On the Pitfalls and Vulnerabilities of Schedule Randomization against Schedule-Based Attacks

Mitra Nasri, Thidapat Chantem, Gedare Bloom, Ryan M. Gerdes

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

4 Citations (Scopus)
102 Downloads (Pure)

Abstract

Schedule randomization is one of the recently introduced security defenses against schedule-based attacks, i.e., attacks whose success depends on a particular ordering between the execution window of an attacker and a victim task within the system. It falls into the category of information hiding (as opposed to deterministic isolation-based defenses) and is designed to reduce the attacker’s ability to infer the future schedule. This paper aims to investigate the limitations and vulnerabilities of schedule randomization-based defenses in real-time systems. We first provide definitions, categorization, and examples of schedule-based attacks, and then discuss the challenges of employing schedule randomization in real-time systems. Further, we provide a preliminary security test to determine whether a certain timing relation between the attacker and victim tasks will never happen in systems scheduled by a fixed-priority scheduling algorithm. Finally, we compare fixed-priority scheduling against schedule-randomization techniques in terms of the success rate of various schedule-based attacks for both synthetic and real world applications. Our results show that, in many cases, schedule randomization either has no security benefits or can even increase the success rate of the attacker depending on the priority relation between the attacker and victim tasks.
Original languageEnglish
Title of host publicationProceedings - 25th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2019
EditorsBjorn B. Brandenburg
PublisherIEEE / ACM
Pages103-116
Number of pages14
ISBN (Electronic)978-1-7281-0678-6
ISBN (Print)978-1-7281-0679-3
DOIs
Publication statusPublished - 17 Apr 2019
Event2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS) - Montreal, Canada
Duration: 16 Apr 201918 Apr 2019

Publication series

NameIEEE conference Real-Time and Embedded Systems and Applications Symposium (RTAS)
PublisherIEEE

Conference

Conference2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS)
CountryCanada
CityMontreal
Period16/04/1918/04/19

Keywords

  • Cyber physical systems
  • Real-time systems security
  • Schedule randomization
  • Schedule-based attack

Fingerprint Dive into the research topics of 'On the Pitfalls and Vulnerabilities of Schedule Randomization against Schedule-Based Attacks'. Together they form a unique fingerprint.

Cite this