89 research outputs found
Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems
Much effort has been put into improving the predictability of real-time systems, especially in safety-critical environments, which provides designers with a rich set of methods and tools to attest safety in situations with no or a limited number of accidental faults. However, with increasing connectivity of real-time systems and a wide availability of increasingly sophisticated exploits, security and, in particular, the consequences of predictability on security become concerns of equal importance. Time-triggered scheduling with offline constructed tables provides determinism and simplifies timing inference, however, at the same time, time-triggered scheduling creates vulnerabilities by allowing attackers to target their attacks to specific, deterministically scheduled and possibly safety-critical tasks. In this paper, we analyze the severity of these vulnerabilities by assuming successful compromise of a subset of the tasks running in a real-time system and by investigating the attack potential that attackers gain from them. Moreover, we discuss two ways to mitigate direct attacks: slot-level online randomization of schedules, and offline schedule-diversification. We evaluate these mitigation strategies with a real-world case study to show their practicability for mitigating not only accidentally malicious behavior, but also malicious behavior triggered by attackers on purpose
Analysis of Dynamic Memory Bandwidth Regulation in Multi-core Real-Time Systems
One of the primary sources of unpredictability in modern multi-core embedded
systems is contention over shared memory resources, such as caches,
interconnects, and DRAM. Despite significant achievements in the design and
analysis of multi-core systems, there is a need for a theoretical framework
that can be used to reason on the worst-case behavior of real-time workload
when both processors and memory resources are subject to scheduling decisions.
In this paper, we focus our attention on dynamic allocation of main memory
bandwidth. In particular, we study how to determine the worst-case response
time of tasks spanning through a sequence of time intervals, each with a
different bandwidth-to-core assignment. We show that the response time
computation can be reduced to a maximization problem over assignment of memory
requests to different time intervals, and we provide an efficient way to solve
such problem. As a case study, we then demonstrate how our proposed analysis
can be used to improve the schedulability of Integrated Modular Avionics
systems in the presence of memory-intensive workload.Comment: Accepted for publication in the IEEE Real-Time Systems Symposium
(RTSS) 2018 conferenc
Joint Time-and Event-Triggered Scheduling in the Linux Kernel
There is increasing interest in using Linux in the real-time domain due to
the emergence of cloud and edge computing, the need to decrease costs, and the
growing number of complex functional and non-functional requirements of
real-time applications. Linux presents a valuable opportunity as it has rich
hardware support, an open-source development model, a well-established
programming environment, and avoids vendor lock-in. Although Linux was
initially developed as a general-purpose operating system, some real-time
capabilities have been added to the kernel over many years to increase its
predictability and reduce its scheduling latency. Unfortunately, Linux
currently has no support for time-triggered (TT) scheduling, which is widely
used in the safety-critical domain for its determinism, low run-time scheduling
latency, and strong isolation properties. We present an enhancement of the
Linux scheduler as a new low-overhead TT scheduling class to support offline
table-driven scheduling of tasks on multicore Linux nodes. Inspired by the Slot
shifting algorithm, we complement the new scheduling class with a low overhead
slot shifting manager running on a non-time-triggered core to provide
guaranteed execution time to real-time aperiodic tasks by using the slack of
the time-triggered tasks and avoiding high-overhead table regeneration for
adding new periodic tasks. Furthermore, we evaluate our implementation on
server-grade hardware with Intel Xeon Scalable Processor.Comment: to appear in Operating Systems Platforms for Embedded Real-Time
applications (OSPERT) workshop 2023 co-hosted with 35th Euromicro conference
on Real-time system
Worst-case backlpg for AFDX network with n-priorities
International audienceIn most recent avionics systems, AFDX (Avionics Full Duplex Switched Ethernet) is the network used to replace the previously employed point-to-point networks. AFDX guarantees bandwidth reservations by means of virtual links which can be classified with two priority levels. AFDX compliant switches implement output buffers at each switch output port. The stored frames leave each output port according to a fixed priority FIFO policy. Overflow of these buffers must be avoided at all cost to prevent data loss. Although the AFDX standard determines the minimum buffer size dedicated to an output port, the actual length of each priority buffer, is a designer decision. Previous works address the worst case backlog of ADFX buffers of one and two priorities. In this work we assume an extended AFDX network in which virtual links can be classified into n-priorities and present the problem statement to compute an upper bound on the worst case backlog faced by each buffer of each output port in each switch of the network
Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems
