Germany

The secure functioning of automotive systems is vital to the safety of their passengers and other roadway users. One of the critical functions for safety is the controller area network (CAN), which interconnects the safety-critical electronic control units (ECUs) in the majority of ground vehicles. Unfortunately CAN is known to be vulnerable to several attacks. One such attack is the bus-off attack, which can be used to cause a victim ECU to disconnect itself from the CAN bus and, subsequently, for an attacker to masquerade as that ECU. A limitation of the bus-off attack is that it requires the attacker to achieve tight synchronization between the transmission of the victim and the attacker&#39;s injected message. In this paper, we introduce a schedule-based attack framework for the CAN bus-off attack that uses the real-time schedule of the CAN bus to predict more attack opportunities than previously known. We describe a ranking method for an attacker to select and optimize its attack injections with respect to criteria such as attack success rate, bus perturbation, or attack latency. The results show that vulnerabilities of the CAN bus can be enhanced by schedule-based attacks.

IEEE RTSS 2021

Vulnerability of Controller Area Network to Schedule-Based Attacks

land vehicles

perturbation methods

control systems

schedules

safety

real-time systems

synchronization

bus-off attack

schedule-based attack

controller area network

 **RTSS 2021** has successfully concluded. Hope you have enjoyed it, and look forward to seeing you next year in person.
    Announcement for the Awards:
 * Best Paper Award goes to: Monte Carlo Response-Time Analysis, Sergey Bozhko, Georg von der Brüggen, and Björn Brandenburg
 * Best Student Paper Award goes to: Automatic Energy-Hotspot Detection and Elimination in Real-Time Deeply Embedded Systems, Mohsen Shekarisaz, Lothar Thiele, and Mehdi Kargahi.
 * Best Solution Award for Industry Session goes to: Toward Real-Time Guaranteed Scheduling for Autonomous Driving Systems. Jinghao Sun, Tianyi Wang, Kailu Duan, Bin Lu, Jiankang Ren, Zhishan Guo, and Guozhen Tan.



The IEEE Real-Time Systems Symposium (RTSS) is the premier conference in the field of real-time systems, and is a venue for researchers and practitioners to showcase innovations covering all aspects of real-time systems, including theory, design, analysis, implementation, evaluation, and experience. 

The secure functioning of automotive systems is vital to the safety of their passengers and other roadway users. One of the critical functions for safety is the controller area network (CAN), which interconnects the safety-critical electronic control units (ECUs) in the majority of ground vehicles. Unfortunately CAN is known to be vulnerable to several attacks. One such attack is the bus-off attack, which can be used to cause a victim ECU to disconnect itself from the CAN bus and, subsequently, for an attacker to masquerade as that ECU. A limitation of the bus-off attack is that it requires the attacker to achieve tight synchronization between the transmission of the victim and the attacker's injected message. In this paper, we introduce a schedule-based attack framework for the CAN bus-off attack that uses the real-time schedule of the CAN bus to predict more attack opportunities than previously known. We describe a ranking method for an attacker to select and optimize its attack injections with respect to criteria such as attack success rate, bus perturbation, or attack latency. The results show that vulnerabilities of the CAN bus can be enhanced by schedule-based attacks.

technical paper

Mobile devices have been increasingly deployed in large-scale cyber-physical systems (CPS) to traverse the field and retrieve data measurements from designated physical entities with stringent performance requirements. This work studies the availability-constrained real-time data retrieval problem in CPS with a speed adjustable mobile device (AFDR-SA). The goal is to maintain the temporal validity of the real-time data to be retrieved in the system while meeting the data availability constraints imposed by the communication range between the mobile device and the physical entities. A dynamic programming (DP)-based optimal algorithm is proposed for a special but commonly presented scenario where the retrieval times of individual data items are of the same length. Based on this optimal algorithm, an effective heuristic method is further developed for the general case where data items can have arbitrary retrieval times. The effectiveness of the proposed methods are validated through extensive experiments. Our results demonstrate the optimality of the DP-based algorithm, and show that the heuristic method outperforms the state-of-the-art schemes and performs close to the optimal solution obtained by the exhaustive search with much less computational overhead.

