ScheduLeak: A Novel Scheduler Side-Channel Attack Against Real-Time Autonomous Control Systems
share
Real-time autonomous control systems are often the core of safety critical systems such as automotive systems, avionic systems, power plants and industrial control systems among others. While safety has traditionally been a focus in the design of these systems, security has often been an afterthought. In this paper we present a novel side-channel in real-time schedulers and algorithms that exploit it. In particular, we show that the scheduler side-channel can be used to obtain critical timing information that can aid other attacks. A complete implementation on both a simulator and real operating systems (i.e., Real-Time Linux as well as FreeRTOS) is also presented to show the effectiveness of the algorithms. We use two attack scenarios on real hardware platforms to show the value of the extracted side-channel information (i.e., aid attacks to reduce overheads and increase attack precision). The results indicate that our methods have a high success rate in reconstructing timing information and help advanced attacks in accomplishing their goals better.
READ FULL TEXT