Scheduler side-channels in preemptive real-time systems: attack and defense techniques

Chen, Chien-Ying

Permalink

https://hdl.handle.net/2142/109512 Copy

Description

Title

Scheduler side-channels in preemptive real-time systems: attack and defense techniques

Author(s)

Chen, Chien-Ying

Issue Date

2020-11-30

Director of Research (if dissertation) or Advisor (if thesis)

Mohan, Sibin

Doctoral Committee Chair(s)

Mohan, Sibin

Committee Member(s)

• Nahrstedt, Klara
• Borisov, Nikita
• Bobba, Rakesh B.
• Pellizzoni, Rodolfo

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

Ph.D.

Degree Level

Dissertation

Keyword(s)

• Scheduler Side-Channels
• Real-Time Systems
• RTS

Abstract

This dissertation aims to address the problem of the side-channels caused by the deterministic nature embedded in the real-time schedulers in preemptive real-time systems (RTS). The dissertation explores the problem by postulating that there exist timing-based side-channels (i.e., scheduler side-channels) that enable adversaries to gauge the behavior of the system with high precision in preemptive RTS and that the RTS can be protected by diversifying the real-time schedules. To validate this hypothesis, the work is divided into three groups to tackle the following three key challenges: • Validate the presence of the scheduler side-channels in preemptive RTS. • Protect the RTS by diversifying the real-time schedule. • Evaluate the risks against the scheduler side-channels and the efficacy of a defense scheme. The dissertation shows that the scheduler side-channels exist in both classes of widely used preemptive RTS (i.e., fixed-priority RTS and dynamic-priority RTS) and can leak critical task information using a user-space, non-privileged task. Such information can be leveraged by other collaborative attacks (e.g., advanced persistent threat attacks) to pose a serious threat to systems. A study on the schedule randomization technique as a defense strategy is conducted and shows that, while being effective in disturbing the repeated patterns in the schedule, there exist trade-offs (e.g., the scheduling overhead) and shortcomings (e.g., ineffectiveness in the face of real-time constraints.) Based on the lesson learned, the dissertation introduces the notion of “schedule indistinguishability” and presents a defense scheme that provides security guarantees to critical tasks by achieving the schedule indistinguishability. The scheduler relaxes the real-time constraints and add random noise drawn from bounded Laplace distribution to the task’s execution patterns to hide the repeated patterns from the task schedule. The dissertation further introduces a security evaluation framework consisting of diverse metrics that capture the unique characteristics of real-time schedules and scheduler side-channels to better evaluate the risks for a given RTS. The work is concluded by assessing the developed scheduler against scheduler side-channels with using the introduced security evaluation framework.

Graduation Semester

2020-12

Type of Resource

Thesis

Permalink

http://hdl.handle.net/2142/109512

Copyright and License Information

Copyright 2020 Chien-Ying Chen

Owning Collections