, and Zebo Peng. 2013. Optimization of secure embedded systems with dynamic task sets. In DATE. 1765–1770.

[41]

Sibin Mohan. 2008. Worst-case execution time analysis of security policies for deeply embedded real-time systems. ACM SIGBED Rev. 5, 1 (2008), 8.

Digital Library

[42]

Neil Audsley, Alan Burns, Mike Richardson, Ken Tindell, and Andy J. Wellings. 1993. Applying new scheduling theory to static priority pre-emptive scheduling. Softw. Eng. J. 8, 5 (1993), 284–292.

[43]

Man-Ki Yoon, Jung-Eun Kim, Richard Bradford, and Lui Sha. 2013. Holistic design parameter optimization of multiple periodic resources in hierarchical scheduling. In DATE. 1313–1318.

[44]

Stephen Boyd, Seung-Jean Kim, Lieven Vandenberghe, and Arash Hassibi. 2007. A tutorial on geometric programming. Opt. Eng. 8, 1 (2007), 67–127.

[45]

Stephen Boyd and Lieven Vandenberghe. 2004. Convex Optimization. https://readthedocs.org.

[46]

Edward Burnell and Warren Hoburg. 2017. GPkit software for geometric programming. Retrieved from https://github.com/hoburg/gpkit.

[47]

Almir Mutapcic, Kwangmoo Koh, Seungjean Kim, Lieven Vandenberghe, and Stephen Boyd. 2006. GGPLAB: A simple Matlab toolbox for geometric programming. Retrieved from https://stanford.edu/boyd/ggplab/.

[48]

Alphabot2 wiki. Retrieved from https://www.waveshare.com/wiki/AlphaBot2-Pi.

[49]

Raspberry Pi 3 Model B. Retrieved from https://www.raspberrypi.org/products/raspberry-pi-3-model-b/.

[50]

Luotao Fu and Robert Schwebel. Real-time Linux Wiki. Retrieved from https://rt.wiki.kernel.org/index.php/rt_preempt_howto.

[51]

Reinhard Wilhelm, Jakob Engblom, Andreas Ermedahl, Niklas Holsti, Stephan Thesing, David Whalley, Guillem Bernat, Christian Ferdinand, Reinhold Heckmann, Tulika Mitra, et al. 2008. The worst-case execution-time problem–Overview of methods and survey of tools. ACM Trans. Embed. Comput. Syst. 7, 3 (2008), 36.

Digital Library

[52]

Lieven Vandenberghe. 2010. The CVXOPT linear and quadratic cone program solvers. Retrieved from http://cvxopt.org/documentation/coneprog.pdf.

[53]

Sibin Mohan, Man-Ki Yoon, Rodolfo Pellizzoni, and Rakesh B. Bobba. 2014. Real-time systems security through scheduler constraints. In Euromicro ECRTS. 129–140.

[54]

Enrico Bini and Giorgio C. Buttazzo. 2005. Measuring the performance of schedulability tests. Real-time Syst. J. 30, 1-2 (2005), 129–154.

Digital Library

[55]

Katsuhiko Ogata. 2010. Modern Control Engineering (5th ed.). Prentice Hall.

[56]

Control tutorials for MATLAB and Simulink. Retrieved from http://ctms.engin.umich.edu/CTMS/.

[57]

Bo Lincoln and Anton Cervin. 2002. Jitterbug: A tool for analysis of real-time control performance. In IEEE CDC, Vol. 2. 1319–1324.

[58]

Eric Jones, Travis Oliphant, Pearu Peterson, et al. SciPy: Open Source Scientific Tools for Python. Retrieved from http://www.scipy.org/.

[59]

Andrea Bastoni, Björn Brandenburg, and James Anderson. 2010. Cache-related preemption and migration delays: Empirical approximation and impact on schedulability. OSPERT (2010), 33–44. https://www.cs.unc.edu/anderson/papers/ospert10.pdf.

