Minimizing Side-Channel Attack Vulnerability Via Schedule Randomization

Control systems can be vulnerable to security threats where an attacker gathers information about the execution of the system. In particular, side-channel attacks exploit the predictability of real-time control systems and of their schedules. To counteract their action, a scheduler can randomize the temporal execution of tasks and limit the amount of information the attacker can gather. Schedule randomization is aimed at achieving the highest possible schedule diversity (measured using the upper-approximated entropy metric) during the real-time execution of the controller. This paper investigates fundamental limitations of schedule randomization for a generic taskset. The constructed schedule set has minimal size and achieves the highest possible upper-approximated entropy

Minimizing Side-Channel Attack Vulnerability via Schedule Randomization

Predictable and repeatable execution is the key to ensuring functional correctness for real-time systems. Scheduling algorithms are designed to generate schedules that repeat after a certain amount of time has passed. However, this repeatability is also a vulnerability when side-channel attacks are considered. Side-channel attacks are attacks based on information gained from the implementation of a system, rather than on weaknesses in the algorithm. Side-channel attacks have exploited the predictability of real-time systems to disrupt their correct behavior. Schedule Randomization has been proposed as a way to mitigate this problem. Online, the scheduler selects a schedule among a set of available ones, trying to achieve an execution trace that is as different as possible from previous ones, therefore minimizing the amount of information that the attacker can gather. This thesis investigates fundamental limitations of schedule randomization for a generic taskset. We then propose an algorithm to construct a set of schedules that achieves a differentation level as high as possible, using the fewest number of schedules, for tasksets with implicit deadlines. The approach is validated with synthetically generated tasksets and the taskset of an industrial case study, showing promising results