Keep Fresh: Real-time Data Retrieval with Speed Adaptation in Mobile Cyber-Physical Systems

Increased dependence on networked, software-based control has escalated the vulnerabilities of Cyber-Physical Systems (CPSs). Detection and monitoring components developed leveraging dynamical systems theory are often employed as lightweight security measures for protecting such safety-critical CPSs against false data injection attacks. However, existing approaches do not correlate attack scenarios with parameters of detection systems. In this work, we propose real-time attack detection and mitigation strategies for safety-critical CPSs. A Reinforcement Learning (RL) based framework is presented which adaptively sets the parameters of such detectors based on experience learned from attack scenarios. The detection system is provided with a suitable training environment to learn how to maximize the detection rate while minimizing false alarms. Along with the objective of attack detection, our framework also attempts to preserve system performance by judiciously choosing control actions based on the operating region. Our proposed method i) mathematically establishes a detection strategy for fast and accurate FDI attack detection, ii) correlates the key parameters of the detection system by learning from attack scenarios, and iii) incorporates a real-time attack mitigation strategy that uses formally synthesized fast controllers, thus creating an end-to-end defense against FDI attacks for safety-critical CPSs. We evaluate our proposed method using well-known safety-critical CPS examples.

Catch Me If You Learn: Real-Time Attack Detection and Mitigation in Learning Enabled CPS

Real-time end-to-end task scheduling in networked control systems (NCSs) requires the joint consideration of both network and computing resources to guarantee the desired quality of service (QoS). This paper introduces a new model for composite resource scheduling (CRS) in real-time networked control systems, which considers a strict execution order of sensing, computing, and actuating segments based on the control loop of the target NCS. We prove that the general CRS problem is NP-hard and study two special cases of the CRS problem. The first case restricts the computing and actuating segments to have unit-size execution time while the second case assumes that both sensing and actuating segments have unit-size execution time. We propose an optimal algorithm to solve the first case by checking the intervals with 100% network resource utilization and modify the deadlines of the tasks within those intervals to prune the search. For the second case, we propose another optimal algorithm based on a novel backtracking strategy to check the time intervals with the network resource utilization larger than 100% and modify the timing parameters of tasks based on these intervals. For the general case, we design a greedy strategy to modify the timing parameters of both network segments and computing segments within the time intervals that have network and computing resource utilization larger than 100%, respectively. The correctness and effectiveness of the proposed algorithms are verified through extensive experiments.

Composite Resource Scheduling for Networked Control Systems

Artificial-intelligence algorithms are enabling ever more sophisticated autonomous features in safety-critical applica- tion domains. These algorithms can be quite complex—consisting of many tasks interconnected in processing graphs—and often must execute on complex heterogeneous hardware—typically multicore machines augmented with one or more hardware accelerators. To further complicate matters, these processing graphs often must be supported in contexts where a large system is broken into smaller components. With this confluence of factors, existing response-time analysis for processing graphs is not applicable. In this paper, such analysis is extended to address these complexities in systems where components are isolated via time partitioning. Additionally, graph restructuring methods are presented that enable response-time bounds to be reduced.

AI Meets Real-Time: Addressing Real-World Complexities in Graph Response-Time Analysis

Across a range of safety-critical domains, an evolution is underway to endow embedded systems with “thinking” capabilities by using artificial-intelligence (AI) techniques. This evolution is being fueled by the availability of high-performance embedded hardware, typically multicore machines augmented with accelerators. Unfortunately, existing software certification processes rely on time partitioning to isolate system components, and this sense of isolation can be broken by accelerator usage. To address this issue, this paper presents TimeWall, a time-partitioning framework for multicore+accelerator platforms. When applied alongside existing methods for alleviating spatial interference, TimeWall can help enable component-wise certification on multicore+accelerator platforms. The challenges in realizing a TimeWall implementation are discussed in detail in this paper. Additionally, the temporal isolation TimeWall affords is examined experimentally, including via a case study of a computer-vision perception application, on a real platform.

TimeWall: Enabling Time Partitioning for Real-Time Multicore+Accelerator Platforms

General-purpose graphics processing units (GPUs) made available on embedded platforms have gained much interest in real-time cyber-physical systems. Despite the fact that GPUs generally outperform CPUs on many compute-intensive tasks in a multitasking environment, high power consumption remains a challenging problem. In this paper, we first analyze the power and energy consumption of GPU kernels scheduled with spatial multitasking, which is found to be advantageous for schedulability in recent studies, and prove that its use, however, degrades energy efficiency even in the latest commercially available embedded GPUs like NVIDIA Jetson Xavier AGX. Then, based on our observations, we propose sBEET, a real-time energy-efficient GPU scheduling framework that makes scheduling decisions at runtime to optimize the energy consumption while utilizing spatial multitasking to improve real-time performance. We evaluate the performance of the proposed sBEET framework using well-known GPU benchmarks and randomly-generated timing parameters on real hardware. The results indicate that sBEET reduces deadline misses up to 13% when the system is overloaded, and also achieves 15% to 21% lower energy consumption when the tasksets are schedulable compared to the existing works.

Balancing Energy Efficiency and Real-Time Performance in GPU Scheduling

This paper discusses evaluation criteria and scheduling strategies for the analysis of overloaded real-time systems. This work builds upon techniques from queueing theory and proposes a new approach for real-time systems.

Evaluating Task Dropping Strategies for Overloaded Real-Time Systems

Thermal efficient resource mapping and scheduling techniques are particularly important for mobile processors because of limited opportunities for external cooling. In mobile processors such as the ones using ARM’s big.LITTLE architectures, the cores of either the big or the LITTLE processor cannot be individually voltage/frequency scaled. However, we show that by forcing all the application threads to a single core, and not having any workload on the other cores of a processor, there is still considerable thermal benefit. This is counter intuitive since all the cores run at the same frequency. We show real measurements and discuss what impact this has on thermal-aware scheduling for such multicore processors.

Cooling by Core-idling: Thermal-aware Thread Scheduling for Mobile Multicore Processor

Safety-critical (SC) applications require high availability, possibility of run-time reconfiguration, and significant resource over-provisioning. Furthermore, they suffer from hardware obsolescence due to the use of custom or specialized hardware. Cloud computing could be used to resolve these issues. Moreover, they could improve SC systems suffering from scalability issues, e.g., the every growing SC railway network. However, SC applications require low latencies and guarantees that are currently not possible on clouds. In this paper, we explore the possibility of enhancing the current cloud computing paradigm by adding a resource management layer to support the deterministic execution of SC applications while providing the benefits of cloud computing principles. We provide a cloud-wide global resource manager that monitors, controls, and coordinates node-level Local Resource Managers (LRMs) placed on each private cloud node. In addition, we give guarantees to SC virtual machines (VMs) on each node via a novel CPU-and memory bandwidth-aware time-triggered (TT) offline scheduling algorithm that generates a scheduling table for use by an LRM. For improving the utilization of the cloud resources, the LRMs provide flexibility to schedule event-triggered SC and non-critical VMs at run-time without regenerating the offline scheduling table. We implemented our approach in a KVM-based private cloud and performed experiments to determine the relevant overheads.

Cloud Computing for Time-Triggered Safety-Critical Systems

An integrated scheduling of real-time and interactive tasks for smart industrial systems is presented. Our scheduling aims at minimizing the power consumption of the system without missing the deadlines of real-time tasks, and also providing reasonable responsiveness to interactive tasks. To do this, we reserve virtual task slots while performing offline scheduling of real-time tasks, and then interactive tasks are scheduled on the reserved slots through online scheduling. Experimental results show that the proposed policy reduces the energy consumption by 67% without performance degradations.

Premium content

Vulnerability of Controller Area Network to Schedule-Based Attacks

Downloads

Next from IEEE RTSS 2021

Keep Fresh: Real-time Data Retrieval with Speed Adaptation in Mobile Cyber-Physical Systems

Similar lecture

Sub-Linear Overhead in Static Schedules for Fault-Tolerant Transmission