License
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.ECRTS.2018.22
URN: urn:nbn:de:0030-drops-89811
URL: http://drops.dagstuhl.de/opus/volltexte/2018/8981/
Go to the corresponding LIPIcs Volume Portal


Krüger, Kristin ; Völp, Marcus ; Fohler, Gerhard

Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems

pdf-format:
LIPIcs-ECRTS-2018-22.pdf (0.4 MB)


Abstract

Much effort has been put into improving the predictability of real-time systems, especially in safety-critical environments, which provides designers with a rich set of methods and tools to attest safety in situations with no or a limited number of accidental faults. However, with increasing connectivity of real-time systems and a wide availability of increasingly sophisticated exploits, security and, in particular, the consequences of predictability on security become concerns of equal importance. Time-triggered scheduling with offline constructed tables provides determinism and simplifies timing inference, however, at the same time, time-triggered scheduling creates vulnerabilities by allowing attackers to target their attacks to specific, deterministically scheduled and possibly safety-critical tasks. In this paper, we analyze the severity of these vulnerabilities by assuming successful compromise of a subset of the tasks running in a real-time system and by investigating the attack potential that attackers gain from them. Moreover, we discuss two ways to mitigate direct attacks: slot-level online randomization of schedules, and offline schedule-diversification. We evaluate these mitigation strategies with a real-world case study to show their practicability for mitigating not only accidentally malicious behavior, but also malicious behavior triggered by attackers on purpose.

BibTeX - Entry

@InProceedings{krger_et_al:LIPIcs:2018:8981,
  author =	{Kristin Kr{\"u}ger and Marcus V{\"o}lp and Gerhard Fohler},
  title =	{{Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems}},
  booktitle =	{30th Euromicro Conference on Real-Time Systems (ECRTS 2018)},
  pages =	{22:1--22:17},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-075-0},
  ISSN =	{1868-8969},
  year =	{2018},
  volume =	{106},
  editor =	{Sebastian Altmeyer},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{http://drops.dagstuhl.de/opus/volltexte/2018/8981},
  URN =		{urn:nbn:de:0030-drops-89811},
  doi =		{10.4230/LIPIcs.ECRTS.2018.22},
  annote =	{Keywords: real-time systems, time-triggered systems, security, vulnerability}
}

Keywords: real-time systems, time-triggered systems, security, vulnerability
Seminar: 30th Euromicro Conference on Real-Time Systems (ECRTS 2018)
Issue Date: 2018
Date of publication: 20.06.2018


DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI