Impact of Adding Security to Safety-Critical Real-Time Systems: A Case Study (original) (raw)

Evaluating the Impact of Integrating a Security Module on the Real-Time Properties of a System

IFIP Advances in Information and Communication Technology, 2013

With a rise in the deployment of electronics in today's systems especially in automobiles, the task of securing them against various attacks has become a major challenge. In particular, the most vulnerable points are: (i) communication paths between the Electronic Control Units (ECUs) and between sensors & actuators and the ECU, (ii) remote software updates from the manufacturer and the in-field system. However, when including additional mechanisms to secure such systems, especially real-time systems, there will be a major impact on the realtime properties and on the overall performance of the system. Therefore, the goal of this work is to deploy a minimal security module in a target real-time system and to analyze its impact on the aforementioned properties of the system, while achieving the goals of secure communication and authentic system update. From this analysis, it has been observed that, with the integration of such a security module into the ECU, the response time of the system is strictly dependent on the utilized communication interface between the ECU processor and the security module. The analysis is performed utilizing the security module operating at different frequencies and communicating over two different interfaces i.e., Low-Pin-Count (LPC) bus and Memory-Mapped I/O (MMIO) method.

Secure architecture for embedded systems

2015 IEEE High Performance Extreme Computing Conference (HPEC), 2015

Department of Defense (DoD) systems, e.g., computer networks, are increasingly the targets of deliberate, sophisticated cyber attacks. To assure successful missions, military systems must be secured to perform their intended functions, prevent attacks, and operate while under attack. The DoD has further directed that cyber security technology must be integrated into systems because it is too expensive and impractical to secure a system after it has been designed . To address this directive, Lincoln Laboratory is using a co-design approach to systems that meet both security and functionality requirements. The Laboratory is at the research and development forefront of system solutions for challenging critical missions, such as those to collect, process, and exchange sensitive information. Many of Lincoln Laboratory's prototype systems must be designed with security in mind so that they can be quickly brought into compliance with the DoD's cyber security requirements and support field tests and technology transfer. Many DoD systems require the use of embedded computing. An embedded computer system is designed for a dedicated function, in contrast to a general-purpose computer system, e.g., a desktop computer, which is designed for multiple functions . An ideal design for an embedded system optimizes performance, e.g., small form factor, low power consumption, and high throughput, while providing the specific functionality demanded by the system's purpose, i.e., its mission. Developers must also determine the embedded system's security requirements according to mission objectives and a concept of operations (CONOPS). In general, security should be robust Developers seek to seamlessly integrate cyber security within U.S. military system software. However, added security components can impede a system's functionality. System developers need a well-defined approach for simultaneously designing functionality and cyber security. Lincoln Laboratory's secure embedded system co-design methodology uses a security coprocessor to cryptographically ensure system confidentiality and integrity while maintaining functionality.

Security as a New Dimension in Embedded System Design

The growing number of instances of breaches in information security in the last few years has created a compelling case for efforts towards secure electronic systems. Embedded systems, which will be ubiquitously used to capture, store, manipulate, and access data of a sensitive nature, pose several unique and interesting security challenges. Security has been the subject of intensive research in the areas of cryptography, computing, and networking. However, security is often mis-construed by embedded system designers as the addition of features, such as specific cryptographic algorithms and security protocols, to the system. In reality, it is an entirely new metric that designers should consider throughout the design process, along with other metrics such as cost, performance, and power. This paper is intended to introduce embedded system designers and design tool developers to the challenges involved in designing secure embedded systems. We attempt to provide a unified view of embedded system security by first analyzing the typical functional security requirements for embedded systems from an end-user perspective. We then identify the implied challenges for embedded system architects, as well as hardware and software designers (e.g., tamper-resistant embedded system design, processing requirements for security, impact of security on battery life for batterypowered systems, etc.). We also survey solution techniques to address these challenges, drawing from both current practice and emerging research, and identify open research problems that will require innovations in embedded system architecture and design methodologies.

Modeling Security Aspects in Distributed Real-Time Component-Based Embedded Systems

2012 Ninth International Conference on Information Technology - New Generations, 2012

Model Driven Engineering (MDE) and Component Based Software Development (CBSD) are promising approaches to deal with the increasing complexity of Distributed Real-Time Critical Embedded Systems. On one hand, the functionality complexity of embedded systems is rapidly growing. On the other hand, extra-functional properties (EFP) must be taken into account and resource consumption must be optimized due to limited resources. However, EFP are not independent and impact each other. This paper introduces concepts and mechanisms that allow to model security specifications and derive automatically the corresponding security implementations by transforming the original component model into a secured one taking into account sensitive data flow in the system. The resulted architecture ensures security requirements by construction and is expressed in the original meta model; therefore, it enables using the same timing analysis and synthesis as with the original component model.

