🤖 AI Summary
This work addresses the “all-or-nothing” trade-off between security and performance in edge real-time systems, where existing mechanisms either opportunistically apply protections or enforce uniform security across all tasks. To overcome this limitation, the paper proposes REPOSE, a novel framework that dynamically schedules security operations at runtime based on task behavior, thereby breaking away from conventional static security overhead models. Built upon a weakly hard real-time model, REPOSE integrates runtime feasibility analysis with a proactive-reactive security scheduling mechanism to enable fine-grained, quantifiable trade-offs between security guarantees and control performance. Experimental results demonstrate that under 80% system utilization, REPOSE incurs only 0.06% feasibility overhead—significantly lower than the 29% overhead of hard-constrained approaches—and effectively validates its analyzable and practical trade-off efficacy in classical control scenarios.
📝 Abstract
In contemporary IoT edge devices with real-time requirements, security is primarily enforced through design-time parameters associated with security tasks, leading to mechanisms that operate in an \emph{opportunistic} manner. As a result, security checks are often performed as secondary operations. This approach can result in systems where no security tasks are executed due to high utilization by other tasks. An alternative approach taken in prior work is to add security mechanisms to every task in the system, resulting in substantially lower performance than that of a system with no security. These approaches have resulted in an \emph{all-or-nothing} scenario for edge device security, motivating numerous studies on the safety-security trade-off in real-time cyber-physical systems (RT-CPS). This study introduces an analytical framework -- REPOSE -- for evaluating the security feasibility of real-time control systems at runtime. REPOSE is developed for \textit{weakly-hard} real-time control systems that facilitate a ``bounded trade-off'' between safety and security. In contrast to imposing additional (pessimistic) design-time overhead as considered in some real-time security literature, REPOSE performs security operations in both \textit{proactive} and \textit{reactive} manners based on the task's current behavior. Our evaluations show that REPOSE can effectively add security operations to RT-CPS with a feasibility overhead of $0.06\%$ at $80\%$ utilization, compared to a $ 29\%$ overhead observed in systems with hard constraints. Through a case study of a classic control system, we also demonstrate that REPOSE provides a robust framework to \textit{analyze and calculate} the safety-security tradeoff.