TY - GEN
T1 - On the Pitfalls and Vulnerabilities of Schedule Randomization against Schedule-Based Attacks
AU - Nasri, Mitra
AU - Chantem, Thidapat
AU - Bloom, Gedare
AU - Gerdes, Ryan M.
PY - 2019/4/17
Y1 - 2019/4/17
N2 - Schedule randomization is one of the recently introduced security defenses against schedule-based attacks, i.e., attacks whose success depends on a particular ordering between the execution window of an attacker and a victim task within the system. It falls into the category of information hiding (as opposed to deterministic isolation-based defenses) and is designed to reduce the attacker’s ability to infer the future schedule. This paper aims to investigate the limitations and vulnerabilities of schedule randomization-based defenses in real-time systems. We first provide definitions, categorization, and examples of schedule-based attacks, and then discuss the challenges of employing schedule randomization in real-time systems. Further, we provide a preliminary security test to determine whether a certain timing relation between the attacker and victim tasks will never happen in systems scheduled by a fixed-priority scheduling algorithm. Finally, we compare fixed-priority scheduling against schedule-randomization techniques in terms of the success rate of various schedule-based attacks for both synthetic and real world applications. Our results show that, in many cases, schedule randomization either has no security benefits or can even increase the success rate of the attacker depending on the priority relation between the attacker and victim tasks.
AB - Schedule randomization is one of the recently introduced security defenses against schedule-based attacks, i.e., attacks whose success depends on a particular ordering between the execution window of an attacker and a victim task within the system. It falls into the category of information hiding (as opposed to deterministic isolation-based defenses) and is designed to reduce the attacker’s ability to infer the future schedule. This paper aims to investigate the limitations and vulnerabilities of schedule randomization-based defenses in real-time systems. We first provide definitions, categorization, and examples of schedule-based attacks, and then discuss the challenges of employing schedule randomization in real-time systems. Further, we provide a preliminary security test to determine whether a certain timing relation between the attacker and victim tasks will never happen in systems scheduled by a fixed-priority scheduling algorithm. Finally, we compare fixed-priority scheduling against schedule-randomization techniques in terms of the success rate of various schedule-based attacks for both synthetic and real world applications. Our results show that, in many cases, schedule randomization either has no security benefits or can even increase the success rate of the attacker depending on the priority relation between the attacker and victim tasks.
KW - Cyber physical systems
KW - Real-time systems security
KW - Schedule randomization
KW - Schedule-based attack
UR - http://www.scopus.com/inward/record.url?scp=85068858816&partnerID=8YFLogxK
U2 - 10.1109/RTAS.2019.00017
DO - 10.1109/RTAS.2019.00017
M3 - Conference contribution
SN - 978-1-7281-0679-3
T3 - IEEE conference Real-Time and Embedded Systems and Applications Symposium (RTAS)
SP - 103
EP - 116
BT - Proceedings - 25th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2019
A2 - Brandenburg, Bjorn B.
PB - IEEE / ACM
T2 - 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS)
Y2 - 16 April 2019 through 18 April 2019
ER -