research-article

System Auditing for Real-Time Systems

Authors:

Anant Kandikuppa,

Chien-Ying Chen,

Sibin MohanAuthors Info & Claims

ACM Transactions on Privacy and Security, Volume 26, Issue 4

Article No.: 50, Pages 1 - 37

https://doi.org/10.1145/3625229

Published: 13 November 2023 Publication History

Abstract

System auditing is an essential tool for detecting malicious events and conducting forensic analysis. Although used extensively on general-purpose systems, auditing frameworks have not been designed with consideration for the unique constraints and properties of Real-Time Systems (RTS). System auditing could provide tremendous benefits for security-critical RTS. However, a naive deployment of auditing on RTS could violate the temporal requirements of the system while also rendering auditing incomplete and ineffectual. To ensure effective auditing that meets the computational needs of recording complete audit information while adhering to the temporal requirements of the RTS, it is essential to carefully integrate auditing into the real-time (RT) schedule.

This work adapts the Linux Audit framework for use in RT Linux by leveraging the common properties of such systems, such as special purpose and predictability. Ellipsis, an efficient system for auditing RTS, is devised that learns the expected benign behaviors of the system and generates succinct descriptions of the expected activity. Evaluations using varied RT applications show that Ellipsis reduces the volume of audit records generated during benign activity by up to 97.55% while recording detailed logs for suspicious activities. Empirical analyses establish that the auditing infrastructure adheres to the properties of predictability and isolation that are important to RTS. Furthermore, the schedulability of RT tasksets under audit is comprehensively analyzed to enable the safe integration of auditing in RT task schedules.

References

[1]

Red Hat. 2018. System Auditing. Retrieved September 30, 2023 from https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap-system_auditing

[2]

Raspberry Pi. 2019. Raspberry Pi 4 Model B. Retrieved September 30, 2023 from https://www.raspberrypi.org/products/raspberry-pi-4-model-b/

[3]

GitHub. 2019. Raspberry Pi Linux 4.19 Preempt RT. Retrieved September 30, 2023 from https://github.com/raspberrypi/linux/tree/rpi-4.19.y-rt

[4]

Debian. 2020. Auditctl. Retrieved September 30, 2023 from https://manpages.debian.org/buster/auditd/auditctl.8.en.html

[5]

Motion Project. 2021. Motion. Retrieved September 30, 2023 from https://motion-project.github.io/

[6]

Navio2. 2021. Navio2 Board. Retrieved September 30, 2023 from https://navio2.emlid.com/

[7]

FreeRTOS. 2023. FreeRTOS: Real-time operating system for microcontrollers. Retrieved September 30, 2023 from https://freertos.org/

[8]

RTCA (Firm). 1992. Software Considerations in Airborne Systems and Equipment Certification. SC 167. RTCA Inc.

[9]

Benny Akesson, Mitra Nasri, Geoffrey Nelissen, Sebastian Altmeyer, and Robert Ian Davis. 2020. An empirical survey-based study into industry practice in real-time systems. In Proceedings of the 2020 IEEE Real-Time Systems Symposium. IEEE, Los Alamitos, CA.

[10]

Azza Allouch, Omar Cheikhrouhou, Anis Koubâa, Mohamed Khalgui, and Tarek Abbes. 2019. MAVSec: Securing the MAVLink protocol for ArduPilot/PX4 unmanned aerial systems. In Proceedings of the 2019 15th International Wireless Communications and Mobile Computing Conference (IWCMC’19). IEEE, Los Alamitos, CA.

[11]

R. Altawy and A. M. Youssef. 2016. Security tradeoffs in cyber physical systems: A case study survey on implantable medical devices. IEEE Access 4 (2016), 959–979. DOI:

[12]

Mike Anderson. 2020. Securing Embedded Linux. Retrieved September 30, 2023 from https://elinux.org/images/5/54/Manderson4.pdf

[13]

ArduCam. 2009. Arducam 5MP OV5647 1080p Mini Camera Module for Raspberry Pi 4/3B+/3. Retrieved November 1, 2022 from https://www.arducam.com/product/arducam-ov5647-standard-raspberry-pi-camera-b0033/

[14]

ArduPilot Development Team and Community. 2020. ArduPilot. Retrieved September 30, 2023 from https://ardupilot.org/

[15]

Ayoosh Bansal, Anant Kandikuppa, Chien-Ying Chen, Monowar Hasan, Adam Bates, and Sibin Mohan. 2022. Towards efficient auditing for real-time systems. In Proceedings of the European Symposium on Research in Computer Security. 614–634.

