SchedGuard++: Protecting against Schedule Leaks Using Linux Containers on Multi-Core Processors-Reference-Cited by-同舟云学术

SchedGuard++: Protecting against Schedule Leaks Using Linux Containers on Multi-Core Processors

Published:2023-01-31 Issue:1 Volume:7 Page:1-25
ISSN:2378-962X
Container-title:ACM Transactions on Cyber-Physical Systems
language:en
Short-container-title:ACM Trans. Cyber-Phys. Syst.

Author:

Chen Jiyang¹^ORCID,Kloda Tomasz²^ORCID,Tabish Rohan³^ORCID,Bansal Ayoosh³^ORCID,Chen Chien-Ying³^ORCID,Liu Bo³^ORCID,Mohan Sibin³^ORCID,Caccamo Marco¹^ORCID,Sha Lui³^ORCID

Affiliation:

1. Technische Universität München, Munich, Germany

2. LAAS-CNRS, Université de Toulouse, INSA, Toulouse, France

3. University of Illinois at Urbana Champaign, Urbana Champaign, Urbana, Illinois, USA

Abstract

Timing correctness is crucial in a multi-criticality real-time system, such as an autonomous driving system. It has been recently shown that these systems can be vulnerable to timing inference attacks, mainly due to their predictable behavioral patterns. Existing solutions like schedule randomization cannot protect against such attacks, often limited by the system’s real-time nature. This article presents “ SchedGuard++ ”: a temporal protection framework for Linux-based real-time systems that protects against posterior schedule-based attacks by preventing untrusted tasks from executing during specific time intervals. SchedGuard++ supports multi-core platforms and is implemented using Linux containers and a customized Linux kernel real-time scheduler. We provide schedulability analysis assuming the Logical Execution Time (LET) paradigm, which enforces I/O predictability. The proposed response time analysis takes into account the interference from trusted and untrusted tasks and the impact of the protection mechanism. We demonstrate the effectiveness of our system using a realistic radio-controlled rover platform. Not only is “ SchedGuard++ ” able to protect against the posterior schedule-based attacks, but it also ensures that the real-time tasks/containers meet their temporal requirements.

Funder

Office of Naval Research

National Science Foundation

German Federal Ministry of Education and Research

Publisher

Association for Computing Machinery (ACM)

Subject

Artificial Intelligence,Control and Optimization,Computer Networks and Communications,Hardware and Architecture,Human-Computer Interaction

Link

https://dl.acm.org/doi/pdf/10.1145/3565974

Reference64 articles.

1. [n.d.]. Hackers Remotely Kill a Jeep on the Highway–With Me in It. https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway. Accessed: 2022-02-01.

2. Feasibility analysis of recurring branching tasks

3. Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving

4. Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, Tadayoshi Kohno. 2011. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the USENIX Security Symposium, Vol. 4. San Francisco, 447–462.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Impact of priority assignment on schedule-based attacks in real-time embedded systems;Journal of Systems Architecture;2023-12