Search Results

Documents authored by Ward, Bryan C.


Document
DART: A Real-Time Address-Randomization Defense with Predictable Timing

Authors: Patrick Dobranowski, Owen Rice, Ryan Burrow, Nathan Burow, and Bryan C. Ward

Published in: LIPIcs, Volume 375, 38th European Conference on Real-Time Systems (ECRTS 2026)


Abstract
Embedded and real-time systems are increasingly connected and deployed in safety and mission-critical environments, making them a persistent target for attacks capable of compromising industrial control systems and other embedded devices. At the same time, these devices often have strict real-time requirements that require predictable worst-case performance. However, many strong and widely deployed software-security defenses are designed and evaluated with respect to average-case performance, a more important metric in enterprise systems. The worst-case performance of such defenses is not well understood and indeed such defenses are less commonly deployed in embedded systems. In particular, one class of commonly deployed defenses in enterprise systems is code randomization, which protects a system by altering the layout of the virtual address space so that attackers cannot easily target specific parts of a vulnerable application, but randomization is often seen as fundamentally counter to real-time predictability. This paper presents DART, a real-time address randomization defense with page-level randomization. DART randomizes code in the virtual address space at page-level granularity under placement constraints that move cache behavior from a runtime OS-allocator property to a statically encoded binary property, allowing for timing analysis. An analysis of DART’s timing behavior on a real-time testbed demonstrates how the design makes layout-induced timing variance bounded and characterizable across the space of layouts produced, supporting predictable execution-time analysis. The resulting layout search space is then analyzed, and a closed-form expression for the randomization entropy induced by DART is derived. Evaluation results across TACLeBench binaries show increased combinatorial entropy with modest numbers of virtual memory pages per cache color, providing a suitable defense that outperforms traditional virtual-memory protections for attacks such as partial-pointer overwriting or more broadly control-flow hijacking.

Cite as

Patrick Dobranowski, Owen Rice, Ryan Burrow, Nathan Burow, and Bryan C. Ward. DART: A Real-Time Address-Randomization Defense with Predictable Timing. In 38th European Conference on Real-Time Systems (ECRTS 2026). Leibniz International Proceedings in Informatics (LIPIcs), Volume 375, pp. 10:1-10:26, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2026)


Copy BibTex To Clipboard

@InProceedings{dobranowski_et_al:LIPIcs.ECRTS.2026.10,
  author =	{Dobranowski, Patrick and Rice, Owen and Burrow, Ryan and Burow, Nathan and Ward, Bryan C.},
  title =	{{DART: A Real-Time Address-Randomization Defense with Predictable Timing}},
  booktitle =	{38th European Conference on Real-Time Systems (ECRTS 2026)},
  pages =	{10:1--10:26},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-429-1},
  ISSN =	{1868-8969},
  year =	{2026},
  volume =	{375},
  editor =	{Kritikakou, Angeliki},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECRTS.2026.10},
  URN =		{urn:nbn:de:0030-drops-266021},
  doi =		{10.4230/LIPIcs.ECRTS.2026.10},
  annote =	{Keywords: real-time systems, address-space layout randomization, code randomization, worst-case execution time, cache coloring, embedded systems security}
}
Document
CacheFlow: Using Maximum Flow to Bound Cache-Based Preemption Delays

Authors: Tiancheng He and Bryan C. Ward

Published in: LIPIcs, Volume 375, 38th European Conference on Real-Time Systems (ECRTS 2026)


Abstract
Cache-related preemption delay (CRPD) analysis bounds the additional execution time caused by cache evictions during preemptions. Tightly bounding CRPDs is challenging as there are many possible preemption patterns that can occur at runtime, and thus there has been continuous work over three decades to refine these bounds. This paper presents CacheFlow, a framework that formulates total CRPD as a maximum-flow problem. In the flow network, nodes and edge capacities can be constructed to model certain eviction patterns that can occur. Therefore, by (safely) removing nodes or edges, or reducing edge capacities, tighter CRPD bounds can be derived. This is demonstrated with different CacheFlow refinements, some of which include insights from prior analyses, as well as a refinement for simply periodic systems. An iterative max-flow formulation is also described to more efficiently integrate the max-flow solving in the context of standard fixed-priority response-time analysis. Experiments on synthetic task systems demonstrate significant schedulability improvements across a range of system configurations, while also having reasonable solving times.

