REORDER: Securing Dynamic-Priority Real-Time Systems Using Schedule Obfuscation
share
Modern real-time systems (RTS) are increasingly the focus of security threats. The design of such systems often aids attackers since RTS are engineered to be predictable. This predictability can be used to mount side-channel attacks, destabilize the system (by denying access to critical resources at important times), etc. In this paper, we propose methods to obfuscate the predictable (scheduling) behavior of RTS that use dynamic-priority real-time scheduling algorithms (e.g., EDF). We developed the REORDER protocol for this purpose. Such obfuscation will make it difficult for attackers to target RTS. We also developed a metric (called "schedule entropy") to measure the amount of obfuscation. We integrated our REORDER protocol into the Linux real-time EDF scheduler and evaluated our scheme using both - a realistic embedded platform based on Raspberry Pi and also synthetic workloads.
READ FULL TEXT