Search Results

Documents authored by Benatti, Nicolas


Document
On DoS Attacks Exploiting Input Representativeness in Mixed-Criticality Systems

Authors: Nicolas Benatti, Federico Reghenzani, and Vittorio Zaccaria

Published in: LIPIcs, Volume 375, 38th European Conference on Real-Time Systems (ECRTS 2026)


Abstract
In order to satisfy power, area and cost constraints, modern Cyber-Physical Systems (CPSs) often consolidate tasks with vastly different assurance requirements onto a shared platform. Mixed-Criticality Systems (MCSs) enable this consolidation while maintaining timing guarantees on complex hardware through probabilistic timing analysis. Among these techniques, Measurement-Based Probabilistic Timing Analysis (MBPTA) has gained popularity in recent years; it works by deriving Worst-Case Execution Time (WCET) estimates from input samples collected at design time. The impossibility of fully covering tasks' input space during MBPTA can pave the way for Denial-of-Service (DoS) attacks: adversaries can, for example, craft data-oriented and sensor spoofing attacks that force execution along unobserved paths, inducing WCET overruns and deadline violations. This work demonstrates that temporal DoS attacks exploiting insufficient input representativeness pose a credible threat to MCSs, showing substantial impact on availability and criticality mode transitions through comprehensive simulations. Next, rather than pursuing unattainable perfect input coverage at design time, we investigate runtime detection via monitoring of execution-time distributions and propose a novel Goodness-of-Fit-based detection mechanism. Our detection approach exhibits improved accuracy and reduced variance compared to existing iid-based methods, offering more stable performance across heterogeneous workloads. The trade-off is higher detection latency, necessitating careful analysis of system-specific tolerance windows before deployment. Evaluation demonstrates both the practical threat posed by timing-based attacks and the viability of distribution-based anomaly detection, while acknowledging that synthetic evaluation cannot alone validate real-world applicability.

Cite as

Nicolas Benatti, Federico Reghenzani, and Vittorio Zaccaria. On DoS Attacks Exploiting Input Representativeness in Mixed-Criticality Systems. In 38th European Conference on Real-Time Systems (ECRTS 2026). Leibniz International Proceedings in Informatics (LIPIcs), Volume 375, pp. 11:1-11:25, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2026)


Copy BibTex To Clipboard

@InProceedings{benatti_et_al:LIPIcs.ECRTS.2026.11,
  author =	{Benatti, Nicolas and Reghenzani, Federico and Zaccaria, Vittorio},
  title =	{{On DoS Attacks Exploiting Input Representativeness in Mixed-Criticality Systems}},
  booktitle =	{38th European Conference on Real-Time Systems (ECRTS 2026)},
  pages =	{11:1--11:25},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-429-1},
  ISSN =	{1868-8969},
  year =	{2026},
  volume =	{375},
  editor =	{Kritikakou, Angeliki},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECRTS.2026.11},
  URN =		{urn:nbn:de:0030-drops-266039},
  doi =		{10.4230/LIPIcs.ECRTS.2026.11},
  annote =	{Keywords: Cyber-physical systems, mixed-criticality systems, pWCET, denial-of-service, spoofing, data-oriented attack}
}
Any Issues?
X

Feedback on the Current Page

CAPTCHA

Thanks for your feedback!

Feedback submitted to Dagstuhl Publishing

Could not send message

Please try again later or send an E-mail