{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T07:49:40Z","timestamp":1776844180014,"version":"3.51.2"},"reference-count":30,"publisher":"Association for Computing Machinery (ACM)","issue":"2","funder":[{"name":"National Science Foundation","award":["2138295 and 2442595"],"award-info":[{"award-number":["2138295 and 2442595"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Cyber-Phys. Syst."],"published-print":{"date-parts":[[2026,4,30]]},"abstract":"\n Security for real-time systems is increasingly important with the growth of connected real-time systems in safety-critical domains such as automotive, medical, and avionics. A crucial aspect of securing such systems is to understand the attacks that the current techniques cannot effectively safeguard against. Especially relevant are vulnerabilities of real-time systems arising from their rigid temporal guarantees and attacks that exploit such vulnerabilities. Randomization-based defense techniques can reduce side-channel inference, but such techniques are limited due to the strict timing bounds of real-time systems. In this article, we design and analyze\n NosyNeighbor<\/jats:sc>\n , an inter-partition side-channel attack that exploits the timing guarantees of real-time systems to infer the timing parameters of a safety-critical task in a hierarchical system. Using an adaptive technique,\n NosyNeighbor<\/jats:sc>\n can improve its inference over time and evade randomization-based defense. Experimental results show that\n NosyNeighbor<\/jats:sc>\n can infer victim task execution with a precision of roughly 73% under normal system load, and with a recall of about 35% using multiple malicious tasks across partitions.\n NosyNeighbor<\/jats:sc>\n is also effective under the common attack model with two malicious tasks in the system, with a precision of 64%.\n <\/jats:p>","DOI":"10.1145\/3783983","type":"journal-article","created":{"date-parts":[[2025,12,10]],"date-time":"2025-12-10T14:38:17Z","timestamp":1765377497000},"page":"1-21","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["On Evading Randomization-Based Defense in Hierarchical Real-Time Systems"],"prefix":"10.1145","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5562-8469","authenticated-orcid":false,"given":"Vijay","family":"Banerjee","sequence":"first","affiliation":[{"name":"Washington State University, Pullman, Washington, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4187-6135","authenticated-orcid":false,"given":"Sena","family":"Hounsinou","sequence":"additional","affiliation":[{"name":"Metro State University, Saint Paul, Minnesota, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8407-0801","authenticated-orcid":false,"given":"Yanyan","family":"Zhuang","sequence":"additional","affiliation":[{"name":"University of Colorado Colorado Springs, Colorado Springs, Colorado, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2657-0402","authenticated-orcid":false,"given":"Monowar","family":"Hasan","sequence":"additional","affiliation":[{"name":"Washington State University, Pullman, Washington, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5677-7092","authenticated-orcid":false,"given":"Gedare","family":"Bloom","sequence":"additional","affiliation":[{"name":"University of Colorado Colorado Springs, Colorado Springs, Colorado, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,4,21]]},"reference":[{"key":"e_1_3_3_2_2","doi-asserted-by":"publisher","DOI":"10.1109\/ETFA.2016.7733561"},{"key":"e_1_3_3_3_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11241-005-0507-9"},{"key":"e_1_3_3_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISORC49007.2020.00023"},{"key":"e_1_3_3_5_2","unstructured":"Bjorn B Brandenburg. 2011. Scheduling and Locking in Multiprocessor Real-Time Operating Systems. Ph.D. Dissertation. The University of North Carolina at Chapel Hill."},{"key":"e_1_3_3_6_2","unstructured":"Chien-Ying Chen Amiremad Ghassami Stefan Nagy Man-Ki Yoon Sibin Mohan Negar Kiyavash Rakesh B. Bobba and Rodolfo Pellizzoni. 2015. Schedule-Based Side-Channel Attack in Fixed-Priority Real-Time Systems. Technical Report."},{"key":"e_1_3_3_7_2","unstructured":"Chien-Ying Chen Monowar Hasan AmirEmad Ghassami Sibin Mohan and Negar Kiyavash. 2018. Reorder: Securing dynamic-priority real-time systems using schedule obfuscation. arXiv:1806.01393. Retrieved from https:\/\/arxiv.org\/abs\/1806.01393"},{"key":"e_1_3_3_8_2","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS.2019.00016"},{"key":"e_1_3_3_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS52030.2021.00010"},{"key":"e_1_3_3_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/3565974"},{"key":"e_1_3_3_11_2","unstructured":"Attilla Danko. 