Document Open Access Logo

Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems

Authors Kristin Krüger , Marcus Völp , Gerhard Fohler

PDF
Thumbnail PDF

File

LIPIcs.ECRTS.2018.22.pdf
  • Filesize: 430 kB
  • 17 pages

Document Identifiers

Author Details

Kristin Krüger
  • Technische Universität Kaiserslautern, Kaiserslautern, Deutschland
Marcus Völp
  • SnT - Université du Luxembourg, Esch-sur-Alzette, Luxembourg
Gerhard Fohler
  • Technische Universität Kaiserslautern, Kaiserslautern, Deutschland

Funding

  • Völp, Marcus: supported by Fonds National de la Recherche Luxembourg (FNR) through PEARL grant FNR/P14/8149128.

Cite AsGet BibTex

Kristin Krüger, Marcus Völp, and Gerhard Fohler. Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems. In 30th Euromicro Conference on Real-Time Systems (ECRTS 2018). Leibniz International Proceedings in Informatics (LIPIcs), Volume 106, pp. 22:1-22:17, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2018)
https://doi.org/10.4230/LIPIcs.ECRTS.2018.22

Abstract

Much effort has been put into improving the predictability of real-time systems, especially in safety-critical environments, which provides designers with a rich set of methods and tools to attest safety in situations with no or a limited number of accidental faults. However, with increasing connectivity of real-time systems and a wide availability of increasingly sophisticated exploits, security and, in particular, the consequences of predictability on security become concerns of equal importance. Time-triggered scheduling with offline constructed tables provides determinism and simplifies timing inference, however, at the same time, time-triggered scheduling creates vulnerabilities by allowing attackers to target their attacks to specific, deterministically scheduled and possibly safety-critical tasks. In this paper, we analyze the severity of these vulnerabilities by assuming successful compromise of a subset of the tasks running in a real-time system and by investigating the attack potential that attackers gain from them. Moreover, we discuss two ways to mitigate direct attacks: slot-level online randomization of schedules, and offline schedule-diversification. We evaluate these mitigation strategies with a real-world case study to show their practicability for mitigating not only accidentally malicious behavior, but also malicious behavior triggered by attackers on purpose.

Subject Classification

ACM Subject Classification
  • Computer systems organization → Real-time systems
  • Software and its engineering → Scheduling
  • Security and privacy → Operating systems security
Keywords
  • real-time systems
  • time-triggered systems
  • security
  • vulnerability

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads
    0
    Metadata Views

