A novel side-channel in real-time schedulers

Chien Ying Chen, Sibin Mohan, Rodolfo Pellizzoni, Rakesh B. Bobba, Negar Kiyavash

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We demonstrate the presence of a novel scheduler side-channel in preemptive, fixed-priority real-time systems (RTS); examples of such systems can be found in automotive systems, avionic systems, power plants and industrial control systems among others. This side-channel can leak important timing information such as the future arrival times of real-time tasks. This information can then be used to launch devastating attacks, two of which are demonstrated here (on real hardware platforms). Note that it is not easy to capture this timing information due to runtime variations in the schedules, the presence of multiple other tasks in the system and the typical constraints (e.g., deadlines) in the design of RTS. Our ScheduLeak algorithms demonstrate how to effectively exploit this side-channel. A complete implementation is presented on real operating systems (in Real-time Linux and FreeRTOS). Timing information leaked by ScheduLeak can significantly aid other, more advanced, attacks in better accomplishing their goals.

Original languageEnglish (US)
Title of host publicationProceedings - 25th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2019
EditorsBjorn B. Brandenburg
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages90-102
Number of pages13
ISBN (Electronic)9781728106786
DOIs
StatePublished - Apr 2019
Event25th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2019 - Montreal, Canada
Duration: Apr 16 2019Apr 18 2019

Publication series

NameProceedings of the IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS
Volume2019-April
ISSN (Print)1545-3421

Conference

Conference25th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2019
CountryCanada
CityMontreal
Period4/16/194/18/19

Fingerprint

Real time systems
Computer operating systems
Avionics
Power plants
Hardware
Control systems
Linux

Keywords

  • Arrival Time Inferences
  • Information Leakage
  • Real-Time Systems
  • ScheduLeak
  • Schedulers
  • Side-Channels

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Chen, C. Y., Mohan, S., Pellizzoni, R., Bobba, R. B., & Kiyavash, N. (2019). A novel side-channel in real-time schedulers. In B. B. Brandenburg (Ed.), Proceedings - 25th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2019 (pp. 90-102). [8743170] (Proceedings of the IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS; Vol. 2019-April). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/RTAS.2019.00016

A novel side-channel in real-time schedulers. / Chen, Chien Ying; Mohan, Sibin; Pellizzoni, Rodolfo; Bobba, Rakesh B.; Kiyavash, Negar.

Proceedings - 25th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2019. ed. / Bjorn B. Brandenburg. Institute of Electrical and Electronics Engineers Inc., 2019. p. 90-102 8743170 (Proceedings of the IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS; Vol. 2019-April).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chen, CY, Mohan, S, Pellizzoni, R, Bobba, RB & Kiyavash, N 2019, A novel side-channel in real-time schedulers. in BB Brandenburg (ed.), Proceedings - 25th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2019., 8743170, Proceedings of the IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS, vol. 2019-April, Institute of Electrical and Electronics Engineers Inc., pp. 90-102, 25th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2019, Montreal, Canada, 4/16/19. https://doi.org/10.1109/RTAS.2019.00016
Chen CY, Mohan S, Pellizzoni R, Bobba RB, Kiyavash N. A novel side-channel in real-time schedulers. In Brandenburg BB, editor, Proceedings - 25th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 90-102. 8743170. (Proceedings of the IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS). https://doi.org/10.1109/RTAS.2019.00016
Chen, Chien Ying ; Mohan, Sibin ; Pellizzoni, Rodolfo ; Bobba, Rakesh B. ; Kiyavash, Negar. / A novel side-channel in real-time schedulers. Proceedings - 25th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2019. editor / Bjorn B. Brandenburg. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 90-102 (Proceedings of the IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS).
@inproceedings{f50592a7606d4c8186cee09e3e06d820,
title = "A novel side-channel in real-time schedulers",
abstract = "We demonstrate the presence of a novel scheduler side-channel in preemptive, fixed-priority real-time systems (RTS); examples of such systems can be found in automotive systems, avionic systems, power plants and industrial control systems among others. This side-channel can leak important timing information such as the future arrival times of real-time tasks. This information can then be used to launch devastating attacks, two of which are demonstrated here (on real hardware platforms). Note that it is not easy to capture this timing information due to runtime variations in the schedules, the presence of multiple other tasks in the system and the typical constraints (e.g., deadlines) in the design of RTS. Our ScheduLeak algorithms demonstrate how to effectively exploit this side-channel. A complete implementation is presented on real operating systems (in Real-time Linux and FreeRTOS). Timing information leaked by ScheduLeak can significantly aid other, more advanced, attacks in better accomplishing their goals.",
keywords = "Arrival Time Inferences, Information Leakage, Real-Time Systems, ScheduLeak, Schedulers, Side-Channels",
author = "Chen, {Chien Ying} and Sibin Mohan and Rodolfo Pellizzoni and Bobba, {Rakesh B.} and Negar Kiyavash",
year = "2019",
month = "4",
doi = "10.1109/RTAS.2019.00016",
language = "English (US)",
series = "Proceedings of the IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "90--102",
editor = "Brandenburg, {Bjorn B.}",
booktitle = "Proceedings - 25th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2019",
address = "United States",

