With widespread use of common-off-the-shelf components and the drive towards connection with external environments, the real-time systems are facing more and more security problems. In particular, the real-time systems are vulnerable to the schedule-based attacks because of their predictable and deterministic nature in operation. In this paper, we present a security-aware real-time scheduling scheme to counteract the schedule-based attacks by preventing the untrusted tasks from executing during the attack effective window (AEW). In order to minimize the AEW untrusted coverage ratio for the system with uncertain AEW size, we introduce the protection window to characterize the system protection capability limit due to the system schedulability constraint. To increase the opportunity of the priority inversion for the security-aware scheduling, we design an online feasibility test method based on the busy interval analysis. In addition, to reduce the run-time overhead of the online feasibility test, we also propose an efficient online feasibility test method based on the priority inversion budget analysis to avoid online iterative calculation through the offline maximum slack analysis. Owing to the protection window and the online feasibility test, our proposed approach can efficiently provide best-effort protection to mitigate the schedule-based attack vulnerability while ensuring system schedulability. Experiments show the significant security capability improvement of our proposed approach over the state-of-the-art coverage oriented scheduling algorithm.
Read full abstract