当前位置:
X-MOL 学术
›
arXiv.cs.OS
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
SchedGuard: Protecting against Schedule Leaks Using Linux Containers
arXiv - CS - Operating Systems Pub Date : 2021-04-09 , DOI: arxiv-2104.04528 Jiyang Chen, Tomasz Kloda, Ayoosh Bansal, Rohan Tabish, Chien-Ying Chen, Bo Liu, Sibin Mohan, Marco Caccamo, Lui Sha
arXiv - CS - Operating Systems Pub Date : 2021-04-09 , DOI: arxiv-2104.04528 Jiyang Chen, Tomasz Kloda, Ayoosh Bansal, Rohan Tabish, Chien-Ying Chen, Bo Liu, Sibin Mohan, Marco Caccamo, Lui Sha
Real-time systems have recently been shown to be vulnerable to timing
inference attacks, mainly due to their predictable behavioral patterns.
Existing solutions such as schedule randomization lack the ability to protect
against such attacks, often limited by the system's real-time nature. This
paper presents SchedGuard: a temporal protection framework for Linux-based hard
real-time systems that protects against posterior scheduler side-channel
attacks by preventing untrusted tasks from executing during specific time
segments. SchedGuard is integrated into the Linux kernel using cgroups, making
it amenable to use with container frameworks. We demonstrate the effectiveness
of our system using a realistic radio-controlled rover platform and
synthetically generated workloads. Not only is SchedGuard able to protect
against the attacks mentioned above, but it also ensures that the real-time
tasks/containers meet their temporal requirements.
中文翻译:
SchedGuard:使用Linux容器防止计划泄漏
实时系统最近被证明容易受到定时推理攻击,这主要是由于其可预测的行为模式。诸如调度随机化之类的现有解决方案缺乏防范此类攻击的能力,通常受到系统实时性的限制。本文介绍了SchedGuard:这是一个基于Linux的硬实时系统的时间保护框架,该框架通过防止在特定时间段内执行不受信任的任务来防止后调度程序侧通道攻击。SchedGuard使用cgroups集成到Linux内核中,因此可以与容器框架一起使用。我们使用一个现实的无线电控制流动站平台和综合生成的工作量来演示我们系统的有效性。
更新日期:2021-04-13
中文翻译:
SchedGuard:使用Linux容器防止计划泄漏
实时系统最近被证明容易受到定时推理攻击,这主要是由于其可预测的行为模式。诸如调度随机化之类的现有解决方案缺乏防范此类攻击的能力,通常受到系统实时性的限制。本文介绍了SchedGuard:这是一个基于Linux的硬实时系统的时间保护框架,该框架通过防止在特定时间段内执行不受信任的任务来防止后调度程序侧通道攻击。SchedGuard使用cgroups集成到Linux内核中,因此可以与容器框架一起使用。我们使用一个现实的无线电控制流动站平台和综合生成的工作量来演示我们系统的有效性。