References

  1. Peter K. Boucher, Raymond K. Clark, Ira B. Greenberg, E. Douglas Jensen, and Douglas M. Wells. Toward a Multilevel-Secure, Best-Effort Real-Time Scheduler, pages 49-68. Springer Vienna, Vienna, 1995. URL: http://dx.doi.org/10.1007/978-3-7091-9396-9_8.
  2. Intel Corporation. Firmware Updates and Initial Performance Data for Data Center Systems. accessed on 26 2017. URL: https://newsroom.intel.com/news/firmware-updates-and-initial-performance-data-for-data-center-systems/.
  3. Intel Corporation. Intel Security Issue Update: Initial Performance Data Results for Client Systems. accessed on 26 2017. URL: https://newsroom.intel.com/editorials/intel-security-issue-update-initial-performance-data-results-client/.
  4. Silviu S. Craciunas and Ramon Serna Oliver. SMT-based Task- and Network-level Static Schedule Generation for Time-Triggered Networked Systems. In Proceedings of the 22Nd International Conference on Real-Time Networks and Systems, RTNS '14, pages 45:45-45:54, New York, NY, USA, 2014. ACM. URL: http://dx.doi.org/10.1145/2659787.2659812.
  5. Christian Ferdinand and Reinhard Wilhelm. Efficient and Precise Cache Behavior Prediction for Real-Time Systems. Real-Time Systems, 17(2):131-181, Nov 1999. URL: http://dx.doi.org/10.1023/A:1008186323068.
  6. G. Fohler. Joint scheduling of distributed complex periodic and hard aperiodic tasks in statically scheduled systems. In Proceedings 16th IEEE Real-Time Systems Symposium, pages 152-161, Dec 1995. URL: http://dx.doi.org/10.1109/REAL.1995.495205.
  7. Gerhard Fohler. Advances in Real-Time Systems, Chapter Predictably Flexible Real-time Scheduling. SPRINGER, 2012. Google Scholar
  8. W. M. Hu. Lattice scheduling and covert channels. In Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pages 52-61, May 1992. URL: http://dx.doi.org/10.1109/RISP.1992.213271.
  9. B. K. Huynh, L. Ju, and A. Roychoudhury. Scope-Aware Data Cache Analysis for WCET Estimation. In 2011 17th IEEE Real-Time and Embedded Technology and Applications Symposium, pages 203-212, April 2011. URL: http://dx.doi.org/10.1109/RTAS.2011.27.
  10. Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. Spectre Attacks: Exploiting Speculative Execution. ArXiv e-prints, 2018. URL: http://arxiv.org/abs/1801.01203.
  11. H. Kopetz. Sparse time versus dense time in distributed real-time systems. In [1992] Proceedings of the 12th International Conference on Distributed Computing Systems, pages 460-467, Jun 1992. URL: http://dx.doi.org/10.1109/ICDCS.1992.235008.
  12. H. Kopetz and G. Grünsteidl. TTP-a protocol for fault-tolerant real-time systems. Computer, 27(1):14-23, Jan 1994. URL: http://dx.doi.org/10.1109/2.248873.
  13. Kristin Krüger, Marcus Völp, and Gerhard Fohler. Improving Security for Time-Triggered Real-Time Systems against Timing Inference Based Attacks by Schedule Obfuscation. In 29th Euromicro Conference on Real-Time Systems (ECRTS 2017), Work-in-Progress Proceedings, pages 4-6, 2017. Google Scholar
  14. J. Liedtke, H. Hartig, and M. Hohmuth. OS-controlled cache predictability for real-time systems. In Proceedings Third IEEE Real-Time Technology and Applications Symposium, pages 213-224, Jun 1997. URL: http://dx.doi.org/10.1109/RTTAS.1997.601360.
  15. Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. Meltdown. ArXiv e-prints, jan 2018. URL: http://arxiv.org/abs/1801.01207.
  16. Sibin Mohan, Man-Ki Yoon, Rodolfo Pellizzoni, and Rakesh B Bobba. Integrating security constraints into fixed priority real-time schedulers. Real-Time Systems, pages 1-31, 2016. Google Scholar
  17. C. Pagetti, D. Saussié, R. Gratia, E. Noulard, and P. Siron. The ROSACE case study: From Simulink specification to multi/many-core execution. In 2014 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS), pages 309-318, April 2014. Open Source avionics task set. URL: http://dx.doi.org/10.1109/RTAS.2014.6926012.
  18. Stefan Schorr. Adaptive Real-Time Scheduling and Resource Management on Multicore Architectures. PhD thesis, Technical University of Kaiserslautern, March 2015. Google Scholar
  19. Florian Skopik, Albert Treytl, Arjan Geven, Bernd Hirschler, Thomas Bleier, Andreas Eckel, Christian El-Salloum, and Armin Wasicek. Towards Secure Time-Triggered Systems, pages 365-372. Springer Berlin Heidelberg, Berlin, Heidelberg, 2012. URL: http://dx.doi.org/10.1007/978-3-642-33675-1_33.
  20. M. Völp, B. Engel, C. J. Hamann, and H. Härtig. On confidentiality-preserving real-time locking protocols. In IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS), April 2013. URL: http://dx.doi.org/10.1109/RTAS.2013.6531088.
  21. Marcus Völp, Claude-Joachim Hamann, and Hermann Härtig. Avoiding Timing Channels in Fixed-priority Schedulers. In Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08, pages 44-55, New York, NY, USA, 2008. ACM. URL: http://dx.doi.org/10.1145/1368310.1368320.
  22. A. Wasicek, C. El-Salloum, and H. Kopetz. Authentication in Time-Triggered Systems Using Time-Delayed Release of Keys. In 2011 14th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, pages 31-39, March 2011. URL: http://dx.doi.org/10.1109/ISORC.2011.14.
  23. Armin Rudolf Wasicek. Security in Time-Triggered Systems. PhD thesis, Technische Universität Wien, 2011. Google Scholar
  24. C. B. Watkins and R. Walter. Transitioning from federated avionics architectures to Integrated Modular Avionics. In 2007 IEEE/AIAA 26th Digital Avionics Systems Conference, pages 2.A.1-1-2.A.1-10, Oct 2007. URL: http://dx.doi.org/10.1109/DASC.2007.4391842.
  25. M. K. Yoon, S. Mohan, C. Y. Chen, and L. Sha. TaskShuffler: A Schedule Randomization Protocol for Obfuscation against Timing Inference Attacks in Real-Time Systems. In 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pages 1-12, April 2016. URL: http://dx.doi.org/10.1109/RTAS.2016.7461362.
  26. H. Yun, R. Mancuso, Z. P. Wu, and R. Pellizzoni. PALLOC: DRAM bank-aware memory allocator for performance isolation on multicore platforms. In 2014 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS), pages 155-166, April 2014. URL: http://dx.doi.org/10.1109/RTAS.2014.6925999.
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail
© 2023-2024 Schloss Dagstuhl – LZI GmbH Imprint Privacy Contact