Poster - Sechduler: A security-aware kernel scheduler

Parisa Haghani, Saman Zonouz

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. We present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither realtime nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3 % on average to guarantee high level of combined security and realtimeness simultaneously.

Original languageEnglish (US)
Title of host publicationCCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security
Pages1465-1467
Number of pages3
DOIs
StatePublished - Dec 9 2013
Externally publishedYes
Event2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 - Berlin, Germany
Duration: Nov 4 2013Nov 8 2013

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013
CountryGermany
CityBerlin
Period11/4/1311/8/13

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Keywords

  • formal temporal verification
  • intrusion detection and prevention
  • operating system security
  • real-time security

Fingerprint Dive into the research topics of 'Poster - Sechduler: A security-aware kernel scheduler'. Together they form a unique fingerprint.

  • Cite this

    Haghani, P., & Zonouz, S. (2013). Poster - Sechduler: A security-aware kernel scheduler. In CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (pp. 1465-1467). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2508859.2512527