Period Adaptation for Continuous Security Monitoring in Multicore Real-Time Systems

TL;DR

This paper introduces HYDRA-C, a framework enabling continuous security monitoring in multicore real-time systems without disrupting existing tasks, demonstrated through intrusion detection on a rover platform.

Contribution

HYDRA-C provides a novel design-time approach for integrating security tasks into multicore RTS, ensuring continuous monitoring with minimal performance impact.

Findings

Detects intrusions 19.05% faster on average

Does not perturb existing real-time task performance

Effective integration of security mechanisms in multicore systems

Abstract

We propose a design-time framework (named HYDRA-C) for integrating security tasks into partitioned real-time systems (RTS) running on multicore platforms. Our goal is to opportunistically execute security monitoring mechanisms in a 'continuous' manner -- i.e., as often as possible, across cores, to ensure that security tasks run with as few interruptions as possible. Our framework will allow designers to integrate security mechanisms without perturbing existing real-time (RT) task properties or execution order. We demonstrate the framework using a proof-of-concept implementation with intrusion detection mechanisms as security tasks. We develop and use both, (a) a custom intrusion detection system (IDS), as well as (b) Tripwire -- an open source data integrity checking tool. These are implemented on a realistic rover platform designed using an ARM multicore chip. We compare the performance of HYDRA-C with a state-of-the-art RT security integration approach for multicore-based RTS and find that our method can, on average, detect intrusions 19.05% faster without impacting the performance of RT tasks.