SchedGuard: Protecting against Schedule Leaks Using Linux Containers

04/09/2021
by   Jiyang Chen, et al.
0

Real-time systems have recently been shown to be vulnerable to timing inference attacks, mainly due to their predictable behavioral patterns. Existing solutions such as schedule randomization lack the ability to protect against such attacks, often limited by the system's real-time nature. This paper presents SchedGuard: a temporal protection framework for Linux-based hard real-time systems that protects against posterior scheduler side-channel attacks by preventing untrusted tasks from executing during specific time segments. SchedGuard is integrated into the Linux kernel using cgroups, making it amenable to use with container frameworks. We demonstrate the effectiveness of our system using a realistic radio-controlled rover platform and synthetically generated workloads. Not only is SchedGuard able to protect against the attacks mentioned above, but it also ensures that the real-time tasks/containers meet their temporal requirements.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

11/18/2019

TaskShuffler++: Real-Time Schedule Randomization for Reducing Worst-Case Vulnerability to Timing Inference Attacks

This paper presents a schedule randomization algorithm that reduces the ...
06/04/2018

REORDER: Securing Dynamic-Priority Real-Time Systems Using Schedule Obfuscation

Modern real-time systems (RTS) are increasingly the focus of security th...
10/26/2019

SlotSwapper: A Schedule Randomization protocol for Real-Time WirelessHART Networks

Industrial process control systems are time-critical systems where relia...
04/29/2017

Contego: An Adaptive Framework for Integrating Security Tasks in Real-Time Systems

Embedded real-time systems (RTS) are pervasive. Many modern RTS are expo...
01/25/2010

On the Design of an Optimal Multiprocessor Real-Time Scheduling Algorithm under Practical Considerations (Extended Version)

This research addresses the multiprocessor scheduling problem of hard re...
08/19/2019

Boomerang: Real-Time I/O Meets Legacy Systems

This paper presents Boomerang, an I/O system that integrates a legacy no...
01/24/2018

vLibOS: Babysitting OS Evolution with a Virtualized Library OS

Many applications have service requirements that are not easily met by e...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.