Show simple item record

dc.contributor.authorBansal, Ayoosh
dc.contributor.authorKandikuppa, Anant
dc.contributor.authorChen, Chien-Ying
dc.contributor.authorHasan, Monowar
dc.contributor.authorBates, Adam
dc.contributor.authorMohan, Sibin
dc.identifier.citationBansal, A., Kandikuppa, A., Chen, CY., Hasan, M., Bates, A., Mohan, S. (2022). Towards Efficient Auditing for Real-Time Systems. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13556. Springer, Cham.
dc.descriptionClick on the DOI to access this article (may not be free).
dc.description.abstractSystem auditing is a powerful tool that provides insight into the nature of suspicious events in computing systems, allowing machine operators to detect and subsequently investigate security incidents. While auditing has proven invaluable to the security of traditional computers, existing audit frameworks are rarely designed with consideration for Real-Time Systems (RTS). The transparency provided by system auditing would be of tremendous benefit in a variety of security-critical RTS domains, (e.g., autonomous vehicles); however, if audit mechanisms are not carefully integrated into RTS, auditing can be rendered ineffectual and violate the real-world temporal requirements of the RTS. In this paper, we demonstrate how to adapt commodity audit frameworks to RTS. Using Linux Audit as a case study, we first demonstrate that the volume of audit events generated by commodity frameworks is unsustainable within the temporal and resource constraints of real-time (RT) applications. To address this, we present Ellipsis, a set of kernel-based reduction techniques that leverage the periodic repetitive nature of RT applications to aggressively reduce the costs of system-level auditing. Ellipsis generates succinct descriptions of RT applications’ expected activity while retaining a detailed record of unexpected activities, enabling analysis of suspicious activity while meeting temporal constraints. Our evaluation of Ellipsis, using ArduPilot (an open-source autopilot application suite) demonstrates up to 93% reduction in audit log generation. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
dc.description.sponsorshipThe material presented in this paper is based upon work supported by the Office of Naval Research (ONR) under grant number N00014-17-1-2889 and the National Science Foundation (NSF) under grant numbers CNS 1750024, CNS 1932529, CNS 1955228, CNS 2055127, CNS 2145787 and CNS 2152768. Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of the sponsors.
dc.publisherSpringer Science and Business Media Deutschland GmbH
dc.relation.ispartofseriesLecture Notes in Computer Science
dc.subjectCyber-physical systems
dc.subjectReal-time systems
dc.titleTowards efficient auditing for real-time systems
dc.typeConference paper
dc.rights.holder© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

Files in this item


There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record