SchedGuard: Protecting Against Schedule Leaks Using Linux Containers

Jiyang Chen, Tomasz Kloda, Ayoosh Bansal, Rohan Tabish, Chien Ying Chen, Bo Liu, Sibin Mohan, Marco Caccamo, Lui Sha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Real-time systems have recently been shown to be vulnerable to timing inference attacks, mainly due to their predictable behavioral patterns. Existing solutions such as schedule randomization lack the ability to protect against such attacks, often limited by the system's real-time nature. This paper presents 'SchedGuard': a temporal protection framework for Linux-based hard real-time systems that protects against posterior scheduler side-channel attacks by preventing untrusted tasks from executing during specific time segments. SchedGuard is integrated into the Linux kernel using cgroups, making it amenable to use with container frameworks. We demonstrate the effectiveness of our system using a realistic radio-controlled rover platform and synthetically generated workloads. Not only is SchedGuard able to protect against the attacks mentioned above, but it also ensures that the real-time tasks/containers meet their temporal requirements.

Original languageEnglish (US)
Title of host publicationProceedings - 2021 IEEE 27th Real-Time and Embedded Technology and Applications Symposium, RTAS 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages14-26
Number of pages13
ISBN (Electronic)9781665403863
DOIs
StatePublished - May 2021
Event27th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2021 - Virtual, Online
Duration: May 18 2021May 21 2021

Publication series

NameProceedings of the IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS
Volume2021-May
ISSN (Print)1545-3421

Conference

Conference27th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2021
CityVirtual, Online
Period5/18/215/21/21

Keywords

  • CPS
  • Linux Containers
  • Real-Time
  • Response time analysis
  • Security

ASJC Scopus subject areas

  • General Engineering

Fingerprint

Dive into the research topics of 'SchedGuard: Protecting Against Schedule Leaks Using Linux Containers'. Together they form a unique fingerprint.

Cite this