SHIELD: Security-Aware Scheduling for Real-Time DAGs on Heterogeneous Systems

Many control applications in real-time cyber-physical systems are represented as Directed Acyclic Graphs (DAGs) due to complex interactions among their functional components, and executed on distributed heterogeneous platforms. Data communication between dependent task nodes running on different processing elements are often realized through message transmission over a public network, and are hence susceptible to multiple security threats such as snooping, alteration, and spoofing. Several alternative security protocols having varying security strengths and associated implementation overheads are available in the market, for incorporating confidentiality, integrity, and authentication on the transmitted messages. While message size and correspondingly its associated transmission overheads may be marginally increased due to the assignment of security protocols, significant computation overheads must be incurred for securing the message at the location of its source task node and for unlocking security/message extraction at the destination. Obtained security strengths and associated computation overheads vary depending on the set of protocols chosen for a given message from an available pool of protocols. Given lower bounds on the security demands of an application's messages, selecting the appropriate protocols for each message such that a system's overall security is maximized while satisfying constraints related to the resource, task precedence and deadline, is a challenging and computationally hard problem. In this article, we propose an efficient heuristic strategy called SHIELD for security-aware real-time scheduling of DAG-structured applications to be executed on distributed heterogeneous systems. The efficacy of the proposed scheduler is exhibited through extensive simulation-based experiments using two DAG-structured application benchmarks. Our performance evaluation results demonstrate that SHIELD significantly outperforms two greedy baseline strategies SHIELDb in terms of solution generation times (i.e., runtimes) and SHIELDf in terms of achieved security utility. Additionally, a case study on the Traction Control application in automotive systems has been included to exhibit the applicability of SHIELD in real-world settings.