Mixed-Trust Computing: Safe and Secure Real-Time Systems

IF 2 Q3 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS ACM Transactions on Cyber-Physical Systems Pub Date : 2023-12-02 DOI:10.1145/3635162
Dionisio de Niz, Bjorn Andersson, Mark H. Klein, J. Lehoczky, Amit Vasudevan, Hyoseung Kim, Gabriel Moreno
{"title":"Mixed-Trust Computing: Safe and Secure Real-Time Systems","authors":"Dionisio de Niz, Bjorn Andersson, Mark H. Klein, J. Lehoczky, Amit Vasudevan, Hyoseung Kim, Gabriel Moreno","doi":"10.1145/3635162","DOIUrl":null,"url":null,"abstract":"Verifying complex Cyber-Physical Systems (CPS) is increasingly important given the push to deploy safety-critical autonomous features. Unfortunately, traditional verification methods do not scale to the complexity of these systems and do not provide systematic methods to protect verified properties when not all the components can be verified. To address these challenges, this article proposes a real-time mixed-trust computing framework that combines verification and protection. The framework introduces a new task model, where an application task can have both an untrusted and a trusted part. The untrusted part allows complex computations supported by a full OS with a real-time scheduler running in a VM hosted by a trusted hypervisor. The trusted part is executed by another scheduler within the hypervisor and is thus protected from the untrusted part. If the untrusted part fails to finish by a specific time, the trusted part is activated to preserve safety (e.g., prevent a crash) including its timing guarantees. This framework is the first allowing the use of untrusted components for CPS critical functions while preserving logical and timing guarantees, even in the presence of malicious attackers. We present the framework its schedulability analysis and the coordination protocol between the trusted and untrusted parts. Our implementation on a Raspberry Pi 3 is also discussed along with experiments showing the behavior of the system under failures of untrusted components, and a drone application to demonstrate its practicality.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"113 42","pages":""},"PeriodicalIF":2.0000,"publicationDate":"2023-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Cyber-Physical Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3635162","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 0

Abstract

Verifying complex Cyber-Physical Systems (CPS) is increasingly important given the push to deploy safety-critical autonomous features. Unfortunately, traditional verification methods do not scale to the complexity of these systems and do not provide systematic methods to protect verified properties when not all the components can be verified. To address these challenges, this article proposes a real-time mixed-trust computing framework that combines verification and protection. The framework introduces a new task model, where an application task can have both an untrusted and a trusted part. The untrusted part allows complex computations supported by a full OS with a real-time scheduler running in a VM hosted by a trusted hypervisor. The trusted part is executed by another scheduler within the hypervisor and is thus protected from the untrusted part. If the untrusted part fails to finish by a specific time, the trusted part is activated to preserve safety (e.g., prevent a crash) including its timing guarantees. This framework is the first allowing the use of untrusted components for CPS critical functions while preserving logical and timing guarantees, even in the presence of malicious attackers. We present the framework its schedulability analysis and the coordination protocol between the trusted and untrusted parts. Our implementation on a Raspberry Pi 3 is also discussed along with experiments showing the behavior of the system under failures of untrusted components, and a drone application to demonstrate its practicality.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
混合信任计算:安全可靠的实时系统
考虑到部署安全关键自主功能的推动,验证复杂的网络物理系统(CPS)变得越来越重要。不幸的是,传统的验证方法不能扩展到这些系统的复杂性,并且在并非所有组件都可以验证时,不能提供系统的方法来保护已验证的属性。为了应对这些挑战,本文提出了一种结合验证和保护的实时混合信任计算框架。该框架引入了一个新的任务模型,其中应用程序任务可以同时具有不受信任的部分和受信任的部分。不受信任的部分允许由完整的操作系统支持的复杂计算,并在由受信任的管理程序托管的VM中运行实时调度器。受信任的部分由管理程序中的另一个调度器执行,因此不受不受信任部分的影响。如果不可信部分未能在特定时间内完成,则激活可信部分以保持安全性(例如,防止崩溃),包括其时间保证。该框架是第一个允许将不受信任的组件用于CPS关键功能,同时保留逻辑和定时保证的框架,即使在存在恶意攻击者的情况下也是如此。给出了该框架的可调度性分析和可信部分与不可信部分之间的协调协议。我们在树莓派3上的实现也与实验一起讨论,显示了系统在不可信组件故障下的行为,以及无人机应用程序来展示其实用性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
ACM Transactions on Cyber-Physical Systems
ACM Transactions on Cyber-Physical Systems COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS-
CiteScore
5.70
自引率
4.30%
发文量
40
期刊最新文献
On Cyber-Physical Fault Resilience in Data Communication: A Case From A LoRaWAN Network Systems Design DistressNet-NG: A Resilient Data Storage and Sharing Framework for Mobile Edge Computing in Cyber-Physical Systems A Blockchain Architecture to Increase the Resilience of Industrial Control Systems from the Effects of a Ransomware Attack: A Proposal and Initial Results A Combinatorial Optimization Analysis Method for Detecting Malicious Industrial Internet Attack Behaviors Statistical Verification using Surrogate Models and Conformal Inference and a Comparison with Risk-aware Verification
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1