Towards efficient auditing for real-time systems

No Thumbnail Available
Authors
Bansal, Ayoosh
Kandikuppa, Anant
Chen, Chien-Ying
Hasan, Monowar
Bates, Adam
Mohan, Sibin
Advisors
Issue Date
2022-09-24
Type
Conference paper
Keywords
Auditing , Cyber-physical systems , Real-time systems
Research Projects
Organizational Units
Journal Issue
Citation
Bansal, A., Kandikuppa, A., Chen, CY., Hasan, M., Bates, A., Mohan, S. (2022). Towards Efficient Auditing for Real-Time Systems. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13556. Springer, Cham. https://doi.org/10.1007/978-3-031-17143-7_30
Abstract

System auditing is a powerful tool that provides insight into the nature of suspicious events in computing systems, allowing machine operators to detect and subsequently investigate security incidents. While auditing has proven invaluable to the security of traditional computers, existing audit frameworks are rarely designed with consideration for Real-Time Systems (RTS). The transparency provided by system auditing would be of tremendous benefit in a variety of security-critical RTS domains, (e.g., autonomous vehicles); however, if audit mechanisms are not carefully integrated into RTS, auditing can be rendered ineffectual and violate the real-world temporal requirements of the RTS. In this paper, we demonstrate how to adapt commodity audit frameworks to RTS. Using Linux Audit as a case study, we first demonstrate that the volume of audit events generated by commodity frameworks is unsustainable within the temporal and resource constraints of real-time (RT) applications. To address this, we present Ellipsis, a set of kernel-based reduction techniques that leverage the periodic repetitive nature of RT applications to aggressively reduce the costs of system-level auditing. Ellipsis generates succinct descriptions of RT applications’ expected activity while retaining a detailed record of unexpected activities, enabling analysis of suspicious activity while meeting temporal constraints. Our evaluation of Ellipsis, using ArduPilot (an open-source autopilot application suite) demonstrates up to 93% reduction in audit log generation. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

Table of Contents
Description
Click on the DOI to access this article (may not be free).
Publisher
Springer Science and Business Media Deutschland GmbH
Journal
Book Title
Series
Lecture Notes in Computer Science
2022
PubMed ID
DOI
ISSN
0302-9743
EISSN