Browsing by Author "Mishra, Tanmaya"

Now showing 1 - 3 of 3
  • Thumbnail Image
    Defending Real-Time Systems through Timing-Aware Designs
    Mishra, Tanmaya (Virginia Tech, 2022-05-04)
    Real-time computing systems are those that are designed to achieve computing goals by certain deadlines. Real-time computing systems are present in everything from cars to airplanes, pacemakers to industrial-control systems, and other pieces of critical infrastructure. With the increasing interconnectivity of these systems, system security issues and the constant threat of manipulation by malicious external attackers that have plagued general computing systems, now threaten the integrity and safety of real-time systems. This dissertation discusses three different defense techniques that focuses on the role that real-time scheduling theory can play to reduce runtime cost, and guarantee correctness when applying these defense strategies to real-time systems. The first work introduces a novel timing aware defense strategy for the CAN bus that utilizes TrustZone on state-of-the-art ARMv8-M microcontrollers. The second reduces the runtime cost of control-flow integrity (CFI), a popular system security defense technique, by correctly modeling when a real-time system performs I/O, and exploiting the model to schedule CFI procedures efficiently. Finally, the third studies and provides a lightweight mitigation strategy for a recently discovered vulnerability within mixed criticality real-time systems.
  • Thumbnail Image
    Parallelizing Trusted Execution Environments for Multicore Hard Real-Time Systems
    Mishra, Tanmaya (Virginia Tech, 2019-06-05)
    Real-Time systems are defined not only by their logical correctness but also timeliness. Modern real-time systems, such as those controlling industrial plants or the flight controller on UAVs, are no longer isolated. The same computing resources are shared with a variety of other systems and software. Further, these systems are increasingly being connected and made available over the internet with the rise of Internet of Things and the need for automation. Many real-time systems contain sensitive code and data, which not only need to be kept confidential but also need protection against unauthorized access and modification. With the cheap availability of hardware supported Trusted Execution Environments (TEE) in modern day microprocessors, securing sensitive information has become easier and more robust. However, when applied to real-time systems, the overheads of using TEEs make scheduling untenable. However, this issue can be mitigated by judiciously utilizing TEEs and capturing TEE operation peculiarities to create better scheduling policies. This thesis provides a new task model and scheduling approach, Split-TEE task model and a scheduling approach ST-EDF. It also presents simulation results for 2 previously proposed approaches to scheduling TEEs, T-EDF and CT-RM.
  • Thumbnail Image
    A Procrastinating Control-Flow Integrity Framework for Periodic Real-Time Systems
    Mishra, Tanmaya; Wang, Jinwen; Chantem, Thidapat; Gerdes, Ryan M.; Zhang, Ning (ACM, 2023-06-07)
    Connected embedded systems and cyber-physical systems exhibit larger attack surface than isolated ones. Control-flow integrity (CFI) is a set of techniques to prevent attackers from redirecting program control-flow and performing arbitrary computation, by detecting and checking control-flow transfers. Currently CFI for real-time systems either operate in-line with code execution, often depending on hardware mechanisms for improved performance and/or security guarantees, or focus solely on budget management when performing CFI out-of-order. In this work, we exploit the predictable release pattern of periodic real-time systems to create a novel CFI framework. This framework (1) consists of a novel real-time task model, which explicitly considers CFI related execution along with the regular portion of the tasks, and (2) presents a novel hardware-assisted trusted scheduler to enable a unique combination of out-of-order and in-line control flow enforcement on forward edge and backwards edge, respectively, to minimize performance overhead while ensuring real-time deadlines. Our framework provides the flexibility to model arbitrary forward-edge CFI as security tasks, so that we may strategically schedule them, and provide schedulability and correctness analysis to explicitly ensure that CFI verification is always performed on time without affecting the timeliness of the real-time tasks. Simulations show that our new task model outperforms existing work in terms of resource usage, thus allowing for more complex and sophisticated CFI to be implemented. We implement our approach on real hardware and microbenchmarks confirm that our approach has comparable in-line overhead as existing work.