Security for Mission Critical Real-Time Systems


Brett Tjaden
Lonnie R. Welch


Mission critical real-time systems often function in environments that cannot be modeled with static approaches. Because of their (externally-driven) wide dynamic range of system operation, the number of data elements to be processed in an arbitrary period is unknown at the time of system engineering (other than an extremely pessimistic worst case sense). While it may be possible to determine a theoretical upper bound on the number of data items, the construction and maintenance of system components to handle worst-case conditions can be prohibitively costly. To accommodate such dynamic mission critical real-time systems, it is useful to design computing systems that allow reconfiguration and reallocation of resources by sharing a pool of distributed computational resources. Unfortunately, the problem of continuously providing critical system functions in such dynamic real-time environments is exacerbated when one considers attack vulnerability. The Internet has made mission critical real-time computer systems subject to an ever-changing array of attacks for which current defense mechanisms are insufficient. In order to combat intruders in this new environment, new techniques must be developed that enable decision makers to detect unusual behavior in their systems, correlate anomalies into higher-level attacker goals, plan appropriate response action, and execute their plans. This special issue presents current work in this general area ofreal-time system security.

Balupari et al. present their work on INBOUNDS (Integrated Network-Based Ohio University Network Detective Service), a network based anomaly detection system. INBOUNDS is built atop Real-Time TCPTrace, a network traffic capture and analysis program. Real-Time TCPTrace reports every opened and closed network connection, and, periodically, it provides statistics on the activity of all currently opened connections. From this data, INBOUNDS automatically builds profiles of each different network service that it sees. In detection mode, INBOUNDS compares the statistics for an ongoing connection with the profile for the corresponding service to identify connections that are behaving abnormally. INBOUNDS' primary goal is to detect newly developed attacks or variants on existing attacks that are not easily recognized by existing intrusion detection systems.

Jiang et al. discuss a scheme for padding network traffic in an ad-hoc wireless network to limit the amount of useful information an intruder can discern through traffic analysis. Ad-hoc wireless networks possess several unique characteristics that can be valuable in mission critical real-time systems, however, poor security and constraints on energy consumption have limited their deployment in such environments. Jiang et al. propose traffic padding through the insertion of dummy traffic to camouflage the communication patterns present in the real traffic. Further, their scheme attempts to minimize the amount of dummy traffic used in order to reduce the overhead in terms of energy required per unit of real traffic delivered.

Chappell et al. describe the information security environment faced by the U.S. Navy. Mission critical applications that have hard real-time requirements are described. The types of systems discussed range from geographically dispersed operational sites which may have timing constraints in the range of seconds, to shipboard combat system that are responsible for threat assessment, command and control, and targeting weapons which must operate well below the one second threshold. Chappell explains how he and his colleagues at the Naval Surface Warfare Center have begun evaluating the applicability of Intrusion Detection Systems (IDI) in naval environments. Included in this discussion are the current security architectures of naval platforms, some potential future architectures, and the desirable features for intrusion detection systems that may be integrated into these architectures in the future.

Lim et al. address the emerging trend towards connecting distributed embedded devices and the challenges of ensuring integrity and service availability in such an environment. They point to the notion of smart home with many embedded devices, which have a simple web interface. Compared with traditional desktop systems, these embedded devices have certain advantages in terms of security, especially since embedded devices do not typically allow remote login, or support emails with attachments. Nevertheless, most embedded devices will accept downloadable code from the Internet in order to enable product support and upgrades. This mobile code is a substantial security risk, and the authors talk in their paper about the risks associated with accepting questionable control source code for embedded smart devices.

Li and Ye present their decision tree techniques that can be used to automatically identify intrusion signatures, and to subsequently classify activities in computer network systems as either normal or intrusive. They demonstrate how to design and build decision tree classifiers using different features selection methods such as single event, moving window, EWMA vector, and state ID. Taking training and testing data from the audit data supplied by the Basic Security Module of the Solaris operating system, they present the performance of their decision tree classifiers under several different conditions.

Guest Editors
Brett Tjaden and Lonnie Welch
Ohio University, Athens, USA


Introduction to the Special Issue