Digital Library

[16]

Sanjoy Baruah. 2007. Techniques for multiprocessor global schedulability analysis. In Proceedings of the 28th IEEE International Real-Time Systems Symposium (RTSS’07). IEEE, Los Alamitos, CA, 119–128.

Digital Library

[17]

Adam Bates, Kevin R. B. Butler, and Thomas Moyer. 2015. Take only what you need: Leveraging mandatory access control policy to reduce provenance storage costs. In Proceedings of the 7th Workshop on the Theory and Practice of Provenance (TaPP’15).

[18]

Adam Bates, Dave Tian, Kevin R. B. Butler, and Thomas Moyer. 2015. Trustworthy whole-system provenance for the linux kernel. In Proceedings of 24th USENIX Security Symposium.

Digital Library

[19]

Adam Bates, Dave Tian, Grant Hernandez, Thomas Moyer, Kevin R. B. Butler, and Trent Jaeger. 2017. Taming the costs of trustworthy provenance through policy reduction. ACM Transactions on Internet Technology 17, 4 (Sept. 2017), Article 34, 21 pages.

Digital Library

[20]

Y. Ben, Y. Han, N. Cai, W. An, and Z. Xu. 2018. T-Tracker: Compressing system audit log by taint tracking. In Proceedings of the 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS’18). 1–9. DOI:

[21]

He Bin and Amahah Justice. 2009. The design of an unmanned aerial vehicle based on the ArduPilot. Indian Journal of Science and Technology 2, 4 (2009), 12–15.

[22]

Enrico Bini and Giorgio C. Buttazzo. 2005. Measuring the performance of schedulability tests. Real-Time Systems 30, 1-2 (2005), 129–154.

Digital Library

[23]

Klaus Böhm, Tibor Kubjatko, Daniel Paula, and Hans-Georg Schweiger. 2020. New developments on EDR (Event Data Recorder) for automated vehicles. Open Engineering 10, 1 (2020), 140–146.

[24]

Matteo Bordin, Cyrille Comar, Tristan Gingold, Jérôme Guitton, Olivier Hainque, Thomas Quinot, Julien Delange, Jérôme Hugues, and Laurent Pautet. 2009. Couverture: An innovative open framework for coverage analysis of safety critical applications. Ada User Journal 30, 4 (2009), 1–14.

[25]

Ujjayini Bose. 2014. The black box solution to autonomous liability. Washington University Law Review 92 (2014), 1325.

[26]

B. Brandenburg and J. Anderson. 2007. Feather-Trace: A lightweight event tracing toolkit. In Proceedings of the 3rd International Workshop on Operating Systems Platforms for Embedded Real-Time Applications. 19–28.

[27]

Claire Burguiere and Christine Rochange. 2006. History-based schemes and implicit path enumeration. In Proceedings of the 6th International Workshop on Worst-Case Execution Time Analysis (WCET’06).

[28]

Carbon Black. 2018. Global Incident Response Threat Report. Retrieved April 20, 2019 from https://www.carbonblack.com/global-incident-response-threat-report/november-2018/

[29]

Alvaro Cardenas, Saurabh Amin, Bruno Sinopoli, Annarita Giani, Adrian Perrig, and Shankar Sastry. 2009. Challenges for securing cyber physical systems. In Proceedings of the Workshop on Future Directions in Cyber-Physical Systems Security, Vol. 5.

[30]

A. A. Cardenas, S. Amin, and S. Sastry. 2008. Secure control: Towards survivable cyber-physical systems. In Proceedings of the 2008 28th International Conference on Distributed Computing Systems Workshops. 495–500. DOI:

Digital Library

[31]

António Casimiro, Pedro Martins, and Paulo Verissimo. 2000. How to build a timely computing base using real-time Linux. In Proceedings of the 2000 IEEE International Workshop on Factory Communication Systems. IEEE, Los Alamitos, CA, 127–134.

[32]

Chen Chen, Harshal Tushar Lehri, Lay Kuan Loh, Anupam Alur, Limin Jia, Boon Thau Loo, and Wenchao Zhou. 2017. Distributed provenance compression. In Proceedings of the 2017 ACM International Conference on Management of Data. 203–218.