Much effort has been put into improving the predictability of real-time systems, especially in safety-critical environments, which provides designers with a rich set of methods and tools to attest safety in situations with no or a limited number of accidental faults. However, with increasing connectivity of real-time systems and a wide availability of increasingly sophisticated exploits, security and, in particular, the consequences of predictability on security become concerns of equal importance. Time-triggered scheduling with offline constructed tables provides determinism and simplifies timing inference, however, at the same time, time-triggered scheduling creates vulnerabilities by allowing attackers to target their attacks to specific, deterministically scheduled and possibly safety-critical tasks. In this paper, we analyze the severity of these vulnerabilities by assuming successful compromise of a subset of the tasks running in a real-time system and by investigating the attack potential that attackers gain from them. Moreover, we discuss two ways to mitigate direct attacks: slot-level online randomization of schedules, and offline schedule-diversification. We evaluate these mitigation strategies with a real-world case study to show their practicability for mitigating not only accidentally malicious behavior, but also malicious behavior triggered by attackers on purpose
Adaptive Resource Management Made Real
The adaptive resource management framework implemented in the European ACTORS project is presented. A resource manager has been developed that collaborates with a new Linux scheduler providing support for hard constant bandwidth server reservations, in order to adapt applications to changes in resource availability and to adapt the resource allocation to changes in application requirements. The focus of this paper is the three demonstrators developed based on the framework. The demonstrators presented are an adaptive video quality demonstrator, a feedback control demonstrator, and a video decoding demonstrator. All of these execute under the control of the resource manager
Improving Security for Time-Triggered Real-Time Systems against Timing Inference Based Attacks by Schedule Obfuscation
Covert timing channels in real-time systems allow
adversaries to not only exfiltrate application secrets but also to
mount timing inference based attacks. Much effort has been put
into improving real-time system predictability with the additional
benefit of reducing the former class of confidentiality attacks.
However, the more predictable the system behaves, the easier timing
inference based attacks become. Time-triggered scheduling
is particularly vulnerable to these types of attacks due to offline
constructed tables that are scheduled with clock synchronization
and OS-timer predictability. In this paper, we obfuscate timetriggered
scheduling to complicate timing inference based attacks
while maintaining strong protection against exfiltration attacks
Contention-Aware Dynamic Memory Bandwidth Isolation with Predictability in COTS Multicores: An Avionics Case Study
Airbus is investigating COTS multicore platforms for safety-critical avionics applications, pursuing helicopter-style autonomous and electric aircraft. These aircraft need to be ultra-lightweight for future mobility in the urban city landscape. As a step towards certification, Airbus identified the need for new methods that preserve the ARINC 653 single core schedule of a Helicopter Terrain Awareness and Warning System (HTAWS) application while scheduling additional safety-critical partitions on the other cores.
As some partitions in the HTAWS application are memory-intensive, static memory bandwidth throttling may lead to slow down of such partitions or provide only little remaining bandwidth to the other cores. Thus, there is a need for dynamic memory bandwidth isolation. This poses new challenges for scheduling, as execution times and scheduling become interdependent: scheduling requires execution times as input, which depends on memory latencies and contention from memory accesses of other cores - which are determined by scheduling. Furthermore, execution times depend on memory access patterns.
In this paper, we propose a method to solve this problem for slot-based time-triggered systems without requiring application source-code modifications using a number of dynamic memory bandwidth levels. It is NoC and DRAM controller contention-aware and based on the existing interference-sensitive WCET computation and the memory bandwidth throttling mechanism. It constructs schedule tables by assigning partitions and dynamic memory bandwidth to each slot on each core, considering worst case memory access patterns. Then at runtime, two servers - for processing time and memory bandwidth - run on each core, jointly controlling the contention between the cores and the amount of memory accesses per slot.
As a proof-of-concept, we use a constraint solver to construct tables. Experiments on the P4080 COTS multicore platform, using a research OS from Airbus and EEMBC benchmarks, demonstrate that our proposed method enables preserving existing schedules on a core while scheduling additional safety-critical partitions on other cores, and meets dynamic memory bandwidth isolation requirements
On the Optimality of RM and EDF for Non-Preemptive Real-Time Harmonic Tasks
ABSTRACT In this paper, we study non-preemptive uniprocessor realtime scheduling using the non-preemptive RM (npRM) and EDF (npEDF) scheduling algorithms. We discuss the limitations of existing studies, identifying pessimism in current schedulability analysis and inefficiencies in existing processor speedup results. Focusing on harmonic task sets, we show that even with restrictions placed on the execution times of the tasks, npRM and npEDF are not able to schedule all feasible task sets. We obtain necessary conditions for the feasibility of the harmonic tasks with arbitrary integer period ratios. Then we derive sufficient conditions for the schedulability of npRM and npEDF upon harmonic task sets. Based on these conditions, a superior speedup factor which guarantees the schedulability in cases where there are fewer restrictions on the execution times is derived. Results from simulation experiments show an average speedup factor three times less than the only existing feasible method to obtain speedup factor
The FABRIC Project
The FABRIC project aims at the integration of middleware standards used in home networks to provide high quality streaming over a heterogeneous network without introducing new standards
- …