Cite as

Tiancheng He and Bryan C. Ward. CacheFlow: Using Maximum Flow to Bound Cache-Based Preemption Delays. In 38th European Conference on Real-Time Systems (ECRTS 2026). Leibniz International Proceedings in Informatics (LIPIcs), Volume 375, pp. 13:1-13:22, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2026)


Copy BibTex To Clipboard

@InProceedings{he_et_al:LIPIcs.ECRTS.2026.13,
  author =	{He, Tiancheng and Ward, Bryan C.},
  title =	{{CacheFlow: Using Maximum Flow to Bound Cache-Based Preemption Delays}},
  booktitle =	{38th European Conference on Real-Time Systems (ECRTS 2026)},
  pages =	{13:1--13:22},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-429-1},
  ISSN =	{1868-8969},
  year =	{2026},
  volume =	{375},
  editor =	{Kritikakou, Angeliki},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECRTS.2026.13},
  URN =		{urn:nbn:de:0030-drops-266058},
  doi =		{10.4230/LIPIcs.ECRTS.2026.13},
  annote =	{Keywords: Cache-related Preemption Delay, Real-Time Systems, Maximum Flow}
}
Document
Front Matter
Front Matter, Table of Contents, Preface, Conference Organization

Authors: Bryan C. Ward and Federico Aromolo

Published in: DARTS, Volume 12, Issue 2, Special Issue of the 38th European Conference on Real-Time Systems (ECRTS 2026)


Abstract
Front Matter, Table of Contents, Preface, Conference Organization

Cite as

Special Issue of the 38th European Conference on Real-Time Systems (ECRTS 2026). Dagstuhl Artifacts Series (DARTS), Volume 12, Issue 2, pp. 0:i-0:xii, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2026)


Copy BibTex To Clipboard

@Article{ward_et_al:DARTS.12.2.0,
  author =	{Ward, Bryan C. and Aromolo, Federico},
  title =	{{Front Matter, Table of Contents, Preface, Conference Organization}},
  pages =	{0:i--0:xii},
  journal =	{Dagstuhl Artifacts Series},
  ISSN =	{2509-8195},
  year =	{2026},
  volume =	{12},
  number =	{2},
  editor =	{Ward, Bryan C. and Aromolo, Federico},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DARTS.12.2.0},
  URN =		{urn:nbn:de:0030-drops-268741},
  doi =		{10.4230/DARTS.12.2.0},
  annote =	{Keywords: Front Matter, Table of Contents, Preface, Conference Organization}
}
Document
Artifact
CacheFlow: Using Maximum Flow to Bound Cache-Based Preemption Delays (Artifact)

Authors: Tiancheng He and Bryan C. Ward

Published in: DARTS, Volume 12, Issue 2, Special Issue of the 38th European Conference on Real-Time Systems (ECRTS 2026)


Abstract
This artifact accompanies the ECRTS 2026 paper CacheFlow: Using Maximum Flow to Bound Cache-Based Preemption Delays [Tiancheng He and Bryan C. Ward, 2026]. It provides the Rust plus Python implementation of every cache-related preemption delay (CRPD) analysis evaluated in the paper, the experiment harness used to compare them, the configurations that drive each figure in the paper, and a Docker-based build that fully reproduces the experimental claims of Sections 7.2-7.4. We claim all four ECRTS artifact-evaluation badges: Available, Functional, Reusable, and Results Reproduced.