Digital Library

[33]

Chien-Ying Chen, Amiremad Ghassami, Stefan Nagy, Man-Ki Yoon, Sibin Mohan, Negar Kiyavash, Rakesh B. Bobba, and Rodolfo Pellizzoni. 2015. Schedule-Based Side-Channel Attack in Fixed-Priority Real-Time Systems. Technical Report. University of Utah.

[34]

Mei-Hwa Chen, Michael R. Lyu, and W. Eric Wong. 1996. An empirical study of the correlation between code coverage and reliability estimation. In Proceedings of the 3rd International Software Metrics Symposium. IEEE, Los Alamitos, CA, 133–141.

[35]

M.-H. Chen, Michael R. Lyu, and W. Eric Wong. 2001. Effect of code coverage on software reliability measurement. IEEE Transactions on Reliability 50, 2 (2001), 165–170.

[36]

Rodrigo Coelho, Gerhard Fohler, and Jean-Luc Scharbarg. 2017. Upper bound computation for buffer backlog on AFDX networks with multiple priority virtual links. In Proceedings of the Symposium on Applied Computing. 586–593.

Digital Library

[37]

Miguel Correia, Paulo Veríssimo, and Nuno Ferreira Neves. 2002. The design of a COTS real-time distributed security kernel. In Proceedings of the European Dependable Computing Conference. 234–252.

[38]

Casey Crane. 2020. Automotive Cyber Security: A Crash Course on Protecting Cars against Hackers. Retrieved September 30, 2023 from https://www.thesslstore.com/blog/automotive-cyber-security-a-crash-course-on-protecting-cars-against-hackers/

[39]

Robert Day and Michael Slonosky. 2020. Securing connected embedded devices using built-in RTOS security. Military Embedded Systems. Retrieved September 30, 2023 from http://mil-embedded.com/articles/securing-connected-embedded-devices-using-built-in-rtos-security/

[40]

Fabio Del Frate, Praerit Garg, Aditya P. Mathur, and Alberto Pasquini. 1995. On the correlation between code coverage and software reliability. In Proceedings of the 6th International Symposium on Software Reliability Engineering (ISSRE’95). IEEE, Los Alamitos, CA, 124–132.

[41]

Department of Homeland Security. 2020. Cyber Physical Systems Security. Retrieved September 30, 2023 from https://www.dhs.gov/science-and-technology/cpssec

[42]

Stephanie Forrest, Steven Hofmeyr, and Anil Somayaji. 2008. The evolution of system-call monitoring. In Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC’08). IEEE, Los Alamitos, CA, 418–430.

Digital Library

[43]

Peng Gao, Xusheng Xiao, Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Hwan Kim, Sanjeev R. Kulkarni, and Prateek Mittal. 2018. SAQL: A stream-based query system for real-time abnormal system behavior detection. In Proceedings of the 27th USENIX Security Symposium (USENIX Security’18). 639–656. https://www.usenix.org/conference/usenixsecurity18/presentation/gao-peng

[44]

Ashish Gehani and Dawood Tariq. 2012. SPADE: Support for provenance auditing in distributed environments. In Proceedings of the 13th International Middleware Conference (Middleware’12).

[45]

Golsana Ghaemi, Dharmesh Tarapore, and Renato Mancuso. 2021. Governing with insights: Towards profile-driven cache management of black-box applications. In Proceedings of the 33rd Euromicro Conference on Real-Time Systems (ECRTS’21).

[46]

Nan Guan, Meiling Han, Chuancai Gu, Qingxu Deng, and Wang Yi. 2015. Bounding carry-in interference to improve fixed-priority global multiprocessor scheduling analysis. In Proceedings of the 2015 IEEE 21st International Conference on Embedded and Real-Time Computing Systems and Applications. IEEE, Los Alamitos, CA, 11–20.

Digital Library

[47]

Levent Gurgen, Ozan Gunalp, Yazid Benazzouz, and Mathieu Gallissot. 2013. Self-aware cyber-physical systems and applications in smart buildings and cities. In Proceedings of the 2013 Design, Automation, and Test in Europe Conference and Exhibition (DATE’13). IEEE, Los Alamitos, CA, 1149–1154.

[48]

Jan Gustafsson and Andreas Ermedahl. 2007. Experiences from applying WCET analysis in industrial settings. In Proceedings of the 10th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC’07). IEEE, Los Alamitos, CA, 382–392.

