CAREER: Indistinguishability Prevents Information Leakage in Real-Time Schedulers
University Of Illinois At Urbana-Champaign, Urbana IL
Investigators
Abstract
Modern society relies heavily on systems that operate within strict timing requirements such as in engine control units in automobiles, aircraft avionics and navigation systems, programmable logic controllers in manufacturing plants, industrial control systems in the electricity sector, and many hundreds of others. The recent advent of autonomous cars, drones and internet-of-things (IoT) further expands the reach of these "real-time systems". The limitations of such devices viz., small computing power, less memory, limited battery power, has serious consequences for security, specifically, they become much harder to protect and defend. This research develops systematic security mechanisms for real-time embedded systems in critical applications to control what can be observed about them. An important reason why real-time systems are vulnerable is the fact that they are predictable by design, thus leaking critical information. Leakage, say via timing "side channels", might be misused as part of a campaign to disrupt normal operations by knowing the schedule of when critical applications will run. Any mitigations to information leakage must still allow real-time systems to operate within their required timing constraints. This project improves the security of real-time systems using concepts inspired from the area of differential privacy that was developed for database security, where the fundamental concept is to hide personally identifying information from queries on large databases by injecting "noise" in a systematic manner. By analogy for real-time systems, this project focuses on system states at runtime and develops the notion of "schedule indistinguishability" by strategically adding "noise" to the task scheduler, so individual tasks cannot be distinguished separately and cannot be known. The concept of "epsilon-indistinguishability" is developed to measure the probability of information leakage of schedule and timing information by observation of task-level behaviors. A task scheduler that effectively and efficiently uses indistinguishability is designed and prototyped. In addition, the project focuses on developing metrics for real-time systems to measure and assess the risk mitigations of using schedule indistinguishability. The long-term goal of this research is to explore the relationships of "indistinguishability" for cyber-physical systems and their application domains with regard to security, safety, dependability, and resilience. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →