Enhancing Attack Resilience in Real-Time Systems through Variable Control Task Sampling Rates

TL;DR

This paper introduces a novel scheduling framework that dynamically varies control task sampling rates and randomizes schedules to prevent timing inference attacks in real-time cyber-physical systems, maintaining safety and performance.

Contribution

It presents the first combined approach of attack-aware schedule randomization with control and scheduling integrity preservation for real-time systems.

Findings

Effective reduction in attack success rate demonstrated on automotive benchmarks.

The MAARS framework maintains control performance while enhancing attack resilience.

Validated via Hardware-in-the-Loop experiments.

Abstract

Cyber-physical systems (CPSs) in modern real-time applications integrate numerous control units linked through communication networks, each responsible for executing a mix of real-time safety-critical and non-critical tasks. To ensure predictable timing behaviour, most safety-critical tasks are scheduled with fixed sampling periods, which supports rigorous safety and performance analyses. However, this deterministic execution can be exploited by attackers to launch inference-based attacks on safety-critical tasks. This paper addresses the challenge of preventing such timing inference or schedule-based attacks by dynamically adjusting the execution rates of safety-critical tasks while maintaining their performance. We propose a novel schedule vulnerability analysis methodology, enabling runtime switching between valid schedules for various control task sampling rates. Leveraging this approach, we present the Multi-Rate Attack-Aware Randomized Scheduling (MAARS) framework for preemptive fixed-priority schedulers, designed to reduce the success rate of timing inference attacks on real-time systems. To our knowledge, this is the first method that combines attack-aware schedule randomization with preserved control and scheduling integrity. The framework's efficacy in attack prevention is evaluated on automotive benchmarks using a Hardware-in-the-Loop (HiL) setup.