ScheduLeak: A Scheduler-based Side-channel in Real-time Systems

Team Members: Sibin Mohan, Chien-Ying Chen

Collaborators: Rakesh Bobba, Rodolfo Pellizzoni, Negar Kiyavash

---

Real-time systems are often the core of safety critical systems such as automotive systems, avionic systems, power plants and industrial control systems among others. While safety has traditionally been a focus in the design of these systems, security has often been an afterthought. In this project we present a novel side-channel in real-time schedulers and algorithms that exploit it. In particular, we show that the scheduler side-channel can be used to obtain critical timing information that can aid other attacks. The results indicate that our methods have a high success rate in reconstructing timing information and help advanced attacks in accomplishing their goals better.

Funding:

• This project is supported by a grant from the National Science foundatio (NSF), Award Number: 1718952, “An Exploration of Schedule-Based Vulnerabilities In Real-Time Embedded Systems” (NSF link)

Related Publications:

• C.Y. Chen, S. Mohan, R. Pellizzoni, R. Bobba and N. Kiyavash, “A Novel Side-Channel in Real-Time Schedulers,” in Proc. of 25th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), Apr. 2019.
• C.Y. Chen, A. Ghassami, S. Mohan, N. Kiyavash, R. Bobba and R. Pellizzoni, “ScheduLeak: An Algorithm for Reconstructing Task Schedules in Fixed-Priority Hard Real-Time Systems,” (abstract only) in 1st IEEE Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS), Nov. 2016.

News

• Illinois Researchers To Advance Security of Real-Time Embedded Systems Scheduling