[60]

Neil C. Audsley. 2001. On priority assignment in fixed priority scheduling. Inf. Process. Lett. 79, 1 (2001), 39–44.

Digital Library

[61]

Rob Davis and Alan Burns. 2008. An investigation into server parameter selection for hierarchical fixed priority pre-emptive systems. In IEEE RTNS.

[62]

Monowar Hasan, Sibin Mohan, Rodolfo Pellizzoni, and Rakesh B. Bobba. 2018. A design-space exploration for allocating security tasks in multicore real-time systems. In DATE. 225–230.

[63]

Robert I. Davis and Alan Burns. 2011. A survey of hard real-time scheduling for multiprocessor systems. ACM Comput. Surv. 43, 4 (2011).

Digital Library

[64]

Alan Burns and Robert I. Davis. 2018. A survey of research into mixed criticality systems. ACM Comput. Surv. 50, 6 (2018), 82.

Digital Library

[65]

Robert I. Davis, Liliana Cucu-Grosjean, Marko Bertogna, and Alan Burns. 2016. A review of priority assignment in real-time systems. J. Syst. Archit. 65 (2016), 64–82.

Digital Library

[66]

José Simó, Patricia Balbastre, Juan Francisco Blanes, José-Luis Poza-Luján, and Ana Guasque. 2021. The role of mixed criticality technology in industry 4.0. Electronics 10, 3 (2021), 226.

[67]

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, and Eduardo Tovar. 2015. How realistic is the mixed-criticality real-time system model? In ACM RTNS. 139–148.

[68]

Hongxia Chai, Gongxuan Zhang, Jin Sun, Ahmadreza Vajdi, Jing Hua, and Junlong Zhou. 2019. A review of recent techniques in mixed-criticality systems. J. Circ., Syst. Comput. 28, 07 (2019), 1930007.

[69]

G. de A. Lima and Alan Burns. 2003. An optimal fixed-priority assignment algorithm for supporting fault-tolerant hard real-time systems. IEEE Trans. Comput. 52, 10 (2003), 1332–1346.

Digital Library

[70]

Yecheng Zhao and Haibo Zeng. 2017. The concept of unschedulability core for optimizing priority assignment in real-time systems. In IEEE DATE. 232–237.

[71]

ACM LCTES. 1998. Priority assignment for embedded reactive real-time systems. In Languages, Compilers, and Tools for Embedded Systems. Felice Balarin, 146–155.

[72]

Robert I. Davis and Alan Burns. 2007. Robust priority assignment for fixed priority real-time systems. In IEEE RTSS. 3–14.

[73]

Amir Aminifar, Petru Eles, Zebo Peng, and Anton Cervin. 2013. Control-quality driven design of cyber-physical systems with robustness guarantees. In DATE. 1093–1098.

[74]

Abhijit Davare, Qi Zhu, Marco Di Natale, Claudio Pinello, Sri Kanajan, and Alberto Sangiovanni-Vincentelli. 2007. Period optimization for hard real-time distributed automotive systems. In ACM DAC. 278–283.

[75]

Ken Tindell, H. Hanssmon, and Andy J. Wellings. 1994. Analysing real-time communications: Controller area network (CAN). In IEEE RTSS. 259–263.

[76]

Chongxi Bao and Ankur Srivastava. 2014. A secure algorithm for task scheduling against side-channel attacks. In TrustED. ACM, 3–12.

[77]

Man-Ki Yoon, Sibin Mohan, Chien-Ying Chen, and Lui Sha. 2016. TaskShuffler: A schedule randomization protocol for obfuscation against timing inference attacks in real-time systems. In IEEE RTAS. 1–12.

[78]

Daniel Lo, Mohamed Ismail, Tao Chen, and G. Edward Suh. 2014. Slack-aware opportunistic monitoring for real-time systems. In IEEE RTAS. 203–214.

