Facing the Safety-Security Gap in RTES: the Challenge of Timeliness

Safety-critical real-time systems, including real-time
cyber-physical and industrial control systems, need not be solely
correct but also timely. Untimely (stale) results may have severe
consequences that could render the control system’s behaviour
hazardous to the physical world. To ensure predictability and
timeliness, developers follow a rigorous process, which essentially
ensures real-time properties a priori, in all but the most unlikely
combinations of circumstances. However, we have seen the
complexity of both real-time applications, and the environments
they run on, increase. If this is matched with the also increasing
sophistication of attacks mounted to RTES systems, the case for
ensuring both safety and security through aprioristic predictability
loses traction, and presents an opportunity, which we take
in this paper, for discussing current practices of critical realtime
system design. To this end, with a slant on low-level task
scheduling, we first investigate the challenges and opportunities
for anticipating successful attacks on real-time systems. Then,
we propose ways for adapting traditional fault- and intrusiontolerant
mechanisms to tolerate such hazards. We found that
tasks which typically execute as analyzed under accidental faults,
may exhibit fundamentally different behavior when compromised
by malicious attacks, even with interference enforcement in place.