Sechduler: A security-aware kernel scheduler

Saman Zonouz; Rui Han; Parisa Haghani

doi:10.1109/PRDC.2013.45

Sechduler: A security-aware kernel scheduler

Saman Zonouz, Rui Han, Parisa Haghani

Electrical & Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. In this paper, we present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither real time nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3% on average to guarantee high level of combined security and realtimeness simultaneously.

Original language	English (US)
Title of host publication	Proceedings - 2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing, PRDC 2013
Publisher	IEEE Computer Society
Pages	236-245
Number of pages	10
ISBN (Print)	9780769551302
DOIs	https://doi.org/10.1109/PRDC.2013.45
State	Published - Jan 1 2013
Event	19th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2013 - Vancouver, BC, Canada Duration: Dec 2 2013 → Dec 4 2013

Publication series

Name	Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC
ISSN (Print)	1541-0110

Other

Other	19th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2013
Country	Canada
City	Vancouver, BC
Period	12/2/13 → 12/4/13

Fingerprint

ASJC Scopus subject areas

Computational Theory and Mathematics
Computer Science Applications
Hardware and Architecture
Software

Cite this

Zonouz, S., Han, R., & Haghani, P. (2013). Sechduler: A security-aware kernel scheduler. In Proceedings - 2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing, PRDC 2013 (pp. 236-245). [6820871] (Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC). IEEE Computer Society. https://doi.org/10.1109/PRDC.2013.45

Sechduler : A security-aware kernel scheduler. / Zonouz, Saman; Han, Rui; Haghani, Parisa.

Proceedings - 2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing, PRDC 2013. IEEE Computer Society, 2013. p. 236-245 6820871 (Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Zonouz, S, Han, R & Haghani, P 2013, Sechduler: A security-aware kernel scheduler. in Proceedings - 2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing, PRDC 2013., 6820871, Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC, IEEE Computer Society, pp. 236-245, 19th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2013, Vancouver, BC, Canada, 12/2/13. https://doi.org/10.1109/PRDC.2013.45

@inproceedings{8462486415f74b7d9209710c406b798f,

title = "Sechduler: A security-aware kernel scheduler",

abstract = "Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. In this paper, we present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither real time nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3% on average to guarantee high level of combined security and realtimeness simultaneously.",

author = "Saman Zonouz and Rui Han and Parisa Haghani",

year = "2013",

month = jan

day = "1",

doi = "10.1109/PRDC.2013.45",

language = "English (US)",

isbn = "9780769551302",

series = "Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC",

publisher = "IEEE Computer Society",

pages = "236--245",

booktitle = "Proceedings - 2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing, PRDC 2013",

note = "19th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2013 ; Conference date: 02-12-2013 Through 04-12-2013",

}

TY - GEN

T1 - Sechduler

T2 - 19th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2013

AU - Zonouz, Saman

AU - Han, Rui

AU - Haghani, Parisa

PY - 2013/1/1

Y1 - 2013/1/1

N2 - Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. In this paper, we present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither real time nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3% on average to guarantee high level of combined security and realtimeness simultaneously.

AB - Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. In this paper, we present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither real time nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3% on average to guarantee high level of combined security and realtimeness simultaneously.

UR - http://www.scopus.com/inward/record.url?scp=84906766153&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84906766153&partnerID=8YFLogxK

U2 - 10.1109/PRDC.2013.45

DO - 10.1109/PRDC.2013.45

M3 - Conference contribution

AN - SCOPUS:84906766153

SN - 9780769551302

T3 - Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC

SP - 236

EP - 245

BT - Proceedings - 2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing, PRDC 2013

PB - IEEE Computer Society

Y2 - 2 December 2013 through 4 December 2013

ER -

Access to Document

10.1109/PRDC.2013.45