Contego: An Adaptive Framework for Integrating Security Tasks in Real-Time Systems
This addresses security vulnerabilities in pervasive embedded real-time systems, but is incremental as it adapts existing scheduling methods.
The paper tackles the problem of integrating security tasks into legacy real-time systems without affecting their timing constraints, and demonstrates that Contego maintains real-time performance while enabling security operations.
Embedded real-time systems (RTS) are pervasive. Many modern RTS are exposed to unknown security flaws, and threats to RTS are growing in both number and sophistication. However, until recently, cyber-security considerations were an afterthought in the design of such systems. Any security mechanisms integrated into RTS must (a) co-exist with the real- time tasks in the system and (b) operate without impacting the timing and safety constraints of the control logic. We introduce Contego, an approach to integrating security tasks into RTS without affecting temporal requirements. Contego is specifically designed for legacy systems, viz., the real-time control systems in which major alterations of the system parameters for constituent tasks is not always feasible. Contego combines the concept of opportunistic execution with hierarchical scheduling to maintain compatibility with legacy systems while still providing flexibility by allowing security tasks to operate in different modes. We also define a metric to measure the effectiveness of such integration. We evaluate Contego using synthetic workloads as well as with an implementation on a realistic embedded platform (an open- source ARM CPU running real-time Linux).