Contego: An Adaptive Framework for Integrating Security Tasks in Real-Time Systems

Authors Monowar Hasan, Sibin Mohan, Rodolfo Pellizzoni, Rakesh B. Bobba



PDF
Thumbnail PDF

File

LIPIcs.ECRTS.2017.23.pdf
  • Filesize: 0.84 MB
  • 22 pages

Document Identifiers

Author Details

Monowar Hasan
Sibin Mohan
Rodolfo Pellizzoni
Rakesh B. Bobba

Cite As Get BibTex

Monowar Hasan, Sibin Mohan, Rodolfo Pellizzoni, and Rakesh B. Bobba. Contego: An Adaptive Framework for Integrating Security Tasks in Real-Time Systems. In 29th Euromicro Conference on Real-Time Systems (ECRTS 2017). Leibniz International Proceedings in Informatics (LIPIcs), Volume 76, pp. 23:1-23:22, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2017) https://doi.org/10.4230/LIPIcs.ECRTS.2017.23

Abstract

Embedded real-time systems (RTS) are pervasive. Many modern RTS are exposed to unknown security flaws, and threats to RTS are growing in both number and sophistication. However, until recently, cyber-security considerations were an afterthought in the design of such systems. Any security mechanisms integrated into RTS must (a) co-exist with the real-time tasks in the system and (b) operate without impacting the timing and safety constraints of the control logic. We introduce Contego, an approach to integrating security tasks into RTS without affecting temporal requirements. Contego is specifically designed for legacy systems, viz., the real-time control systems in which major alterations of the system parameters for constituent tasks is not always feasible. Contego combines the concept of opportunistic execution with hierarchical scheduling to maintain compatibility with legacy systems while still providing flexibility by allowing security tasks to operate in different modes. We also define a metric to measure the effectiveness of such integration. We evaluate Contego using synthetic workloads as well as with an implementation on a realistic embedded platform (an open-source ARM CPU running real-time Linux).

Subject Classification

Keywords
  • Real-Time Systems
  • Security
  • Hierarchical Scheduling

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. Marshall Abrams and Joe Weiss. Malicious control system cyber security attack case study-Maroochy Water Services, Australia. McLean, VA: The MITRE Corporation, 2008. Google Scholar
  2. Neil Audsley, Alan Burns, Mike Richardson, Ken Tindell, and Andy J. Wellings. Applying new scheduling theory to static priority pre-emptive scheduling. SE Journal, 8(5):284-292, 1993. Google Scholar
  3. BeagleBone Black. URL: https://beagleboard.org/black.
  4. Enrico Bini and Giorgio C. Buttazzo. Measuring the performance of schedulability tests. RTS Journal, 30(1-2):129-154, 2005. Google Scholar
  5. Enrico Bini and Anton Cervin. Delay-aware period assignment in control systems. In IEEE RTSS, pages 291-300, 2008. Google Scholar
  6. Stephen Boyd, Seung-Jean Kim, Lieven Vandenberghe, and Arash Hassibi. A tutorial on geometric programming. Opt. &Eng., 8(1):67-127, 2007. Google Scholar
  7. Stephen Boyd and Lieven Vandenberghe. Convex optimization. Cambridge University Press, 2004. Google Scholar
  8. The Bro Network Security Monitor. URL: https://www.bro.org.
  9. Alan Burns and Robert Davis. Mixed criticality systems - a review. Technical report, University of York, 2013. [Online]. URL: https://www-users.cs.york.ac.uk/~burns/review.pdf.
  10. Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, Tadayoshi Kohno, et al. Comprehensive experimental analyses of automotive attack surfaces. In USENIX Sec. Symp., 2011. Google Scholar
  11. Chien-Ying Chen, Rakesh B. Bobba, and Sibin Mohan. Schedule-based side-channel attack in fixed-priority real-time systems. Technical report, University of Illinois, 2015. [Online]. URL: http://hdl.handle.net/2142/88344.
  12. Shane S. Clark and Kevin Fu. Recent results in computer security for medical devices. In MobiHealth, pages 111-118, 2011. Google Scholar
  13. Rob Davis and Alan Burns. An investigation into server parameter selection for hierarchical fixed priority pre-emptive systems. In IEEE RTNS, 2008. Google Scholar
  14. Ethical hacking and countermeasures: Secure network operating systems and infrastructures, 2017. Google Scholar
  15. Nicolas Falliere, Liam O. Murchu, and Eric Chien. W32. Stuxnet dossier. White paper, Symantec Corp., Security Response, 5:6, 2011. Google Scholar
  16. FreeRTOS. URL: http://www.freertos.org.
  17. FTP Brute-force attack trace. URL: https://github.com/bro/bro/blob/master/testing/btest/Traces/ftp/bruteforce.pcap.
  18. Monowar Hasan, Sibin Mohan, Rakesh B. Bobba, and Rodolfo Pellizzoni. Exploring opportunistic execution for integrating security into legacy hard real-time systems. In IEEE RTSS, pages 123-134, 2016. Google Scholar
  19. Monowar Hasan, Sibin Mohan, Rakesh B. Bobba, and Rodolfo Pellizzoni. A server model to integrate security tasks into fixed-priority real-time systems. In IEEE CERTS, pages 61-68, 2016. Google Scholar
  20. Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, et al. Experimental security analysis of a modern automobile. In IEEE S&P, pages 447-462, 2010. Google Scholar
  21. Man Lin, Li Xu, Laurence T. Yang, Xiao Qin, Nenggan Zheng, Zhaohui Wu, and Meikang Qiu. Static security optimization for real-time systems. IEEE Trans. on Indust. Info., 5(1):22-37, 2009. Google Scholar
  22. Chung Laung Liu and James W. Layland. Scheduling algorithms for multiprogramming in a hard-real-time environment. JACM, 20(1):46-61, 1973. Google Scholar
  23. Xue Liu, Hui Ding, Kihwal Lee, Qixin Wang, and Lui Sha. ORTEGA: An efficient and flexible software fault tolerance architecture for real-time control systems. In IEEE ECRTS, pages 125-134, 2008. Google Scholar
  24. Daniel Lo, Mohamed Ismail, Tao Chen, and G. Edward Suh. Slack-aware opportunistic monitoring for real-time systems. In IEEE RTAS, pages 203-214, 2014. Google Scholar
  25. Sibin Mohan. Worst-case execution time analysis of security policies for deeply embedded real-time systems. ACM SIGBED Review, 5(1):8, 2008. Google Scholar
  26. Sibin Mohan, Man-Ki Yoon, Rodolfo Pellizzoni, and Rakesh B. Bobba. Real-time systems security through scheduler constraints. In IEEE ECRTS, pages 129-140, 2014. Google Scholar
  27. Sibin Mohan, Man-Ki Yoon, Rodolfo Pellizzoni, and Rakesh B. Bobba. Integrating security constraints into fixed priority real-time schedulers. RTS Journal, 52(5):644-674, 2016. URL: http://dx.doi.org/10.1007/s11241-016-9252-5.
  28. A. K. Mok. Fundamental design problems of distributed systems for the hard-real-time environment. Technical report, Massachusetts Institute of Technology, 1983. Google Scholar
  29. Almir Mutapcic, Kwangmoo Koh, Seungjean Kim, Lieven Vandenberghe, and Stephen Boyd. GGPLAB: a simple Matlab toolbox for geometric programming, 2006. URL: https://stanford.edu/~boyd/ggplab/.
  30. Rodolfo Pellizzoni, Neda Paryab, Man-Ki Yoon, Stanley Bak, Sibin Mohan, and Rakesh B. Bobba. A generalized model for preventing information leakage in hard real-time systems. In IEEE RTAS, pages 271-282, 2015. Google Scholar
  31. Saowanee Saewong, Ragunathan (Raj) Rajkumar, John P. Lehoczky, and Mark H. Klein. Analysis of hierarchical fixed-priority scheduling. In IEEE ECRTS, pages 173-181, 2002. Google Scholar
  32. Lui Sha, Ragunathan Rajkumar, and John P. Lehoczky. Priority inheritance protocols: An approach to real-time synchronization. IEEE Trans. on Comp., 39(9):1175-1185, 1990. Google Scholar
  33. Shellcode on ARM architecture. URL: http://shell-storm.org/shellcode.
  34. Daniel P. Shepard, Jahshan A. Bhatti, Todd E. Humphreys, and Aaron A. Fansler. Evaluation of smart grid and civilian UAV vulnerability to GPS spoofing attacks. In Proc. of the ION GNSS Meeting, volume 3, 2012. Google Scholar
  35. Insik Shin and Insup Lee. Periodic resource model for compositional real-time guarantees. In IEEE RTSS, pages 2-13, 2003. Google Scholar
  36. Open Source Tripwire. URL: https://github.com/Tripwire/tripwire-open-source.
  37. UAV Control Codes. URL: https://github.com/Khan-drone/flight-control.
  38. Xenomai - Real-time framework for Linux. URL: https://xenomai.org.
  39. Tao Xie and Xiao Qin. Improving security for periodic tasks in embedded systems through scheduling. ACM TECS, 6(3):20, 2007. Google Scholar
  40. Man-Ki Yoon, Jung-Eun Kim, Richard Bradford, and Lui Sha. Holistic design parameter optimization of multiple periodic resources in hierarchical scheduling. In DATE, pages 1313-1318, 2013. Google Scholar
  41. Man-Ki Yoon, Sibin Mohan, Chien-Ying Chen, and Lui Sha. TaskShuffler: A schedule randomization protocol for obfuscation against timing inference attacks in real-time systems. In IEEE RTAS, pages 1-12, 2016. Google Scholar
  42. Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Jung-Eun Kim, and Lui Sha. SecureCore: A multicore-based intrusion detection architecture for real-time embedded systems. In IEEE RTAS, pages 21-32, 2013. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail