Integrating Security in Real-Time Embedded Systems
funded by: the Office of Naval Research
investigators: Sibin Mohan, Rakesh Bobba, Rodolfo Pellizzoni (University of Waterloo), and David M. Nicol
Embedded real-time systems (RTS) are used to monitor and control physical systems and processes in varied domains. Formerly, most such systems remained isolated from the rest of the world, and applications were partitioned in isolated processing nodes that offered protection from cyber-attacks. Increasingly, these systems are now being connected together, and there does not exist a comprehensive framework for integrating security into embedded RTS; retrofitting existing systems is usually ineffective.
Traditionally, real-time systems are modeled as sets of periodic tasks that are then scheduled on a collection of resources. Any security-related mechanisms must work within the imposed restrictions of real-time systems; on the other hand, those properties of RTS make it easier to model systems and perform rigorous analysis of developed solutions.
This project is aimed at developing (1) an understanding of threat landscapes; (2) security mechanisms that are unique to this domain; and (3) theories, policies, models, algorithms, and mechanisms that bring the domains of security and real-time systems together. The work is answering questions such as: when solutions are developed that integrate security with real-time systems theory, can we classify solutions based on how effectively they meet real-time requirements as well as improve system security? Can this be used to aid in development of robust systems that can monitor themselves and detect events?