Patterns in property specifications for finite-state verification
Proceedings of the 21st international conference on Software engineering
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Host Integrity Monitoring Using Osiris and Samhain
Host Integrity Monitoring Using Osiris and Samhain
Linux Journal
Policy Generation Framework for Large-Scale Storage Infrastructures
POLICY '10 Proceedings of the 2010 IEEE International Symposium on Policies for Distributed Systems and Networks
Floguard: cost-aware systemwide intrusion defense via online forensics and on-demand IDS deployment
SAFECOMP'11 Proceedings of the 30th international conference on Computer safety, reliability, and security
| Hi-index | 0.00 |
Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. We present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither realtime nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3 % on average to guarantee high level of combined security and realtimeness simultaneously.