Digital Library

[49]

Mounir Hahad. 2020. IoT proliferation and widespread 5G: A perfect botnet storm. SC Media. Retrieved September 30, 2023 from https://www.scmagazine.com/home/opinion/executive-insight/iot-proliferation-and-widespread-5g-a-perfect-botnet-storm/

[50]

Xueyan Han, Thomas Pasqueir, Adam Bates, James Mickens, and Margo Seltzer. 2020. Unicorn: Runtime provenance-based detector for advanced persistent threats. In Proceedings of the 27th ISOC Network and Distributed System Security Symposium (NDSS’20).

[51]

Wajih Ul Hassan, Nuraini Aguse, Mark Lemay, Thomas Moyer, and Adam Bates. 2018. Towards scalable cluster auditing through grammatical inference over provenance graphs. In Proceedings of the 25th ISOC Network and Distributed System Security Symposium.

[52]

Wajih Ul Hassan, Shengjian Guo, Ding Li, Zhengzhang Chen, Kangkook Jee, Zhichun Li, and Adam Bates. 2019. NoDoze: Combatting threat alert fatigue with automated provenance triage. In Proceedings of the 26th ISOC Network and Distributed System Security Symposium (NDSS’19).

[53]

Wajih Ul Hassan, Mohammad Noureddine, Pubali Datta, and Adam Bates. 2020. OmegaLog: High-fidelity attack investigation via transparent multi-layer log analysis. In Proceedings of the 27th ISOC Network and Distributed System Security Symposium (NDSS’20).

[54]

Les Hatton. 2004. Safer language subsets: An overview and a case history, MISRA C. Information and Software Technology 46, 7 (2004), 465–472.

[55]

James Hayes. 2020. Hackers under the hood. IET. Retrieved September 30, 2023 from https://eandt.theiet.org/content/articles/2020/03/hackers-under-the-hood/

[56]

Heike Hofmann, Karen Kafadar, and Hadley Wickham. 2011. Letter-value Plots: Boxplots for Large Data. Technical Report. University of Auckland.

[57]

Steven A. Hofmeyr, Stephanie Forrest, and Anil Somayaji. 1998. Intrusion detection using sequences of system calls. Journal of Computer Security 6, 3 (1998), 151–180.

[58]

Md. Nahid Hossain, Sadegh M. Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, R. Sekar, Scott Stoller, and V. N. Venkatakrishnan. 2017. SLEUTH: Real-time attack scenario reconstruction from COTS audit data. In Proceedings of the 26th USENIX Security Symposium (USENIX Security’17). 487–504. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/hossain

[59]

Md. Nahid Hossain, Junao Wang, R. Sekar, and Scott D. Stoller. 2018. Dependence-preserving data compaction for scalable forensic analysis. In Proceedings of the 27th USENIX Conference on Security Symposium (SEC’18). 1723–1740. http://dl.acm.org/citation.cfm?id=3277203.3277331

Digital Library

[60]

Marko Ivanković, Goran Petrović, René Just, and Gordon Fraser. 2019. Code coverage at Google. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 955–963.

Digital Library

[61]

Md E. Karim and Vir V. Phoha. 2014. Cyber-physical systems security. In Applied Cyber-Physical Systems, Sang C. Suh, U. John Tanik, John N. Carbone, and Abdullah Eroglu (Eds.). Springer, New York, NY, 75–83.

[62]

Samuel T. King and Peter M. Chen. 2003. Backtracking intrusions. In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP’03). ACM, New York, NY, 223–236. DOI:

Digital Library

[63]

KaiGai Kohei. 2020. Recent Security Features and Issues in Embedded Systems. Retrieved September 30, 2023 from https://elinux.org/images/e/e2/ELC2008_KaiGai.pdf

[64]

Sascha Konrad and Betty H. C. Cheng. 2005. Real-time specification patterns. In Proceedings of the 27th International Conference on Software Engineering. 372–381.

Digital Library

[65]

Yonghwi Kwon, Fei Wang, Weihang Wang, Kyu Hyung Lee, Wen-Chuan Lee, Shiqing Ma, Xiangyu Zhang, Dongyan Xu, Somesh Jha, Gabriela Ciocarlie, Ashish Gehani, and Vinod Yegneswaran. 2018. MCI: Modeling-based causality inference in audit logging for attack investigation. In Proceedings of the 25th Network and Distributed System Security Symposium (NDSS’18).

