A Novel Side-Channel in Real-Time Schedulers

TL;DR

This paper uncovers a new side-channel in real-time schedulers that leaks timing information, enabling potential attacks, and demonstrates how to exploit it on real hardware using ScheduLeak algorithms.

Contribution

It introduces a novel scheduler side-channel in preemptive real-time systems and provides algorithms and implementation to exploit this vulnerability.

Findings

Leakage of task arrival times in real-time systems

Effective exploitation of the side-channel with ScheduLeak

Demonstration on real hardware platforms

Abstract

We demonstrate the presence of a novel scheduler side-channel in preemptive, fixed-priority real-time systems (RTS); examples of such systems can be found in automotive systems, avionic systems, power plants and industrial control systems among others. This side-channel can leak important timing information such as the future arrival times of real-time tasks.This information can then be used to launch devastating attacks, two of which are demonstrated here (on real hardware platforms). Note that it is not easy to capture this timing information due to runtime variations in the schedules, the presence of multiple other tasks in the system and the typical constraints (e.g., deadlines) in the design of RTS. Our ScheduLeak algorithms demonstrate how to effectively exploit this side-channel. A complete implementation is presented on real operating systems (in Real-time Linux and FreeRTOS). Timing information leaked by ScheduLeak can significantly aid other, more advanced, attacks in better accomplishing their goals.