@inproceedings{e55d3ee216074aaa972bf84b4ec605a2,
title = "SchedGuard: Protecting Against Schedule Leaks Using Linux Containers",
abstract = "Real-time systems have recently been shown to be vulnerable to timing inference attacks, mainly due to their predictable behavioral patterns. Existing solutions such as schedule randomization lack the ability to protect against such attacks, often limited by the system's real-time nature. This paper presents 'SchedGuard': a temporal protection framework for Linux-based hard real-time systems that protects against posterior scheduler side-channel attacks by preventing untrusted tasks from executing during specific time segments. SchedGuard is integrated into the Linux kernel using cgroups, making it amenable to use with container frameworks. We demonstrate the effectiveness of our system using a realistic radio-controlled rover platform and synthetically generated workloads. Not only is SchedGuard able to protect against the attacks mentioned above, but it also ensures that the real-time tasks/containers meet their temporal requirements.",
keywords = "CPS, Linux Containers, Real-Time, Response time analysis, Security",
author = "Jiyang Chen and Tomasz Kloda and Ayoosh Bansal and Rohan Tabish and Chen, {Chien Ying} and Bo Liu and Sibin Mohan and Marco Caccamo and Lui Sha",
note = "Funding Information: The material presented in this paper is based upon work supported by the Office of Naval Research (ONR) under grant number N00014-17-1-2783 and by the National Science Foundation (NSF) under grant numbers CNS 1646383, CNS 1932529, CNS 1815891, and SaTC 1718952. M. Caccamo was also supported by an Alexander von Humboldt Professorship endowed by the German Federal Ministry of Education and Research. Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of the sponsors. Publisher Copyright: {\textcopyright} 2021 IEEE.; 27th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2021 ; Conference date: 18-05-2021 Through 21-05-2021",
year = "2021",
month = may,
doi = "10.1109/RTAS52030.2021.00010",
language = "English (US)",
series = "Proceedings of the IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "14--26",
booktitle = "Proceedings - 2021 IEEE 27th Real-Time and Embedded Technology and Applications Symposium, RTAS 2021",
address = "United States",
}