ERI: ECCS: Concealing Side-Channels in Real-Time Schedulers

ERI：ECCS：在实时调度程序中隐藏侧通道

• 批准号: 2138295
• 负责人: Sergio Salinas Monroy
• 金额: $ 20万
• 依托单位: Wichita State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-03-01 至 2025-02-28
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2138295&HistoricalAwards=false
• 关键词: ERI; ECCS; Concealing; Side; Channels

Systems with real-time (i.e., stringent temporal and safety) requirements are often heavily engineered to be predictable for their correct operation. Such determinism allows attackers to launch side-channel attacks, infer sensitive information, or even destabilize the system by denying access to critical resources. Hence, this project explores systematic methods to close side-channels in current and future real-time systems. The development of analysis techniques and system-level frameworks proposed in this work will inherently make critical real-time systems of modern society (such as aircraft, automobiles, power grid, unmanned ground and aerial vehicles, satellites, manufacturing plants, industrial control systems, medical devices, and critical infrastructures, to name a few) more secure, and hence, safer. The outcomes of this work will bring researchers and system engineers one step closer to understanding how to integrate two seemingly diverse yet essential fields -- real-time systems and cyber-security -- while gaining a better understanding of both areas. This award supports the training of Ph.D. students, research exposure to undergraduates, and the integration of research findings into educational materials, and hence, enhances the knowledge of the next-generation technological workforce in cyber-physical systems and cyber-security sectors. Further, the project serves as a foundation for cyber-security education, training, and outreach programs for the K-12 students. This proposal investigates the problem of schedule-based side-channel information leakage in real-time systems and aims to mitigate such leakage by introducing the concept of "schedule randomization". The proposed research advances the design of secure real-time systems in three directions: (a) by devising novel analytical models and a new class of schedulers to obfuscate task execution orders, (b) constituting "metrics" to evaluate the system's security, and (c) integrating randomization techniques into existing real-time operating systems. The scheduler plugins and frameworks developed as a part of this project will be publicly available. The curriculum materials and pedagogical contents will also be made available to the educators.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

具有实时性的系统（即，严格的时间和安全性）要求通常被大量地设计成对于它们的正确操作是可预测的。这种确定性允许攻击者发起侧通道攻击、推断敏感信息，甚至通过拒绝访问关键资源来破坏系统稳定。因此，本项目探讨了在当前和未来的实时系统中关闭侧通道的系统方法。本研究中提出的分析技术和系统级框架的发展将使现代社会的关键实时系统（如飞机、汽车、电网、无人驾驶地面和空中车辆、卫星、制造工厂、工业控制系统、医疗设备和关键基础设施等）更加安全，从而更加安全。这项工作的成果将使研究人员和系统工程师更进一步了解如何整合两个看似不同但至关重要的领域-实时系统和网络安全-同时更好地了解这两个领域。该奖项支持博士的培训。这将有助于提高大学生对网络物理系统和网络安全部门的认识，使大学生能够接触到研究成果，并将研究成果纳入教材，从而提高下一代技术人员对网络物理系统和网络安全部门的认识。此外，该项目还为K-12学生的网络安全教育，培训和推广计划奠定了基础。该方案研究了实时系统中基于调度的边信道信息泄漏问题，旨在通过引入“调度随机化”的概念来减轻这种泄漏。建议的研究提出了安全的实时系统的设计在三个方向：（a）通过设计新的分析模型和一类新的混淆任务的执行顺序，（B）构成的“度量”来评估系统的安全性，（c）将随机化技术集成到现有的实时操作系统。作为该项目的一部分开发的调度插件和框架将公开提供。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Work in Progress: Exploring Schedule-Based Side-Channels in TrustZone-Enabled Real-Time Systems

正在进行的工作：探索 TrustZone 实时系统中基于计划的侧通道

• DOI: 10.1109/rtas54340.2022.00033
• 发表时间: 2022
• 期刊: BP Track
• 作者: Aguida, Mohamed Anis;Hasan, Monowar
• 通讯作者: Hasan, Monowar