[66]

Insup Lee, Oleg Sokolsky, Sanjian Chen, John Hatcliff, Eunkyoung Jee, BaekGyu Kim, Andrew King, Margaret Mullen-Fortino, Soojin Park, Alexander Roederer, and Krishna K. Venkatasubramanian. 2011. Challenges and research directions in medical cyber–physical systems. Proceedings of the IEEE 100, 1 (2011), 75–90.

[67]

Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2013. High accuracy attack provenance via binary-based execution partition. In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS’13).

[68]

Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2013. LogGC: Garbage collecting audit log. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS’13). ACM, New York, NY, 1005–1016. DOI:

Digital Library

[69]

Yau-Tsun Steven Li and Sharad Malik. 1995. Performance analysis of embedded software using implicit path enumeration. In Proceedings of the ACM SIGPLAN 1995 Workshop on Languages, Compilers, and Tools for Real-Time Systems. 88–98.

Digital Library

[70]

Linux Kernel Organization Inc.2020. CPU Frequency and Voltage Scaling Code in the Linux Kernel. Retrieved September 30, 2023 from https://www.kernel.org/doc/Documentation/cpu-freq/governors.txt

[71]

C. L. Liu and James W. Layland. 1973. Scheduling algorithms for multiprogramming in a hard-real-time environment. Journal of the ACM 20, 1 (Jan.1973), 46–61. DOI:

Digital Library

[72]

Yushan Liu, Mu Zhang, Ding Li, Kangkook Jee, Zhichun Li, Zhenyu Wu, Junghwan Rhee, and Prateek Mittal. 2018. Towards a timely causality analysis for enterprise security. In Proceedings of the 25th ISOC Network and Distributed System Security Symposium (NDSS’18).

[73]

Yushan Liu, Mu Zhang, Ding Li, Kangkook Jee, Zhichun Li, Zhenyu Wu, Junghwan Rhee, and Prateek Mittal. 2018. Towards a timely causality analysis for enterprise security. In Proceedings of the 25th Annual Network and Distributed System Security Symposium (NDSS’18).

[74]

Sadegh M. Milajerdi, Birhanu Eshete, Rigel Gjomemo, and Venkat N. Venkatakrishnan. 2018. ProPatrol: Attack investigation via extracted high-level tasks. In Information Systems Security, Vinod Ganapathy, Trent Jaeger, and R. K. Shyamasundar (Eds.). Springer International, Cham, Switzerland, 107–126.

[75]

Shiqing Ma, Kyu Hyung Lee, Chung Hwan Kim, Junghwan Rhee, Xiangyu Zhang, and Dongyan Xu. 2015. Accurate, low cost and instrumentation-free security audit logging for windows. In Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC’15). ACM, New York, NY, 401–410. DOI:

Digital Library

[76]

Shiqing Ma, Juan Zhai, Yonghwi Kwon, Kyu Hyung Lee, Xiangyu Zhang, Gabriela Ciocarlie, Ashish Gehani, Vinod Yegneswaran, Dongyan Xu, and Somesh Jha. 2018. Kernel-supported cost-effective audit logging for causality tracking. In Proceedings of the 2018 USENIX Annual Technical Conference (USENIX ATC’18). 241–254. https://www.usenix.org/conference/atc18/presentation/ma-shiqing

[77]

Shiqing Ma, Juan Zhai, Fei Wang, Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2017. MPI: Multiple perspective attack investigation with semantic aware execution partitioning. In Proceedings of the 26th USENIX Security Symposium.

[78]

Shiqing Ma, Xiangyu Zhang, and Dongyan Xu. 2016. ProTracer: Towards practical provenance tracing by alternating between logging and tainting. In Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS’16).

[79]

Shiqing Ma, Xiangyu Zhang, and Dongyan Xu. 2016. ProTracer: Towards practical provenance tracing by alternating between logging and tainting. In Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS’16).