Security and Dependability of Embedded Systems: A Computer Architects' Perspective

2009

Designers of embedded systems have traditionally optimized circuits for speed, size, power and time to market. Recently however, the dependability of the system is emerging as a great concern to the modern designer with the decrease in feature size and the increase in the demand for functionality. Yet another crucial concern is the security of systems used for storage of personal details and for financial transactions. A significant number of techniques that are used to overcome security and dependability are the same or have similar origins. Thus this tutorial will examine the overlapping concerns of security and dependability and the design methods used to overcome the problems and threats. This tutorial is divided into four parts: the first will examine dependability issues due to technology effects; the second will look at reliability aware designs; the third, will describe the security threats; and, the fourth part will illustrate the countermeasures to security and reliability issues.

Security engineering for embedded systems

Proceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systems - S&D4RCES '10, 2010

Security is usually not in the main focus in the development of embedded systems. However, strongly interconnected embedded systems play vital roles in many everyday processes and also in industry and critical infrastructures. Therefore, security engineering for embedded systems is a discipline that currently attracts more interest. This paper presents the vision of security engineering for embedded systems formulated by the FP7 project SecFutur [1].

Implementation of Complex Strategies of Security Insecure Embedded Systems

2011

Secure components are subject to physical attacks whose aim is to recover the secret information that they store. Most of works which aim to protect these components generally consist in developing protections (or countermeasures) taken one by one. But this "countermeasure-centered" approach drastically decreases the performances of the whole chip in terms of power and speed. Our work is complementary and consists in reorganising a given set of existing countermeasures in order to optimise both the security and the availability of the circuit without reducing its global performances. The proposed solution is based on a double-processor architecture and on mechanisms to parametrise the hardware and software countermeasures. One processor embeds the state-of-the-art set of countermeasures and executes the application code. The second processor, much smaller, applies the strategy of security (i.e the response of the circuit when a security event arises), but without sharing sensitive data with the first processor. We show that our approach enables the secure circuit's designer to easily fine tune the strategy of security, for example, of Pay-TV applications and could, in the future, be used to optimise dynamically the trade-off between performance and security.

Embedded Systems Design Space Exploration Under Security Constraints

International Journal of Technology Diffusion, 2022

Design space exploration (DSE) is a key activity in any embedded system design flow. With the remarkable increasing in the connectivity to the internet, embedded systems are becoming the target of different cyber-attacks. As security emerges as a major design concern, DSE should be aware of the security aspect at a higher level of abstraction. On the other hand and to our best knowledge, there is no a comprehensive survey on this topic, hence the need to establish a comprehensive survey for existing security-aware DSE approaches for embedded systems at the system level. To meet this objective, we first selected and summarized twenty-two pertinent works. They were analyzed based on a set of criteria. The outcomes of this survey are a set of recommendations that can help embedded systems designers to better dealing with security at system-level DSE stage. The presented survey ends by proposing some potential promising future trends that can be investigated by researchers to pursue the...

An Approach to Satisfying Security Needs of Periodic Tasks in High Performance Embedded Systems

Existing scheduling algorithms for periodic tasks ignore security requirements posed by sensitive applications and are consequently unable to perform properly in high performance embedded systems with security constraints. In this paper we present an approach to scheduling periodic tasks in high performance embedded systems subject to security and timing constraints. We propose a scheduling algorithm, or SASES (Security-Aware Scheduling for Embedded Systems), which accounts for both security and timing requirements. SASES judiciously distributes slack times among a variety of security services for a set of periodic tasks, thereby optimizing security for high-performance embedded systems without sacrificing schedulability. We show through extensive simulations that SASES is able to maximize security for highperformance embedded systems while guaranteeing timeliness. In particular, SASES significantly improves security over three baseline algorithms by up to 93.4%.

The design of a COTS real-time distributed security kernel (extended version)

2001

This technical report describes the design of a security kernel called TTCB, which has innovative features. Firstly, it is a distributed subsystem with its own secure network. Secondly, the TTCB is real-time, that is, a synchronous subsystem capable of timely behavior. These two characteristics together are uncommon in security kernels. Thirdly, the TTCB can be implemented using only COTS components.