Poster - Sechduler: A security-aware kernel scheduler

Parisa Haghani; Saman Zonouz

doi:10.1145/2508859.2512527

Poster - Sechduler: A security-aware kernel scheduler

Parisa Haghani, Saman Zonouz

Electrical & Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. We present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither realtime nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3 % on average to guarantee high level of combined security and realtimeness simultaneously.

Original language	English (US)
Title of host publication	CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security
Pages	1465-1467
Number of pages	3
DOIs	https://doi.org/10.1145/2508859.2512527
State	Published - Dec 9 2013
Event	2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 - Berlin, Germany Duration: Nov 4 2013 → Nov 8 2013

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Other

Other	2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013
Country	Germany
City	Berlin
Period	11/4/13 → 11/8/13

Keywords

formal temporal verification
intrusion detection and prevention
operating system security
real-time security

ASJC Scopus subject areas

Software
Computer Networks and Communications

Access to Document

10.1145/2508859.2512527

Fingerprint Dive into the research topics of 'Poster - Sechduler: A security-aware kernel scheduler'. Together they form a unique fingerprint.

Cite this

Haghani, P., & Zonouz, S. (2013). Poster - Sechduler: A security-aware kernel scheduler. In CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (pp. 1465-1467). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2508859.2512527

Poster - Sechduler : A security-aware kernel scheduler. / Haghani, Parisa; Zonouz, Saman.

CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. 2013. p. 1465-1467 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Haghani, P & Zonouz, S 2013, Poster - Sechduler: A security-aware kernel scheduler. in CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, pp. 1465-1467, 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 11/4/13. https://doi.org/10.1145/2508859.2512527

@inproceedings{63d6e975698b479281b2cf9b1fef4f37,

title = "Poster - Sechduler: A security-aware kernel scheduler",

abstract = "Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. We present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither realtime nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3 % on average to guarantee high level of combined security and realtimeness simultaneously.",

keywords = "formal temporal verification, intrusion detection and prevention, operating system security, real-time security",

author = "Parisa Haghani and Saman Zonouz",

year = "2013",

month = dec,

day = "9",

doi = "10.1145/2508859.2512527",

language = "English (US)",

isbn = "9781450324779",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "1465--1467",

booktitle = "CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security",

note = "2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 ; Conference date: 04-11-2013 Through 08-11-2013",

}

TY - GEN

T1 - Poster - Sechduler

T2 - 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013

AU - Haghani, Parisa

AU - Zonouz, Saman

PY - 2013/12/9

Y1 - 2013/12/9

N2 - Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. We present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither realtime nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3 % on average to guarantee high level of combined security and realtimeness simultaneously.

AB - Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. We present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither realtime nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3 % on average to guarantee high level of combined security and realtimeness simultaneously.

KW - formal temporal verification

KW - intrusion detection and prevention

KW - operating system security

KW - real-time security

UR - http://www.scopus.com/inward/record.url?scp=84889071163&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84889071163&partnerID=8YFLogxK

U2 - 10.1145/2508859.2512527

DO - 10.1145/2508859.2512527

M3 - Conference contribution

AN - SCOPUS:84889071163

SN - 9781450324779

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 1465

EP - 1467

BT - CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security

Y2 - 4 November 2013 through 8 November 2013

ER -