Randomization as Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Real-Time Systems with Task Replication

Krüger, Kristin; Vreman, Nils; Pates, Richard; Maggio, Martina; Völp, Marcus; Fohler, Gerhard

Randomization as Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Real-Time Systems with Task Replication

Mark

Krüger, Kristin ; Vreman, Nils ^LU ; Pates, Richard ^LU ; Maggio, Martina ^LU ; Völp, Marcus and Fohler, Gerhard (2021) In Leibniz Transactions on Embedded Systems

Abstract: Time-triggered real-time systems achieve deterministic behavior using schedules that are constructed offline, based on scheduling constraints. Their deterministic behavior makes time-triggered systems suitable for usage in safety-critical environments, like avionics. However, this determinism also allows attackers to fine-tune attacks that can be carried out after studying the behavior of the system through side channels, targeting safety-critical victim tasks. Replication -- i.e., the execution of task variants across different cores -- is inherently able to tolerate both accidental and malicious faults (i.e. attacks) as long as these faults are independent of one another. Yet, targeted attacks on the timing behavior of tasks which... (More); Time-triggered real-time systems achieve deterministic behavior using schedules that are constructed offline, based on scheduling constraints. Their deterministic behavior makes time-triggered systems suitable for usage in safety-critical environments, like avionics. However, this determinism also allows attackers to fine-tune attacks that can be carried out after studying the behavior of the system through side channels, targeting safety-critical victim tasks. Replication -- i.e., the execution of task variants across different cores -- is inherently able to tolerate both accidental and malicious faults (i.e. attacks) as long as these faults are independent of one another. Yet, targeted attacks on the timing behavior of tasks which utilize information gained about the system behavior violate the fault independence assumption fault tolerance is based on. This violation may give attackers the opportunity to compromise all replicas simultaneously, in particular if they can mount the attack from already compromised components. In this paper, we analyze vulnerabilities of time-triggered systems, focusing on safety-certified multicore real-time systems. We introduce two runtime mitigation strategies to withstand directed timing inference based attacks: (i) schedule randomization at slot level, and (ii) randomization within a set of offline constructed schedules. We evaluate these mitigation strategies with synthetic experiments and a real case study to show their effectiveness and practicality. (Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/72274bdb-34c7-428c-a4a5-7a044ebfac4e

author

Krüger, Kristin ; Vreman, Nils ^LU ; Pates, Richard ^LU ; Maggio, Martina ^LU ; Völp, Marcus and Fohler, Gerhard

organization

publishing date

2021-08-12

type

Contribution to journal

publication status

published

subject

in

Leibniz Transactions on Embedded Systems

ISSN

2199-2002

DOI

10.4230/LITES.7.1.1

project

Towards Adaptively Morphing Embedded Systems

Scalable Control of Interconnected Systems

language

English

LU publication?

yes

id

72274bdb-34c7-428c-a4a5-7a044ebfac4e

date added to LUP

2021-09-30 11:05:12

date last changed

2022-05-20 09:59:45

@article{72274bdb-34c7-428c-a4a5-7a044ebfac4e,
  abstract     = {{Time-triggered real-time systems achieve deterministic behavior using schedules that are constructed offline, based on scheduling constraints. Their deterministic behavior makes time-triggered systems suitable for usage in safety-critical environments, like avionics. However, this determinism also allows attackers to fine-tune attacks that can be carried out after studying the behavior of the system through side channels, targeting safety-critical victim tasks. Replication -- i.e., the execution of task variants across different cores -- is inherently able to tolerate both accidental and malicious faults (i.e. attacks) as long as these faults are independent of one another. Yet, targeted attacks on the timing behavior of tasks which utilize information gained about the system behavior violate the fault independence assumption fault tolerance is based on. This violation may give attackers the opportunity to compromise all replicas simultaneously, in particular if they can mount the attack from already compromised components. In this paper, we analyze vulnerabilities of time-triggered systems, focusing on safety-certified multicore real-time systems. We introduce two runtime mitigation strategies to withstand directed timing inference based attacks: (i) schedule randomization at slot level, and (ii) randomization within a set of offline constructed schedules. We evaluate these mitigation strategies with synthetic experiments and a real case study to show their effectiveness and practicality.}},
  author       = {{Krüger, Kristin and Vreman, Nils and Pates, Richard and Maggio, Martina and Völp, Marcus and Fohler, Gerhard}},
  issn         = {{2199-2002}},
  language     = {{eng}},
  month        = {{08}},
  series       = {{Leibniz Transactions on Embedded Systems}},
  title        = {{Randomization as Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Real-Time Systems with Task Replication}},
  url          = {{http://dx.doi.org/10.4230/LITES.7.1.1}},
  doi          = {{10.4230/LITES.7.1.1}},
  year         = {{2021}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

Randomization as Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Real-Time Systems with Task Replication