Cite as

Tiancheng He and Bryan C. Ward. CacheFlow: Using Maximum Flow to Bound Cache-Based Preemption Delays (Artifact). In Special Issue of the 38th European Conference on Real-Time Systems (ECRTS 2026). Dagstuhl Artifacts Series (DARTS), Volume 12, Issue 2, pp. 7:1-7:5, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2026)


Copy BibTex To Clipboard

@Article{he_et_al:DARTS.12.2.7,
  author =	{He, Tiancheng and Ward, Bryan C.},
  title =	{{CacheFlow: Using Maximum Flow to Bound Cache-Based Preemption Delays (Artifact)}},
  pages =	{7:1--7:5},
  journal =	{Dagstuhl Artifacts Series},
  ISSN =	{2509-8195},
  year =	{2026},
  volume =	{12},
  number =	{2},
  editor =	{He, Tiancheng and Ward, Bryan C.},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DARTS.12.2.7},
  URN =		{urn:nbn:de:0030-drops-266240},
  doi =		{10.4230/DARTS.12.2.7},
  annote =	{Keywords: Cache-related preemption delay; CRPD; max-flow; schedulability analysis; real-time systems; artifact}
}
Document
Artifact
DART: A Real-Time Address-Randomization Defense with Predictable Timing (Artifact)

Authors: Patrick Dobranowski, Owen Rice, Ryan Burrow, Nathan Burow, and Bryan C. Ward

Published in: DARTS, Volume 12, Issue 2, Special Issue of the 38th European Conference on Real-Time Systems (ECRTS 2026)


Abstract
This artifact accompanies the ECRTS 2026 paper on DART, a real-time address-randomization defense that randomizes the placement of basic blocks in the virtual address space at page-level granularity while preserving the cache-line behavior of the original binary, thereby keeping a binary’s instruction-cache timing analyzable across all valid randomizations. The artifact contains the full DART toolchain (a patched clang/LLVM 9 compiler, a modified gold linker, the prander randomizer, and a post-link ELF rewriter), distributed as a patch over the upstream Compiler-assisted Code Randomization (CCR) framework. It further contains a patched Linux 5.4.0 kernel whose loader honors DART’s color-aware program headers, the TACLeBench-derived benchmark sources used in the paper, and the experiment drivers and plotting scripts that produce the timing results reported in Section 5 of the companion paper. All components are publicly released so that the community can inspect, reuse, and extend the implementation underlying the paper’s claims.

Cite as

Patrick Dobranowski, Owen Rice, Ryan Burrow, Nathan Burow, and Bryan C. Ward. DART: A Real-Time Address-Randomization Defense with Predictable Timing (Artifact). In Special Issue of the 38th European Conference on Real-Time Systems (ECRTS 2026). Dagstuhl Artifacts Series (DARTS), Volume 12, Issue 2, pp. 8:1-8:4, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2026)


Copy BibTex To Clipboard

@Article{dobranowski_et_al:DARTS.12.2.8,
  author =	{Dobranowski, Patrick and Rice, Owen and Burrow, Ryan and Burow, Nathan and Ward, Bryan C.},
  title =	{{DART: A Real-Time Address-Randomization Defense with Predictable Timing (Artifact)}},
  pages =	{8:1--8:4},
  journal =	{Dagstuhl Artifacts Series},
  ISSN =	{2509-8195},
  year =	{2026},
  volume =	{12},
  number =	{2},
  editor =	{Dobranowski, Patrick and Rice, Owen and Burrow, Ryan and Burow, Nathan and Ward, Bryan C.},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DARTS.12.2.8},
  URN =		{urn:nbn:de:0030-drops-266252},
  doi =		{10.4230/DARTS.12.2.8},
  annote =	{Keywords: real-time systems, code randomization, ASLR, WCET, cache analysis, software diversity}
}
Document
Front Matter
Front Matter, Table of Contents, Artifact Evaluation Process, Artifact Evaluation Committee

Authors: Catherine E. Nemitz and Bryan C. Ward

Published in: DARTS, Volume 11, Issue 1, Special Issue of the 37th Euromicro Conference on Real-Time Systems (ECRTS 2025)


Abstract
Front Matter, Table of Contents, Artifact Evaluation Process, Artifact Evaluation Committee

Cite as

Special Issue of the 37th Euromicro Conference on Real-Time Systems (ECRTS 2025). Dagstuhl Artifacts Series (DARTS), Volume 11, Issue 1, pp. 0:i-0:x, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2025)