[80]

D. W. McKee, S. J. Clement, J. Almutairi, and J. Xu. 2017. Massive-scale automation in cyber-physical systems: Vision & challenges. In Proceedings of the 2017 IEEE 13th International Symposium on Autonomous Decentralized Systems (ISADS’17). 5–11. DOI:

[81]

S. Momeni Milajerdi, R. Gjomemo, B. Eshete, R. Sekar, and V. Venkatakrishnan. 2019. HOLMES: Real-time APT detection through correlation of suspicious information flows. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP’19). IEEE, Los Alamitos, CA. DOI:

[82]

Robert Mitchell and Ing-Ray Chen. 2014. A survey of intrusion detection techniques for cyber-physical systems. ACM Computing Surveys 46, 4 (March 2014), Article 55, 29 pages. DOI:

Digital Library

[83]

László Monostori, Botond Kádár, Thomas Bauernhansl, Shinsuke Kondoh, S. Kumara, Gunther Reinhart, Olaf Sauer, Gunther Schuh, Wilfried Sihn, and Kenichi Ueda. 2016. Cyber-physical systems in manufacturing. CIRP Annals 65, 2 (2016), 621–641.

[84]

PBS NewsHour. 2015. Hacking researchers kill a car engine on the highway to send a message to automakers. PBS. Retrieved September 30, 2023 from https://www.pbs.org/newshour/show/hacking-researchers-kill-car-engine-highway-send-message-automakers

[85]

Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan, Adam Bates, Christopher W. Fletcher, Andrew Miller, and Dave Tian. 2020. Custos: Practical tamper-evident auditing of operating systems using trusted execution. In Proceedings of the 27th ISOC Network and Distributed System Security Symposium.

[86]

Riccardo Paccagnella, Kevin Liao, Dave Tian, and Adam Bates. 2020. Logging to the danger zone: Race condition attacks and defenses on system audit frameworks. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 1551–1574.

Digital Library

[87]

Thomas Pasquier, Xueyuan Han, Mark Goldstein, Thomas Moyer, David Eyers, Margo Seltzer, and Jean Bacon. 2017. Practical whole-system provenance capture. In Proceedings of the 2017 Symposium on Cloud Computing (SoCC’17). ACM, New York, NY, 405–418. DOI:

Digital Library

[88]

Thomas Pasquier, Xueyuan Han, Thomas Moyer, Adam Bates, Olivier Hermant, David Eyers, Jean Bacon, and Margo Seltzer. 2018. Runtime analysis of whole-system provenance. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY.

Digital Library

[89]

T. F. J. Pasquier, J. Singh, D. Eyers, and J. Bacon. 2017. CamFlow: Managed data-sharing for cloud services. IEEE Transactions on Cloud Computing 5, 3 (July2017), 472–484. DOI:

[90]

Kexin Pei, Zhongshu Gu, Brendan Saltaformaggio, Shiqing Ma, Fei Wang, Zhiwei Zhang, Luo Si, Xiangyu Zhang, and Dongyan Xu. 2016. HERCULE: Attack story reconstruction via community discovery on correlated log graph. In Proceedings of the 32nd Annual Conference on Computer Security Applications (ACSAC’16). ACM, New York, NY, 583–595. DOI:

Digital Library

[91]

D. J. Pohly, S. McLaughlin, P. McDaniel, and K. Butler. 2012. Hi-Fi: Collecting high-fidelity whole-system provenance. In Proceedings of the 2012 Annual Computer Security Applications Conference (ACSAC’12).

Digital Library

[92]

Peter Puschner and Alan Burns. 2002. Writing temporally predictable code. In Proceedings of the 7th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS’02). IEEE, Los Alamitos, CA, 85–91.

[93]

Ragunathan Rajkumar, Insup Lee, Lui Sha, and John Stankovic. 2010. Cyber-physical systems: The next computing revolution. In Proceedings of the Design Automation Conference. IEEE, Los Alamitos, CA, 731–736.

Digital Library

[94]

Ragunathan Rajkumar, Lui Sha, and John P. Lehoczky. 1988. Real-time synchronization protocols for multiprocessors. In Proceedings of the Real-Time Systems Symposium. 259–260.

[95]

A. Sadeghi, C. Wachsmann, and M. Waidner. 2015. Security and privacy challenges in Industrial Internet of Things. In Proceedings of the 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC’15). 1–6. DOI:

Digital Library

[96]

Daniel Sandell, Andreas Ermedahl, Jan Gustafsson, and Björn Lisper. 2004. Static timing analysis of real-time operating system code. In Proceedings of the International Symposium on Leveraging Applications of Formal Methods, Verification, and Validation. 146–160.

[97]

Martin Schoeberl. 2006. Real-time garbage collection for Java. In Proceedings of the 9th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC’06). IEEE, Los Alamitos, CA, 1–9.

