Design Optimization Of Security-Critical Real-Time Applications With Fault-Tolerance Enhancement

Nowadays, more and more security-critical distributed system have been widely used in many critical areas, especially in security and safety critical areas. With the development of computer technologies, these system are facing with many kinds of security challenges. In the actual application, these system are usually attacked by malicious snooping from the internal communication. In order to resist malicious snooping, we can deploy some security protection services, e.g., cryptographic services must be deployed on messages. However, in recent years, deliberated injection of faults into cryptographic devices poses serious threats to symmetric cryptographic algorithms,even that high security strength of AES can not avoid the threats from fault injection attack. Fault injection attack not only make the cryptographic no longer safety, but also heavily corrupt data being transmitted. Therefore, we must deploy security service and fault tolerance service to resist these threats. The critical system not only can prevent the malicious snooping, but also need to detect the faults from cryptographic algorithms.However, deployed the security service and fault tolerance service lead to the usage of more computing resources. It would increase the overhead of system, and may threats the real-time. Therefore, we focus on the system-level design of secure real-time applications to resist fault injection attacks and balance the security strength, fault tolerance level and real-time performance. In this thesis, we concentrate on the system-level design to improve the security strength and fault tolerance level. We aim to find the best security scheme and fault tolerance scheme.Firstly, we consider the widely used confidential algorithm, AES, for the encryption and decryption of sensitive messages. In order to resist fault injection attacks and prevent the messages being insert faults, we identify 10 fault detection schemes which can detect the faults for encryption process. In order to maximize the system security strength and fault detection level, we propose an efficient heuristic algorithm based on Simulated Annealing(SA) and list scheduling. SA is in charge of optimizing the system objective, while list scheduling handles the schedulability test. The experimental results verify the efficiency and robustness of the proposed algorithm.In addition to maximize the fault coverage, we also consider to minimize the standard deviation. Due to the huge computational complexity of the problem, we propose an efficient heuristic approach based on NSGA-II and a fast non-dominated sorting approach. The experimental results show the superiority of the proposed algorithm.In addition to defense the malicious snooping and fault injection attacks for distributed real-time systems, we also expect to have the fault correction ability. Thus,on the basis of fault detection, we take the fault correction into account. We use the fault-tolerant coverage to represent the fault-tolerant level, and then focus on the design to maximize the fault-tolerant coverage. In addition to maximize the fault-tolerant coverage, we also consider to minimize the standard deviation.Finally, in order to further improve the security strength and fault-tolerant level, we present an approach to efficiently implement security task by hardware/software co-designs techniques. Due to the additional co-design constraints, we propose SCD-MOEA, which improve the individual code of multi-objective evolutionary algorithm. Extensive experiments and a real-life case study demonstrate the efficiency of the proposed hardware/software co-design approach.