Copy BibTex To Clipboard

@Article{nemitz_et_al:DARTS.11.1.0,
  author =	{Nemitz, Catherine E. and Ward, Bryan C.},
  title =	{{Front Matter, Table of Contents, Artifact Evaluation Process, Artifact Evaluation Committee}},
  pages =	{0:i--0:x},
  journal =	{Dagstuhl Artifacts Series},
  ISSN =	{2509-8195},
  year =	{2025},
  volume =	{11},
  number =	{1},
  editor =	{Nemitz, Catherine E. and Ward, Bryan C.},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DARTS.11.1.0},
  URN =		{urn:nbn:de:0030-drops-237736},
  doi =		{10.4230/DARTS.11.1.0},
  annote =	{Keywords: Front Matter, Table of Contents, Artifact Evaluation Process, Artifact Evaluation Committee}
}
Document
Artifact
Light Reading: Optimizing Reader/Writer Locking for Read-Dominant Real-Time Workloads (Artifact)

Authors: Catherine E. Nemitz, Shai Caspin, James H. Anderson, and Bryan C. Ward

Published in: DARTS, Volume 7, Issue 1, Special Issue of the 33rd Euromicro Conference on Real-Time Systems (ECRTS 2021)


Abstract
This paper is directed at reader/writer locking for read-dominant real-time workloads. It is shown that state-of-the-art real-time reader/writer locking protocols are subject to performance limitations when reads dominate, and that existing schedulability analysis fails to leverage the sparsity of writes in this case. A new reader/writer locking-protocol implementation and new inflation-free schedulability analysis are proposed to address these problems. Overhead evaluations of the new implementation show a decrease in overheads of up to 70% over previous implementations, leading to throughput for read operations increasing by up to 450%. Schedulability experiments are presented that show that the analysis results in schedulability improvements of up to 156.8% compared to the existing state-of-the-art approach.

Cite as

Catherine E. Nemitz, Shai Caspin, James H. Anderson, and Bryan C. Ward. Light Reading: Optimizing Reader/Writer Locking for Read-Dominant Real-Time Workloads (Artifact). In Special Issue of the 33rd Euromicro Conference on Real-Time Systems (ECRTS 2021). Dagstuhl Artifacts Series (DARTS), Volume 7, Issue 1, pp. 3:1-3:3, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021)


Copy BibTex To Clipboard

@Article{nemitz_et_al:DARTS.7.1.3,
  author =	{Nemitz, Catherine E. and Caspin, Shai and Anderson, James H. and Ward, Bryan C.},
  title =	{{Light Reading: Optimizing Reader/Writer Locking for Read-Dominant Real-Time Workloads (Artifact)}},
  pages =	{3:1--3:3},
  journal =	{Dagstuhl Artifacts Series},
  ISSN =	{2509-8195},
  year =	{2021},
  volume =	{7},
  number =	{1},
  editor =	{Nemitz, Catherine E. and Caspin, Shai and Anderson, James H. and Ward, Bryan C.},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DARTS.7.1.3},
  URN =		{urn:nbn:de:0030-drops-139828},
  doi =		{10.4230/DARTS.7.1.3},
  annote =	{Keywords: Reader/writer, real-time, synchronization, spinlock, RMR complexity}
}
Document
Light Reading: Optimizing Reader/Writer Locking for Read-Dominant Real-Time Workloads

Authors: Catherine E. Nemitz, Shai Caspin, James H. Anderson, and Bryan C. Ward

Published in: LIPIcs, Volume 196, 33rd Euromicro Conference on Real-Time Systems (ECRTS 2021)


Abstract
This paper is directed at reader/writer locking for read-dominant real-time workloads. It is shown that state-of-the-art real-time reader/writer locking protocols are subject to performance limitations when reads dominate, and that existing schedulability analysis fails to leverage the sparsity of writes in this case. A new reader/writer locking-protocol implementation and new inflation-free schedulability analysis are proposed to address these problems. Overhead evaluations of the new implementation show a decrease in overheads of up to 70% over previous implementations, leading to throughput for read operations increasing by up to 450%. Schedulability experiments are presented that show that the analysis results in schedulability improvements of up to 156.8% compared to the existing state-of-the-art approach.

