SchedGuard: Protecting against Schedule Leaks Using Linux Containers

by   Jiyang Chen, et al.

Real-time systems have recently been shown to be vulnerable to timing inference attacks, mainly due to their predictable behavioral patterns. Existing solutions such as schedule randomization lack the ability to protect against such attacks, often limited by the system's real-time nature. This paper presents SchedGuard: a temporal protection framework for Linux-based hard real-time systems that protects against posterior scheduler side-channel attacks by preventing untrusted tasks from executing during specific time segments. SchedGuard is integrated into the Linux kernel using cgroups, making it amenable to use with container frameworks. We demonstrate the effectiveness of our system using a realistic radio-controlled rover platform and synthetically generated workloads. Not only is SchedGuard able to protect against the attacks mentioned above, but it also ensures that the real-time tasks/containers meet their temporal requirements.



There are no comments yet.


page 1


TaskShuffler++: Real-Time Schedule Randomization for Reducing Worst-Case Vulnerability to Timing Inference Attacks

This paper presents a schedule randomization algorithm that reduces the ...

REORDER: Securing Dynamic-Priority Real-Time Systems Using Schedule Obfuscation

Modern real-time systems (RTS) are increasingly the focus of security th...

SlotSwapper: A Schedule Randomization protocol for Real-Time WirelessHART Networks

Industrial process control systems are time-critical systems where relia...

Contego: An Adaptive Framework for Integrating Security Tasks in Real-Time Systems

Embedded real-time systems (RTS) are pervasive. Many modern RTS are expo...

On the Design of an Optimal Multiprocessor Real-Time Scheduling Algorithm under Practical Considerations (Extended Version)

This research addresses the multiprocessor scheduling problem of hard re...

Boomerang: Real-Time I/O Meets Legacy Systems

This paper presents Boomerang, an I/O system that integrates a legacy no...

vLibOS: Babysitting OS Evolution with a Virtualized Library OS

Many applications have service requirements that are not easily met by e...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.