TY - GEN
T1 - Poster - Sechduler
T2 - 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013
AU - Haghani, Parisa
AU - Zonouz, Saman
PY - 2013/12/9
Y1 - 2013/12/9
N2 - Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. We present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither realtime nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3 % on average to guarantee high level of combined security and realtimeness simultaneously.
AB - Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. We present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither realtime nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3 % on average to guarantee high level of combined security and realtimeness simultaneously.
KW - formal temporal verification
KW - intrusion detection and prevention
KW - operating system security
KW - real-time security
UR - http://www.scopus.com/inward/record.url?scp=84889071163&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84889071163&partnerID=8YFLogxK
U2 - 10.1145/2508859.2512527
DO - 10.1145/2508859.2512527
M3 - Conference contribution
AN - SCOPUS:84889071163
SN - 9781450324779
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 1465
EP - 1467
BT - CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security
Y2 - 4 November 2013 through 8 November 2013
ER -