Digital Library

[98]

David Shepherd. 2020. Industry 4.0: The development of unique cybersecurity. Manufacturing. Retrieved September 30, 2023 from https://www.manufacturingglobal.com/technology/industry-40-development-unique-cybersecurity

[99]

Youcheng Sun and Marco Di Natale. 2018. Assessing the pessimism of current multicore global fixed-priority schedulability analysis. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing. 575–583.

Digital Library

[100]

Vinaitheerthan Sundaram, Patrick Eugster, and Xiangyu Zhang. 2012. Prius: Generic hybrid trace compression for wireless sensor networks. In Proceedings of the 10th ACM Conference on Embedded Network Sensor Systems. 183–196.

Digital Library

[101]

SUSE Linux. 2004. Linux Audit-Subsystem Design Documentation for Linux Kernel 2.6, v0.1. Retrieved September 30, 2023 from http://uniforum.chi.il.us/slides/HardeningLinux/LAuS-Design.pdf

[102]

Yutao Tang, Ding Li, Zhichun Li, Mu Zhang, Kangkook Jee, Xusheng Xiao, Zhenyu Wu, Junghwan Rhee, Fengyuan Xu, and Qun Li. 2018. NodeMerge: Template based efficient data reduction for big-data causality analysis. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS’18). ACM, New York, NY, 1324–1337. DOI:

Digital Library

[103]

The Linux Foundation. 2018. Real-Time Linux. Retrieved September 30, 2023 from https://wiki.linuxfoundation.org/realtime/start

[104]

The Linux Foundation. 2022. RT-Tests. Retrieved September 30, 2023 from https://wiki.linuxfoundation.org/realtime/documentation/howto/tools/rt-tests

[105]

The MISRA Consortium Limited. 2021. MISRA. Retrieved September 30, 2023 from https://www.misra.org.uk/

[106]

The MITRE Corporation. 2018. Medical Device Cybersecurity. Retrieved September 30, 2023 from https://www.mitre.org/sites/default/files/publications/pr-18-1550-Medical-Device-Cybersecurity-Playbook.pdf

[107]

Dave (Jing) Tian, Adam Bates, Kevin R. B. Butler, and Raju Rangaswami. 2016. ProvUSB: Block-level provenance-based data protection for USB storage devices. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY.

Digital Library

[108]

Paulo Veríssimo and António Casimiro. 2002. The timely computing base model and architecture. IEEE Transactions on Computers 51, 8 (2002), 916–930.

Digital Library

[109]

Paulo Veríssimo, António Casimiro, and Christof Fetzer. 2000. The timely computing base: Timely actions in the presence of uncertain timeliness. In Proceeding of the International Conference on Dependable Systems and Networks (DSN’00). IEEE, Los Alamitos, CA, 533–542.

[110]

Liuping Wang. 2020. PID Control System Design and Automatic Tuning Using MATLAB/Simulink. John Wiley & Sons.

[111]

Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl Gunter. 2017. Fear and logging in the Internet of Things. In Proceedings of the 25th ISOC Network and Distributed System Security Symposium (NDSS’18).

[112]

Qi Wang, Wajih Ul Hassan, Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Jungwhan Rhee, Zhengzhang Zhen, Wei Cheng, Carl A. Gunter, and Haifeng Chen. 2020. You are what you do: Hunting stealthy malware via data provenance analysis. In Proceedings of the 27th ISOC Network and Distributed System Security Symposium (NDSS’20).

[113]

W. Eric Wong, Yu Qi, Lei Zhao, and Kai-Yuan Cai. 2007. Effective fault localization using code coverage. In Proceedings of the 31st Annual International Computer Software and Applications Conference (COMPSAC’07), Vol. 1. IEEE, Los Alamitos, CA, 449–456.

Digital Library

[114]

Yang Wu, Ang Chen, and Linh Thi Xuan Phan. 2019. Zeno: Diagnosing performance problems with temporal provenance. In Proceedings of the 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI’19). 395–420. https://www.usenix.org/conference/nsdi19/presentation/wu

[115]

Yang Wu, Ang Chen, and Linh Thi Xuan Phan. 2019. Zeno: Diagnosing performance problems with temporal provenance. In Proceedings of the 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI’19). 395–420.