2014. Adaptive partitioning scheduler for multiprocessing system. (Jan 2014). US Patent 8 631 409."},{"key":"e_1_3_3_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/RTCSA.2009.46"},{"key":"e_1_3_3_13_2","doi-asserted-by":"crossref","unstructured":"Herbert Edelsbrunner and Hermann A. Maurer. 1981. On the intersection of orthogonal objects. Information Processing Letters 13 4\u20135 (1981) 177\u2013181.","DOI":"10.1016\/0020-0190(81)90053-3"},{"key":"e_1_3_3_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3588999"},{"key":"e_1_3_3_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/RTSS52674.2021.00051"},{"key":"e_1_3_3_16_2","unstructured":"Kristin Kr\u00fcger Gerhard Fohler and Marcus Volp. 2017. Improving security for time-triggered real-time systems against timing inference based attacks by schedule obfuscation. In Work-in-Progress Proceedings ECRTS'17."},{"key":"e_1_3_3_17_2","first-page":"22","article-title":"Vulnerability analysis and mitigation of directed timing inference based attacks on time-triggered systems","volume":"106","author":"Kr\u00fcger Kristin","year":"2018","unstructured":"Kristin Kr\u00fcger, Marcus Volp, and Gerhard Fohler. 2018. Vulnerability analysis and mitigation of directed timing inference based attacks on time-triggered systems. LIPIcs-Leibniz International Proceedings in Informatics 106 (2018), 22.","journal-title":"LIPIcs-Leibniz International Proceedings in Informatics"},{"key":"e_1_3_3_18_2","doi-asserted-by":"publisher","DOI":"10.1145\/321738.321743"},{"key":"e_1_3_3_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3019323"},{"key":"e_1_3_3_20_2","unstructured":"Edward M. McCreight. 1980. Efficient Algorithms for Enumerating Intersecting Intervals and Rectangles. Technical Report."},{"key":"e_1_3_3_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS.2019.00017"},{"key":"e_1_3_3_22_2","first-page":"23","volume-title":"17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA \u201920)","author":"Ohm Marc","year":"2020","unstructured":"Marc Ohm, Henrik Plate, Arnold Sykosch, and Michael Meier. 2020. Backstabber\u2019s knife collection: A review of open source software supply chain attacks. In 17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA \u201920). Springer, 23\u201343."},{"key":"e_1_3_3_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/DASC.2008.4702770"},{"key":"e_1_3_3_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/RTSS49844.2020.00040"},{"key":"e_1_3_3_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/DASC.2010.5655298"},{"key":"e_1_3_3_26_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32946-3_23"},{"key":"e_1_3_3_27_2","doi-asserted-by":"publisher","DOI":"10.1145\/2935748"},{"key":"e_1_3_3_28_2","unstructured":"Man-Ki Yoon Jung-Eun Kim Richard Bradford and Zhong Shao. 2019. TaskShuffler++: Real-time schedule randomization for reducing worst-case vulnerability to timing inference attacks. arXiv:1911.07726. Retrieved from https:\/\/arxiv.org\/abs\/1911.07726"},{"key":"e_1_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN53405.2022.00052"},{"key":"e_1_3_3_30_2","first-page":"2417","volume-title":"30th USENIX Security Symposium (USENIX Security \u201921)","author":"Yoon Man-Ki","year":"2021","unstructured":"Man-Ki Yoon, Mengqi Liu, Hao Chen, Jung-Eun Kim, and Zhong Shao. 2021. Blinder: Partition-oblivious hierarchical scheduling. In 30th USENIX Security Symposium (USENIX Security \u201921). USENIX Association, 2417\u20132434. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/yoon"},{"key":"e_1_3_3_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS.2016.7461362"}],"container-title":["ACM Transactions on Cyber-Physical Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3783983","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T06:36:09Z","timestamp":1776839769000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3783983"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,21]]},"references-count":30,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2026,4,30]]}},"alternative-id":["10.1145\/3783983"],"URL":"https:\/\/doi.org\/10.1145\/3783983","relation":{},"ISSN":["2378-962X","2378-9638"],"issn-type":[{"value":"2378-962X","type":"print"},{"value":"2378-9638","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,4,21]]},"assertion":[{"value":"2024-09-15","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-11-22","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-04-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}