}

TY - GEN

T1 - A novel side-channel in real-time schedulers

AU - Chen, Chien Ying

AU - Mohan, Sibin

AU - Pellizzoni, Rodolfo

AU - Bobba, Rakesh B.

AU - Kiyavash, Negar

PY - 2019/4

Y1 - 2019/4

N2 - We demonstrate the presence of a novel scheduler side-channel in preemptive, fixed-priority real-time systems (RTS); examples of such systems can be found in automotive systems, avionic systems, power plants and industrial control systems among others. This side-channel can leak important timing information such as the future arrival times of real-time tasks. This information can then be used to launch devastating attacks, two of which are demonstrated here (on real hardware platforms). Note that it is not easy to capture this timing information due to runtime variations in the schedules, the presence of multiple other tasks in the system and the typical constraints (e.g., deadlines) in the design of RTS. Our ScheduLeak algorithms demonstrate how to effectively exploit this side-channel. A complete implementation is presented on real operating systems (in Real-time Linux and FreeRTOS). Timing information leaked by ScheduLeak can significantly aid other, more advanced, attacks in better accomplishing their goals.

AB - We demonstrate the presence of a novel scheduler side-channel in preemptive, fixed-priority real-time systems (RTS); examples of such systems can be found in automotive systems, avionic systems, power plants and industrial control systems among others. This side-channel can leak important timing information such as the future arrival times of real-time tasks. This information can then be used to launch devastating attacks, two of which are demonstrated here (on real hardware platforms). Note that it is not easy to capture this timing information due to runtime variations in the schedules, the presence of multiple other tasks in the system and the typical constraints (e.g., deadlines) in the design of RTS. Our ScheduLeak algorithms demonstrate how to effectively exploit this side-channel. A complete implementation is presented on real operating systems (in Real-time Linux and FreeRTOS). Timing information leaked by ScheduLeak can significantly aid other, more advanced, attacks in better accomplishing their goals.

KW - Arrival Time Inferences

KW - Information Leakage

KW - Real-Time Systems

KW - ScheduLeak

KW - Schedulers

KW - Side-Channels

UR - http://www.scopus.com/inward/record.url?scp=85068833613&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85068833613&partnerID=8YFLogxK

U2 - 10.1109/RTAS.2019.00016

DO - 10.1109/RTAS.2019.00016

M3 - Conference contribution

AN - SCOPUS:85068833613

T3 - Proceedings of the IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS

SP - 90

EP - 102

BT - Proceedings - 25th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2019

A2 - Brandenburg, Bjorn B.

PB - Institute of Electrical and Electronics Engineers Inc.

ER -