Maximizing the Security Level of Real-Time Software while Preserving Temporal Constraints

Embedded computing systems are becoming increasingly relevant in the Internet of Things (IoT) and edge computing domains, where they are often employed as the control entity of a cyber-physical system. When operating in such interconnected domains, a software system is susceptible to cyber-attacks f...

Full description

Saved in:
Bibliographic Details
Published inIEEE access Vol. 11; p. 1
Main Authors Di Leonardi, Sandro, Aromolo, Federico, Fara, Pietro, Serra, Gabriele, Casini, Daniel, Biondi, Alessandro, Buttazzo, Giorgio
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 01.01.2023
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Cyber-physical systems
cyber-security
Cyberattack
Cybersecurity
Domains
Edge computing
Embedded software
Embedded systems
Integer programming
Internet of Things
Linear programming
Mixed integer
Optimization
Reagents
Real time
Real-time systems
schedulability analysis
Security
Software
Task analysis
Task scheduling
Timing
vulnerability
Online AccessGet full text

Cover

More Information
Summary:Embedded computing systems are becoming increasingly relevant in the Internet of Things (IoT) and edge computing domains, where they are often employed as the control entity of a cyber-physical system. When operating in such interconnected domains, a software system is susceptible to cyber-attacks from external agents, which can compromise the correct behavior of the system. In addition, the software executing in these systems is typically characterized by stringent timing constraints, which must be satisfied during system execution. Enabling software protections to enhance the security level of the embedded software comes at the cost of increasing the computation times of the tasks, introducing the risk of deadline misses that could also jeopardize the system behavior. This paper presents a methodology to optimize the security level of real-time software while preserving system-wide schedulability by leveraging timing analysis. The proposed approach is based on a mixed-integer linear programming (MILP) formulation that maximizes the security level of the tasks and integrates a response-time analysis technique to assess the schedulability of the system whenever additional protections are activated to shield the software against cyber-attacks targeting specific classes of vulnerabilities. An experimental evaluation is presented to assess the performance of the proposed approach on a representative set of tasks included in standard benchmarking suites for embedded software.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2023.3264671