Date of Award
1-28-2025
Degree Name
Doctor of Philosophy (PhD)
Degree Type
Dissertation
Abstract
Real-time cyber physical systems play increasingly important roles in the real world, operating in environments that are sensitive to timing and encompassing a wide range, from low-end embedded devices such as microcontrollers to high-end platforms such as drones and autonomous vehicles. For computational efficiency, these systems are predominantly written in memory-unsafe languages like C/C++, which can introduce numerous memory safety vulnerabilities and lead to several security issues. Since these systems are often used in safety-critical applications, it is essential to ensure security in addition to timeliness. However, existing security protection mechanisms are primarily designed for general-purpose computing systems, and can introduce prohibitive runtime overhead on protected systems, including real-time systems. This high runtime overhead can hinder the direct application of these approaches in real-time contexts. Real-time systems, by contrast, are built on a different computational model to meet specific timing requirements, which presents new opportunities to incorporate security mechanisms with minimal overhead. This dissertation proposes novel security protection mechanisms specifically tailored for real-time systems, aimed at reducing the impact of security overhead on real-time performance. Expanding on three representative security protection mechanisms, including data flow integrity, control flow integrity, and pointer integrity, this work integrates real-time adaptations as follows: First, it proposes performing data-flow integrity checks during spare time within each execution iteration of real-time tasks, achieving strong security protection with minimal worst-case execution time overhead. Second, it extends control-flow integrity on embedded systems by conducting security checks asynchronously, leveraging scheduling windows to reduce real-time impact. Third, it utilizes available time within the overall system schedule to perform pointer integrity checks, enhancing system-wide security without impacting real-time schedulability. In doing so, this dissertation paves the way for optimizing and balancing the trade-off between security protection and real-time performance.
Language
English (en)
Chair
Sanjoy Baruah
Committee Members
Bryan C. Ward; Christopher Gill; Michael Brent; Roger Chamberlain; Sanjoy Baruah