Attacking schedule indistinguishability in real-time systems

Sanyal, Debopam

Permalink

https://hdl.handle.net/2142/115429 Copy

Description

Title

Attacking schedule indistinguishability in real-time systems

Author(s)

Sanyal, Debopam

Issue Date

2022-04-25

Director of Research (if dissertation) or Advisor (if thesis)

Mohan, Sibin

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

M.S.

Degree Level

Thesis

Keyword(s)

• real-time systems
• differential privacy
• side-channel attack

Abstract

Real-Time Systems (RTS) have gained prominence in new domains such as autonomous cars, drones, and the Internet-of-Things (IoT). RTS have stringent timing requirements for ensuring their correct operation. Such requirements make it necessary for systems to be deterministic at run-time. This determinism can be used against them as an attack surface, like scheduler side-channels. One way to reduce determinism in systems is by adding noise to system components in order to disrupt their deterministic behavior. Schedule indistinguishability, that is inspired by differential privacy, protects RTS by increasing the indistinguishability of the schedule. It introduces the notion of ϵ-indistinguishability, that measures the probability of information leakage when system schedules are observed. Implemented in an ϵ-Scheduler, it is able to not only offer a higher degree of protection, but also do so with actual guarantees while still maintaining a high degree of performance. The efficacy of the ϵ-Scheduler is epitomized by its success in thwarting an identification attack on a real-time video streaming application. However, schedule indistinguishability can be compromised by side-channels, that leak critical information representative of the private timing data. This information can be combined with other observations made by an adversary to launch attacks on schedule indistinguishability. The scope of attacks using side-channels is explored in this thesis. Two attacks, namely, a timing-based attack and a privacy budget attack are presented. While the timing-based attack takes advantage of the time taken to draw a sample from the noise distribution, the privacy budget attack uses the value of the protection duration. After detailing their threat models and showing their success in disrupting schedule indistinguishability, the thesis investigates their effectiveness in causing security breaches in RTS. The evaluations are carried out using the aforementioned identification attack on the video streaming application. Our results show that side-channel attacks can break schedule indistinguishability and, in turn, undermine the security of RTS against scheduler side-channels. The work can be divided into three key steps: 1. Ascertain the type of information that can be leaked by systems implementing the ϵ-Scheduler. 2. Determine the scope of side-channel attacks using the leaked information. 3. Analyze the relationship between schedule indistinguishability and security of RTS.

Graduation Semester

2022-05

Type of Resource

Thesis

Copyright and License Information

Copyright 2022 Debopam Sanyal

Owning Collections