REORDER: Securing Dynamic-Priority Real-Time Systems Using Schedule Obfuscation
This addresses security vulnerabilities in real-time systems for embedded and automotive applications, though it is incremental as it builds on existing scheduling methods.
The paper tackled the problem of adversaries exploiting predictable timing behavior in dynamic-priority real-time systems by proposing the REORDER protocol to obfuscate schedules, and it demonstrated integration into the Linux scheduler on a Raspberry Pi with MiBench workloads, showing how designers can measure security and performance impacts.
The deterministic (timing) behavior of real-time systems (RTS) can be used by adversaries - say, to launch side channel attacks or even destabilize the system by denying access to critical resources. We propose a protocol (named REORDER) to obfuscate this predictable timing behavior of RTS, especially ones designed using dynamic-priority scheduling algorithms (e.g., EDF). We also present a metric (named "schedule entropy") that measures the levels of obfuscation introduced into a given real-time system. The REORDER protocol was integrated into the standard Linux real-time scheduler and evaluated on a realistic embedded platform (Raspberry Pi) running the MiBench automotive benchmark workloads. We also demonstrate how designers of RTS can increase the security of their systems and also quantitatively measure the impact (both in terms of security and performance) of using this protocol.