License:
Creative Commons Attribution 3.0 Unported license (CC BY 3.0)
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.ECRTS.2018.22
URN: urn:nbn:de:0030-drops-89811
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2018/8981/
Krüger, Kristin ;
Völp, Marcus ;
Fohler, Gerhard
Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems
Abstract
Much effort has been put into improving the predictability of real-time systems, especially in safety-critical environments, which provides designers with a rich set of methods and tools to attest safety in situations with no or a limited number of accidental faults. However, with increasing connectivity of real-time systems and a wide availability of increasingly sophisticated exploits, security and, in particular, the consequences of predictability on security become concerns of equal importance. Time-triggered scheduling with offline constructed tables provides determinism and simplifies timing inference, however, at the same time, time-triggered scheduling creates vulnerabilities by allowing attackers to target their attacks to specific, deterministically scheduled and possibly safety-critical tasks. In this paper, we analyze the severity of these vulnerabilities by assuming successful compromise of a subset of the tasks running in a real-time system and by investigating the attack potential that attackers gain from them. Moreover, we discuss two ways to mitigate direct attacks: slot-level online randomization of schedules, and offline schedule-diversification. We evaluate these mitigation strategies with a real-world case study to show their practicability for mitigating not only accidentally malicious behavior, but also malicious behavior triggered by attackers on purpose.
BibTeX - Entry
@InProceedings{krger_et_al:LIPIcs:2018:8981,
author = {Kristin Kr{\"u}ger and Marcus V{\"o}lp and Gerhard Fohler},
title = {{Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems}},
booktitle = {30th Euromicro Conference on Real-Time Systems (ECRTS 2018)},
pages = {22:1--22:17},
series = {Leibniz International Proceedings in Informatics (LIPIcs)},
ISBN = {978-3-95977-075-0},
ISSN = {1868-8969},
year = {2018},
volume = {106},
editor = {Sebastian Altmeyer},
publisher = {Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
address = {Dagstuhl, Germany},
URL = {http://drops.dagstuhl.de/opus/volltexte/2018/8981},
URN = {urn:nbn:de:0030-drops-89811},
doi = {10.4230/LIPIcs.ECRTS.2018.22},
annote = {Keywords: real-time systems, time-triggered systems, security, vulnerability}
}
Keywords: |
|
real-time systems, time-triggered systems, security, vulnerability |
Collection: |
|
30th Euromicro Conference on Real-Time Systems (ECRTS 2018) |
Issue Date: |
|
2018 |
Date of publication: |
|
22.06.2018 |