The high degree of predictability in hard real-time systems makes it possible for adversaries to launch timing inference attacks such as those based on side-channels and covert-channels. We present SCOBE, an obfuscation engine aimed at randomizing the schedule for such systems while still providing the real-time guarantees that are necessary for their safe operation. This paper also analyzes the effect of these mechanisms by presenting schedule entropy – a metric to measure the uncertainty (as perceived by attackers) introduced by SCOBE. These mechanisms will increase the difficulty for would-be attackers thus improving the overall security guarantees for hard real-time systems.Ope
We develop a new notion of security against timing attacks where the attacker is able to simultaneou...
We discuss a simplified version of the timing attack to illustrate a connection between security and...
Timing side channels in two-user schedulers are studied. When two users share a scheduler, one user ...
The high degree of predictability in hard real-time systems makes it possible for adversaries to lau...
Covert timing channels in real-time systems allow adversaries to not only exfiltrate application se...
Control systems can be vulnerable to security threats where an attacker gathers information about th...
Schedule randomization is one of the recently introduced security defenses against schedule-based at...
Time-triggered real-time systems achieve deterministic behavior using schedules that are constructed...
peer reviewedMuch effort has been put into improving the predictability of real-time systems, especi...
When multiple job processes are served by a single scheduler, the queueing delays of one process are...
Abstract. Inserting random delays in cryptographic implementations is often used as a countermeasure...
Embedded computers control an increasing number of systems directly interacting with humans, while a...
Inserting random delays in cryptographic implementations is often used as a countermeasure against s...
Cryptographic cores are known to leak information about their private key due to runtime variations,...
peer reviewedRandom delays are often inserted in embedded software to protect against side-channel a...
We develop a new notion of security against timing attacks where the attacker is able to simultaneou...
We discuss a simplified version of the timing attack to illustrate a connection between security and...
Timing side channels in two-user schedulers are studied. When two users share a scheduler, one user ...
The high degree of predictability in hard real-time systems makes it possible for adversaries to lau...
Covert timing channels in real-time systems allow adversaries to not only exfiltrate application se...
Control systems can be vulnerable to security threats where an attacker gathers information about th...
Schedule randomization is one of the recently introduced security defenses against schedule-based at...
Time-triggered real-time systems achieve deterministic behavior using schedules that are constructed...
peer reviewedMuch effort has been put into improving the predictability of real-time systems, especi...
When multiple job processes are served by a single scheduler, the queueing delays of one process are...
Abstract. Inserting random delays in cryptographic implementations is often used as a countermeasure...
Embedded computers control an increasing number of systems directly interacting with humans, while a...
Inserting random delays in cryptographic implementations is often used as a countermeasure against s...
Cryptographic cores are known to leak information about their private key due to runtime variations,...
peer reviewedRandom delays are often inserted in embedded software to protect against side-channel a...
We develop a new notion of security against timing attacks where the attacker is able to simultaneou...
We discuss a simplified version of the timing attack to illustrate a connection between security and...
Timing side channels in two-user schedulers are studied. When two users share a scheduler, one user ...