Cite as

Catherine E. Nemitz, Shai Caspin, James H. Anderson, and Bryan C. Ward. Light Reading: Optimizing Reader/Writer Locking for Read-Dominant Real-Time Workloads. In 33rd Euromicro Conference on Real-Time Systems (ECRTS 2021). Leibniz International Proceedings in Informatics (LIPIcs), Volume 196, pp. 6:1-6:22, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021)


Copy BibTex To Clipboard

@InProceedings{nemitz_et_al:LIPIcs.ECRTS.2021.6,
  author =	{Nemitz, Catherine E. and Caspin, Shai and Anderson, James H. and Ward, Bryan C.},
  title =	{{Light Reading: Optimizing Reader/Writer Locking for Read-Dominant Real-Time Workloads}},
  booktitle =	{33rd Euromicro Conference on Real-Time Systems (ECRTS 2021)},
  pages =	{6:1--6:22},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-192-4},
  ISSN =	{1868-8969},
  year =	{2021},
  volume =	{196},
  editor =	{Brandenburg, Bj\"{o}rn B.},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECRTS.2021.6},
  URN =		{urn:nbn:de:0030-drops-139378},
  doi =		{10.4230/LIPIcs.ECRTS.2021.6},
  annote =	{Keywords: Reader/writer, real-time, synchronization, spinlock, RMR complexity}
}
Document
Control-Flow Integrity for Real-Time Embedded Systems

Authors: Robert J. Walls, Nicholas F. Brown, Thomas Le Baron, Craig A. Shue, Hamed Okhravi, and Bryan C. Ward

Published in: LIPIcs, Volume 133, 31st Euromicro Conference on Real-Time Systems (ECRTS 2019)


Abstract
Attacks on real-time embedded systems can endanger lives and critical infrastructure. Despite this, techniques for securing embedded systems software have not been widely studied. Many existing security techniques for general-purpose computers rely on assumptions that do not hold in the embedded case. This paper focuses on one such technique, control-flow integrity (CFI), that has been vetted as an effective countermeasure against control-flow hijacking attacks on general-purpose computing systems. Without the process isolation and fine-grained memory protections provided by a general-purpose computer with a rich operating system, CFI cannot provide any security guarantees. This work proposes RECFISH, a system for providing CFI guarantees on ARM Cortex-R devices running minimal real-time operating systems. We provide techniques for protecting runtime structures, isolating processes, and instrumenting compiled ARM binaries with CFI protection. We empirically evaluate RECFISH and its performance implications for real-time systems. Our results suggest RECFISH can be directly applied to binaries without compromising real-time performance; in a test of over six million realistic task systems running FreeRTOS, 85% were still schedulable after adding RECFISH.

Cite as

Robert J. Walls, Nicholas F. Brown, Thomas Le Baron, Craig A. Shue, Hamed Okhravi, and Bryan C. Ward. Control-Flow Integrity for Real-Time Embedded Systems. In 31st Euromicro Conference on Real-Time Systems (ECRTS 2019). Leibniz International Proceedings in Informatics (LIPIcs), Volume 133, pp. 2:1-2:24, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2019)


Copy BibTex To Clipboard

@InProceedings{walls_et_al:LIPIcs.ECRTS.2019.2,
  author =	{Walls, Robert J. and Brown, Nicholas F. and Le Baron, Thomas and Shue, Craig A. and Okhravi, Hamed and Ward, Bryan C.},
  title =	{{Control-Flow Integrity for Real-Time Embedded Systems}},
  booktitle =	{31st Euromicro Conference on Real-Time Systems (ECRTS 2019)},
  pages =	{2:1--2:24},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-110-8},
  ISSN =	{1868-8969},
  year =	{2019},
  volume =	{133},
  editor =	{Quinton, Sophie},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECRTS.2019.2},
  URN =		{urn:nbn:de:0030-drops-107397},
  doi =		{10.4230/LIPIcs.ECRTS.2019.2},
  annote =	{Keywords: Control-flow integrity}
}
Any Issues?
X

Feedback on the Current Page

CAPTCHA

Thanks for your feedback!

Feedback submitted to Dagstuhl Publishing

Could not send message

Please try again later or send an E-mail