[116]

Zhang Xu, Zhenyu Wu, Zhichun Li, Kangkook Jee, Junghwan Rhee, Xusheng Xiao, Fengyuan Xu, Haining Wang, and Guofei Jiang. 2016. High fidelity data reduction for big data security dependency analyses. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, New York, NY, 504–516. DOI:

Digital Library

[117]

Carter Yagemann, Mohammad Noureddine, Wajih Ul Hassan, Simon Chung, Adam Bates, and Wenke Lee. 2021. Validating the integrity of audit logs against execution repartitioning attacks. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security.

Digital Library

[118]

M. Yoon, S. Mohan, J. Choi, J. Kim, and L. Sha. 2013. SecureCore: A multicore-based intrusion detection architecture for real-time embedded systems. In Proceedings of the 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS’13). 21–32. DOI:

Digital Library

[119]

M. Yoon, S. Mohan, J. Choi, and L. Sha. 2015. Memory heat map: Anomaly detection in real-time embedded systems using memory behavior. In Proceedings of the 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC’15). 1–6. DOI:

Digital Library

[120]

Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Mihai Christodorescu, and Lui Sha. 2017. Learning execution contexts from system call distribution for anomaly detection in smart embedded system. In Proceedings of the 2nd International Conference on Internet-of-Things Design and Implementation.

Digital Library

[121]

Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Jung-Eun Kim, and Lui Sha. 2013. SecureCore: A multicore-based intrusion detection architecture for real-time embedded systems. In Proceedings of the 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS’13). IEEE, Los Alamitos, CA, 21–32.

[122]

Tiantian Zhu, Jiayu Wang, Linqi Ruan, Chunlin Xiong, Jinkai Yu, Yaosheng Li, Yan Chen, Mingqi Lv, and Tieming Chen. 2021. General, efficient, and real-time data compaction strategy for APT forensic analysis. IEEE Transactions on Information Forensics and Security 16 (2021), 3312–3325.

[123]

Christopher Zimmer, Balasubramanya Bhat, Frank Mueller, and Sibin Mohan. 2010. Time-based intrusion detection in cyber-physical systems. In Proceedings of the 1st ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS’10). ACM, New York, NY, 109–118. DOI:

Digital Library

Cited By

Holla MSuma D(2024)A GPU scheme for multi-secret visual sharing with varied secret dimensions and contrast enhancement using blind super-resolutionInternational Journal of Information Technology10.1007/s41870-023-01693-x16:3(1801-1814)Online publication date: 19-Jan-2024
https://doi.org/10.1007/s41870-023-01693-x

Index Terms

System Auditing for Real-Time Systems
1. Computer systems organization
  1. Real-time systems
2. Security and privacy
  1. Systems security

Recommendations

Towards Efficient Auditing for Real-Time Systems
Computer Security – ESORICS 2022
Abstract
System auditing is a powerful tool that provides insight into the nature of suspicious events in computing systems, allowing machine operators to detect and subsequently investigate security incidents. While auditing has proven invaluable to the ...
A Real-Time Operating System for Physical and Logical Time-Triggered Distributed Computing
APIT '24: Proceedings of the 2024 6th Asia Pacific Information Technology Conference

The paper introduces a real-time operating system (RTOS) for physical and logical time-triggered distributed computing, which is designed for cyber-physical systems with communication time fluctuations. Input/output tasks perform physical time-triggered ...
Cpu time-sharing in real-time systems

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Privacy and Security

ACM Transactions on Privacy and Security Volume 26, Issue 4

November 2023

260 pages

ISSN:2471-2566

EISSN:2471-2574

DOI:10.1145/3614236

Editor:
Ninghui Li
Purdue University, USA

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2023

Online AM: 22 September 2023

Accepted: 12 September 2023

Revised: 16 July 2023

Received: 05 March 2023

Published in TOPS Volume 26, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Office of Naval Research (ONR)
National Aeronautics and Space Administration (NASA)
National Science Foundation (NSF)

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
350
Total Downloads

Downloads (Last 12 months)350
Downloads (Last 6 weeks)21

Reflects downloads up to

Other Metrics

View Author Metrics

Citations

Cited By

Holla MSuma D(2024)A GPU scheme for multi-secret visual sharing with varied secret dimensions and contrast enhancement using blind super-resolutionInternational Journal of Information Technology10.1007/s41870-023-01693-x16:3(1801-1814)Online publication date: 19-Jan-2024
https://doi.org/10.1007/s41870-023-01693-x

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

Media

Figures

Other

Tables

View full text|Download PDF

View Issue’s Table of Contents