Covert Timing Channel Design for Uniprocessor Real-Time Systems
Different from a general-purpose system, a real-time system requires stringent timing guarantees. While existing offline analysis techniques can provide timing guarantees using the worst-case execution time (WCET) of individual tasks, a variation of actual execution time makes it difficult to build covert timing channel. In this paper, we first present a novel covert timing channel, which considers actual execution time distribution of tasks and controls execution time to leak data between conspirators; we demonstrate that it is possible to leak data in real-time systems. Second, we suggest two enhancing techniques called S-R LCM (sender-receiver least common multiple) and noise area to reduce noise in communication. Through simulations, we demonstrate that our covert timing channel can serve trade-off between transmission speed and accuracy; that is, it shows average 50.2%, 54.6% and 51.3% accuracy for 100 test cases with thresholds 0, 1.4 and 2.8. Average 58.4% accuracy is accomplished with best threshold values for 100 test cases, and the maximum accuracy for a single test case is recorded 100.0%.
KeywordsReal-time systems Covert channel Timing inference attack Rate monotonic
A short, earlier version of this paper has been presented as a domestic conference , which is 3-page-long.
This research was supported by the National Research Foundation of Korea (NRF) funded by the Ministry of Science and ICT (2017R1A2B2002458, 2017H1D8A2031628, 2017K2A9A1A01092689) and by the Ministry of Education (2018R1D1A1B07040321). This research was also supported by the IITP (Institute for Information & communications Technology Promotion) funded by the MSIT (Ministry of Science and ICT) (2015-0-00914, IITP-2017-2015-0-00742).
- 2.Liu, F., Narayanan, A., Bai, Q.: Real-time systems (2000)Google Scholar
- 3.Hansen, J., Hissam, S., Moreno, G.A.: Statistical-based WCET estimation and validation. In: OASIcs-OpenAccess Series in Informatics, vol. 10. Schloss Dagstuhl-Leibniz-Zentrum für Informatik (2009)Google Scholar
- 4.Bernat, G., Colin, A., Petters, S.M.: WCET analysis of probabilistic hard real-time systems. In: null, p. 279. IEEE, December 2002Google Scholar
- 5.Edgar, S., Burns, A.: Statistical analysis of WCET for scheduling. In: 2001 22nd IEEE Proceedings of Real-Time Systems Symposium, (RTSS 2001), pp. 215–224. IEEE, December 2001Google Scholar
- 7.Son, J.: Covert timing channel analysis of rate monotonic real-time scheduling algorithm in MLS systems. In: 2006 IEEE Information Assurance Workshop, pp. 361–368. IEEE, June 2006Google Scholar
- 8.Chen, C.Y., et al.: Schedule-based side-channel attack in fixed-priority real-time systems (2015)Google Scholar
- 9.Völp, M., Hamann, C.J., Härtig, H.: Avoiding timing channels in fixed-priority schedulers. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 44–55. ACM, March 2008Google Scholar
- 10.Yoon, M.K., Mohan, S., Chen, C.Y., Sha, L.: TaskShuffler: a schedule randomization protocol for obfuscation against timing inference attacks in real-time systems. In: 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pp. 1–12. IEEE, April 2016Google Scholar
- 11.Pellizzoni, R., Paryab, N., Yoon, M.K., Bak, S., Mohan, S., Bobba, R.B.: A generalized model for preventing information leakage in hard real-time systems. In: 2015 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pp. 271–282. IEEE, April 2015Google Scholar
- 17.Jaeheon, K., Jinkyu, L.: Covert timing channel considering execution time distribution in real-time systems. In: Korea Computer Congress (KCC), pp. 1920–1922 (2017)Google Scholar