Covert Timing Channel Design for Uniprocessor Real-Time Systems

  • Jaeheon Kwak
  • Jinkyu LeeEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 931)


Different from a general-purpose system, a real-time system requires stringent timing guarantees. While existing offline analysis techniques can provide timing guarantees using the worst-case execution time (WCET) of individual tasks, a variation of actual execution time makes it difficult to build covert timing channel. In this paper, we first present a novel covert timing channel, which considers actual execution time distribution of tasks and controls execution time to leak data between conspirators; we demonstrate that it is possible to leak data in real-time systems. Second, we suggest two enhancing techniques called S-R LCM (sender-receiver least common multiple) and noise area to reduce noise in communication. Through simulations, we demonstrate that our covert timing channel can serve trade-off between transmission speed and accuracy; that is, it shows average 50.2%, 54.6% and 51.3% accuracy for 100 test cases with thresholds 0, 1.4 and 2.8. Average 58.4% accuracy is accomplished with best threshold values for 100 test cases, and the maximum accuracy for a single test case is recorded 100.0%.


Real-time systems Covert channel Timing inference attack Rate monotonic 



A short, earlier version of this paper has been presented as a domestic conference [17], which is 3-page-long.

This research was supported by the National Research Foundation of Korea (NRF) funded by the Ministry of Science and ICT (2017R1A2B2002458, 2017H1D8A2031628, 2017K2A9A1A01092689) and by the Ministry of Education (2018R1D1A1B07040321). This research was also supported by the IITP (Institute for Information & communications Technology Promotion) funded by the MSIT (Ministry of Science and ICT) (2015-0-00914, IITP-2017-2015-0-00742).


  1. 1.
    Liu, C.L., Layland, J.W.: Scheduling algorithms for multiprogramming in a hard-real-time environment. J. ACM (JACM) 20(1), 46–61 (1973)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Liu, F., Narayanan, A., Bai, Q.: Real-time systems (2000)Google Scholar
  3. 3.
    Hansen, J., Hissam, S., Moreno, G.A.: Statistical-based WCET estimation and validation. In: OASIcs-OpenAccess Series in Informatics, vol. 10. Schloss Dagstuhl-Leibniz-Zentrum für Informatik (2009)Google Scholar
  4. 4.
    Bernat, G., Colin, A., Petters, S.M.: WCET analysis of probabilistic hard real-time systems. In: null, p. 279. IEEE, December 2002Google Scholar
  5. 5.
    Edgar, S., Burns, A.: Statistical analysis of WCET for scheduling. In: 2001 22nd IEEE Proceedings of Real-Time Systems Symposium, (RTSS 2001), pp. 215–224. IEEE, December 2001Google Scholar
  6. 6.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). Scholar
  7. 7.
    Son, J.: Covert timing channel analysis of rate monotonic real-time scheduling algorithm in MLS systems. In: 2006 IEEE Information Assurance Workshop, pp. 361–368. IEEE, June 2006Google Scholar
  8. 8.
    Chen, C.Y., et al.: Schedule-based side-channel attack in fixed-priority real-time systems (2015)Google Scholar
  9. 9.
    Völp, M., Hamann, C.J., Härtig, H.: Avoiding timing channels in fixed-priority schedulers. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 44–55. ACM, March 2008Google Scholar
  10. 10.
    Yoon, M.K., Mohan, S., Chen, C.Y., Sha, L.: TaskShuffler: a schedule randomization protocol for obfuscation against timing inference attacks in real-time systems. In: 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pp. 1–12. IEEE, April 2016Google Scholar
  11. 11.
    Pellizzoni, R., Paryab, N., Yoon, M.K., Bak, S., Mohan, S., Bobba, R.B.: A generalized model for preventing information leakage in hard real-time systems. In: 2015 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pp. 271–282. IEEE, April 2015Google Scholar
  12. 12.
    Mohan, S., Yoon, M.K., Pellizzoni, R., Bobba, R.B.: Integrating security constraints into fixed priority real-time schedulers. Real-Time Syst. 52(5), 644–674 (2016)CrossRefGoogle Scholar
  13. 13.
    Wray, J.C.: An analysis of covert timing channels. J. Comput. Secur. 1(3–4), 219–232 (1992)CrossRefGoogle Scholar
  14. 14.
    Stamp, M.: Information Security: Principles and Practice. Wiley, New York (2011)CrossRefGoogle Scholar
  15. 15.
    Gumbel, E.J.: Statistics of Extremes. Courier Corporation, Mineola (2012)zbMATHGoogle Scholar
  16. 16.
    Sha, L., Rajkumar, R., Sathaye, S.S.: Generalized rate-monotonic scheduling theory: a framework for developing real-time systems. Proc. IEEE 82(1), 68–82 (1994)CrossRefGoogle Scholar
  17. 17.
    Jaeheon, K., Jinkyu, L.: Covert timing channel considering execution time distribution in real-time systems. In: Korea Computer Congress (KCC), pp. 1920–1922 (2017)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.College of SoftwareSungkyunkwan UniversitySuwonRepublic of Korea

Personalised recommendations