References of "Fohler, Gerhard"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailVulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems
Krüger, Kristin; Volp, Marcus UL; Fohler, Gerhard

in LIPIcs-Leibniz International Proceedings in Informatics (2018), 106

Much effort has been put into improving the predictability of real-time systems, especially in safety-critical environments, which provides designers with a rich set of methods and tools to attest safety ... [more ▼]

Much effort has been put into improving the predictability of real-time systems, especially in safety-critical environments, which provides designers with a rich set of methods and tools to attest safety in situations with no or a limited number of accidental faults. However, with increasing connectivity of real-time systems and a wide availability of increasingly sophisticated exploits, security and, in particular, the consequences of predictability on security become concerns of equal importance. Time-triggered scheduling with offline constructed tables provides determinism and simplifies timing inference, however, at the same time, time-triggered scheduling creates vulnerabilities by allowing attackers to target their attacks to specific, deterministically scheduled and possibly safety-critical tasks. In this paper, we analyze the severity of these vulnerabilities by assuming successful compromise of a subset of the tasks running in a real-time system and by investigating the attack potential that attackers gain from them. Moreover, we discuss two ways to mitigate direct attacks: slot-level online randomization of schedules, and offline schedule-diversification. We evaluate these mitigation strategies with a real-world case study to show their practicability for mitigating not only accidentally malicious behavior, but also malicious behavior triggered by attackers on purpose. [less ▲]

Detailed reference viewed: 60 (4 UL)
Full Text
Peer Reviewed
See detailImproving Security for Time-Triggered Real-Time Systems against Timing Inference Based Attacks by Schedule Obfuscation
Krüger, Kristin; Fohler, Gerhard; Volp, Marcus UL

Scientific Conference (2017, June)

Covert timing channels in real-time systems allow adversaries to not only exfiltrate application secrets but also to mount timing inference based attacks. Much effort has been put into improving real-time ... [more ▼]

Covert timing channels in real-time systems allow adversaries to not only exfiltrate application secrets but also to mount timing inference based attacks. Much effort has been put into improving real-time system predictability with the additional benefit of reducing the former class of confidentiality attacks. However, the more predictable the system behaves, the easier timing inference based attacks become. Time-triggered scheduling is particularly vulnerable to these types of attacks due to offline constructed tables that are scheduled with clock synchronization and OS-timer predictability. In this paper, we obfuscate timetriggered scheduling to complicate timing inference based attacks while maintaining strong protection against exfiltration attacks. [less ▲]

Detailed reference viewed: 46 (5 UL)