SchedGuard: Protecting against schedule leaks using Linux containers

Jiyang Chen, Tomasz Kloda, Ayoosh Bansal, Rohan Tabish, Chien Ying Chen, Bo Liu, Sibin Mohan, Marco Caccamo, Lui Sha

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

7 Zitate (Scopus)

Abstract

Real-time systems have recently been shown to be vulnerable to timing inference attacks, mainly due to their predictable behavioral patterns. Existing solutions such as schedule randomization lack the ability to protect against such attacks, often limited by the system's real-time nature. This paper presents 'SchedGuard': a temporal protection framework for Linux-based hard real-time systems that protects against posterior scheduler side-channel attacks by preventing untrusted tasks from executing during specific time segments. SchedGuard is integrated into the Linux kernel using cgroups, making it amenable to use with container frameworks. We demonstrate the effectiveness of our system using a realistic radio-controlled rover platform and synthetically generated workloads. Not only is SchedGuard able to protect against the attacks mentioned above, but it also ensures that the real-time tasks/containers meet their temporal requirements.

OriginalspracheEnglisch
TitelProceedings - 2021 IEEE 27th Real-Time and Embedded Technology and Applications Symposium, RTAS 2021
Herausgeber (Verlag)Institute of Electrical and Electronics Engineers Inc.
Seiten14-26
Seitenumfang13
ISBN (elektronisch)9781665403863
DOIs
PublikationsstatusVeröffentlicht - Mai 2021
Veranstaltung27th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2021 - Virtual, Online
Dauer: 18 Mai 202121 Mai 2021

Publikationsreihe

NameProceedings of the IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS
Band2021-May
ISSN (Print)1545-3421

Konferenz

Konferenz27th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2021
OrtVirtual, Online
Zeitraum18/05/2121/05/21

Fingerprint

Untersuchen Sie die Forschungsthemen von „SchedGuard: Protecting against schedule leaks using Linux containers“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren