Security-Aware RTOS for Time-Critical Cyber-Physical Systems
Keywords:
Embedded Security, Time-Critical Systems, Task Scheduling, Trusted Execution Environment (TEE), Temporal Isolation, Lightweight Cryptography, Intrusion Detection, Secure Kernel Design, Control-Flow Integrity, Embedded System Security, Edge Computing, Hardware-Software Co-Design, Anomaly Detection in RTOS.Abstract
Cyber-Physical Systems (CPS) constitute a group of highly demanding infrastructural systems, which closely couple the computational algorithms with physical dynamics, with a challenging real-time control. As CPS technology continues to spread to fields of autonomous transportation, automation in industries, and medical equipment, the attack area has become significantly larger, therefore, leaving systems vulnerable to myriads of cyber attacks. The traditional RealTime Operating Systems (RTOS) are focused on the need to fulfill the timing and scheduling assurances and do not have intrinsic security enforcement procedures. In this paper, we suggest Security-Aware Real-Time Operating System (S-RTOS) that synthesizes security enforcement within the RTOS kernel without compromising temporal determinism necessary to time-critical CPS task apps. S-RTOS architecture presents a secure task scheduler based on time partitioned execution, light-weight encryption of task context and inter-process communication and a Trusted Execution Time Monitor (TETM) to detect anomalies at runtime. It includes also hardware-enforced control-flow integrity and a real-time intrusion detection module using a one-class support vector machine to train on system behavior metrics. The given components work in harmony to resist time-based side-channel attack, unauthorized change of tasks, and attempted control hijacking. The system is tested on ARM Cortex-M4 embedded board using automotive ECU and an industrial robot arm representative CPS workloads. Experimental findings indicate that the proposed S-RTOS has a latency overhead less than 7.2 % as compared to the baseline RTOS implementations with a task degree of attack detection rate of 98.7 %. Additionally, the memory and CPU overloads are at an acceptable level of implementation into embedded systems. The presented work demonstrates the viability and relevance of the inclusion of native security functionality in RTOS architecture, as a fast track to secure CPS implementations in hostile locations. The suggested S-RTOS provides the comprehensive and elastic approach that would allow both safeguarding and security of the next generation of the embedded systems without sacrificing any real-time performance.
