Cyber-physical systems (CPSs), such as autonomous vehicles, are increasingly being deployed. The sensing, control, and actuation loop in CPSs must complete within strict timing constraints. Missing a real-time deadline can lead to catastrophic consequences, as CPSs continuously interact with the physical world. This highlights the importance of real-time system availability (i.e., timely execution) in CPS tasks, going beyond traditional security goals that primarily focus on confidentiality and integrity. From a security perspective, two factors affect real-time system availability. First, attackers with access to hardware resources in CPSs may disrupt the execution timing of real-time tasks. Second, the deployment of security mechanisms inevitably introduces runtime overhead, which can also impact task execution timing. This dissertation presents security mechanisms designed to ensure real-time availability from the following two perspectives.

Defending Against Denial-of-Service (DoS) Attacks from the Privileged Software Stack:Privileged software, such as the operating system, manages hardware resources. When compromised, it may prevent security-sensitive tasks in CPSs, such as control tasks, from accessing the CPU or I/O devices in a timely manner. This dissertation first presents a real-time trusted execution environment (RT-TEE) to guarantee secure and timely access to the CPU and I/O devices for security-critical CPU tasks, even under a compromised operating system.

With the increasing deployment of GPUs in CPSs to accelerate AI workloads, ensuring the timely execution of GPU tasks has also become essential. To address this, the dissertation then presents a real-time trusted execution environment for GPUs, called AvaGPU, which guarantees secure and timely access to GPU resources for security-critical GPU tasks under a compromised operating system.

Real-time Performance Guaranteed Security Mechanisms: Deploying security mechanisms in real-time systems can lead to deadline misses, posing challenges to system reliability. To address this, this dissertation proposes efficient security mechanisms that are designed with real-time performance in mind. In particular, it introduces ARI, a policy-based mechanism for attesting the integrity of real-time mission execution. ARI enables a practical trade-off between security and real-time performance, overcoming the high runtime overhead associated with existing state-of-the-art solutions.