Graduate Theses and Dissertations (2019 - present)

Date of Award

8-2025

Document Type

Dissertation

Department

Computing

Committee Chair

Jordan Shrophshire, Ph.D.

Advisor(s)

Todd Andel, Ph.D., George Clark, Ph.D., Na Gong, Ph.D., Harold Pardue, Ph.D.

Abstract

Real Time Operating Systems (RTOS) are increasing present throughout the industrial, business, defense, and healthcare spaces. These lightweight and efficient operating systems are designed to run on embedded, resource constrained devices, often within cyber-physical systems (CPS). A defining characteristic ofRTOSs is that they are deterministic. Tasks are scheduled to run on fixed timelines within guaranteed execution windows. In Industry 4.0 applications for example, sensors must receive and process inputs within a fixed schedule to ensure products are properly manufactured. This requires guaranteed service at fixed time periods. To accomplish this, RTOSs must conform to worst case execution times (WCETs) as design parameters. WCET is the maximum time a particular task can take to complete. Exceeding the WCET could cause system failure and lead to damage, injury or even death. Thus, if the system exceeds its WCET estimate it could be assumed anomalous activity is occurring in the software. Unfortunately, many of the systems using RTOSs are extremely resource constrained, with limited power, computing capacity, and memory. In addition, these systems may be difficult or impossible to update. These factors make security controls difficult since conventional security mechanisms put a burden on already strained resources.

This research aims to determine the viability of using out-of-system timing cues to detect timing anomalies in cyber-physical systems, which could indicate some form of attack. This approach would use physical manifestations at the beginning and end of the execution of code regions and compare observed execution time to the expected WCET to detect timing anomalies. To accomplish this, we developed an algorithm which scans the control flow graph of a RTOS based program and determines both the single entry and exit points, as well as any general-pmpose input output (GPIO) occurrences. Our algorithm defines measurement regions that are bound by GPIO activity. We use existing processes to determine the WCET of the selected measurement regions and develop a prototype system to compare the actual execution time with the calculated WCET of the measurement regions. We tested the system by injecting additional code into the measurement regions and were able to determine that the dynamically calculated WCET was exceeded. This novel system would allow enhanced security in the form of timing anomaly detection for resource constrained cyber-physical systems without adding processing, memory, or power requirements to the system itself. In this way, we could provide needed protection to otherwise under protected or unprotected systems. These results confirm the viability of the proposed method of out-of-band monitoring to detect timing anomalies in RTOS based cyber-physical systems. The experiments show that using various levels of delay, we can detect changes in FreeRTOS programs using external indicators, in this case, LED flashes. In simple programs we were able to detect anomalies as small as 400 cycles. In more complex programs we can detect changes in the one millisecond range. xiii

Download

Share

COinS