[79]

Fardin Abdi, Monowar Hasan, Sibin Mohan, Disha Agarwal, and Marco Caccamo. 2016. ReSecure: A restart-based security protocol for tightly actuated hard real-time systems. In IEEE CERTS. 47–54.

[80]

F. Abdi, J. V. D. Woude, Y. Lu, S. Bak, M. Caccamo, L. Sha, R. Mancuso, and S. Mohan. 2013. On-chip control flow integrity check for real time embedded systems. In IEEE CPSNA. 26–31.

[81]

Fardin Abdi, Chien-Ying Chen, Monowar Hasan, Songran Liu, Sibin Mohan, and Marco Caccamo. 2018. Guaranteed physical security with restart-based design for cyber-physical systems. In ACM/IEEE ICCPS. 10–21.

Cited By

Matsumoto NIwasawa HSakata TEndoh HSawada KKaneko O(2024)Dependable Connectivity for Cyber–Physical–Human Systems in Open FieldsIEEE Transactions on Consumer Electronics10.1109/TCE.2023.332067270:1(183-196)Online publication date: Mar-2024
https://doi.org/10.1109/TCE.2023.3320672
Połap D(2023)Neuro-heuristic analysis of surveillance video in a centralized IoT systemISA Transactions10.1016/j.isatra.2023.05.024140(402-411)Online publication date: Sep-2023
https://doi.org/10.1016/j.isatra.2023.05.024

Index Terms

Beyond Just Safety: Delay-aware Security Monitoring for Real-time Control Systems
1. Computer systems organization
  1. Embedded and cyber-physical systems
    1. Embedded systems

Recommendations

Impact of Adding Security to Safety-Critical Real-Time Systems: A Case Study
COMPSACW '11: Proceedings of the 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops

With the proliferation of complex interconnected embedded systems there is a need to ensure a level of security for those systems such that end-users will trust them to perform their required functions safely and securely. Incorporating security into a ...
Poster Abstract: Securing Edge-Based Real-Time IoT Systems
SenSys '23: Proceedings of the 21st ACM Conference on Embedded Networked Sensor Systems

The advent of the Internet of Things (IoT) has led to an increased demand for security and real-time guarantees in distributed embedded systems comprising the IoT. Securing edge-based systems with limited resources can be especially problematic due to ...
Improving SCADA control systems security with software vulnerability analysis
ACMOS'10: Proceedings of the 12th WSEAS international conference on Automatic control, modelling & simulation

Cyber security threats and attacks are greatly affecting the security of critical infrastructure, industrial control systems, and Supervisory Control and Data Acquisition (SCADA) control systems. Despite growing awareness of security issues especially ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Cyber-Physical Systems

ACM Transactions on Cyber-Physical Systems Volume 6, Issue 3

July 2022

251 pages

ISSN:2378-962X

EISSN:2378-9638

DOI:10.1145/3551653

Editor:
Chenyang Lu
Washington University in St. Louis, USA

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 07 September 2022

Online AM: 26 March 2022

Accepted: 01 February 2022

Revised: 01 August 2021

Received: 01 January 2021

Published in TCPS Volume 6, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
248
Total Downloads

Downloads (Last 12 months)85
Downloads (Last 6 weeks)1

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Matsumoto NIwasawa HSakata TEndoh HSawada KKaneko O(2024)Dependable Connectivity for Cyber–Physical–Human Systems in Open FieldsIEEE Transactions on Consumer Electronics10.1109/TCE.2023.332067270:1(183-196)Online publication date: Mar-2024
https://doi.org/10.1109/TCE.2023.3320672
Połap D(2023)Neuro-heuristic analysis of surveillance video in a centralized IoT systemISA Transactions10.1016/j.isatra.2023.05.024140(402-411)Online publication date: Sep-2023
https://doi.org/10.1016/j.isatra.2023.05.024

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View full text|Download PDF

View Issue’s Table of Contents