Abstract
This paper proposes an approach for detecting compromised programs by analysing suitable features from an embedded system. Features used in this paper are the performance variance and actual program counter values of the embedded processor extracted during program execution. “Cycles per Instruction” is used as pre-processing block before the features are classified using a Self-Organizing Map. Experimental results demonstrate the validity of the proposed approach on detecting some common changes such as deletion, insertion and substitution of programs. Overall, correct detection rate for our system is above 90.9% for tested programs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Arora, D., Ravi, S., Raghunathan, A., Jha, N.K.: Secure embedded processing through hardware-assisted run-time monitoring. In: Proceedings Design, Automation and Test in Europe, pp. 178–183 (2005)
F-Secure Corporation: F-Secure reports amount of malware grew by 100% during 2007, Helsinki, Finland (2007)
Dongara, P., Vijaykumar, T.N.: Accelerating private-key cryptography via multithreading on symmetric multiprocessors. In: IEEE International Symposium on Performance Analysis of Systems and Software, pp. 58–69 (2003)
Rahmatian, M., Kooti, H., Harris, I.G., Bozorgzadeh, E.: Hardware-Assisted Detection of Malicious Software in Embedded Systems. IEEE Embedded Systems Letters 4, 94–97 (2012)
Suh, G.E., Devadas, S.: Physical Unclonable Functions for Device Authentication and Secret Key Generation. In: 44th ACM/IEEE Design Automation Conference, pp. 9–14 (2007)
Handschuh, H., Schrijen, G.-J., Tuyls, P.: Hardware Intrinsic Security from Physically Unclonable Functions. In: Sadeghi, A.-R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security, pp. 39–53. Springer, Heidelberg (2010)
Hospodar, G., Maes, R., Verbauwhede, I.: Machine learning attacks on 65nm Arbiter PUFs: Accurate modeling poses strict bounds on usability. In: IEEE International Workshop on Information Forensics and Security (WIFS), pp. 37–42 (2012)
Arora, D., Ravi, S., Raghunathan, A., Jha, N.K.: Secure embedded processing through hardware-assisted run-time monitoring. In: Proceedings of Design, Automation and Test in Europe, vol. 171, pp. 178–183 (2005)
Hanilci, C., Ertas, F., Ertas, T., Eskidere, O.: Recognition of Brand and Models of Cell-Phones From Recorded Speech Signals. IEEE Transactions on Information Forensics and Security 7, 625–634 (2012)
Kovalchuk, Y., McDonald-Maier, K.D., Howells, G.: Overview of ICmetrics technology-security infrastructure for autonomous and intelligent healthcare system. International Journal of u- and e- Sevice, Science and Technology 4, 49–60 (2011)
Howells, G., Papoutsis, E., Hopkins, A., McDonald-Maier, K.: Normalizing Discrete Circuit Features with Statistically Independent values for incorporation within a highly Secure Encryption System. In: Second NASA/ESA Conference on Adaptive Hardware and Systems, pp. 97–102 (2007)
Kohonen, T.: Learning vector quantization. In: Michael, A.A. (ed.) The Handbook of Brain Theory and Neural Networks, pp. 537–540. MIT Press (1998)
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. 16, 3–32 (2011)
Yang, R., Qu, Z., Huang, J.: Detecting digital audio forgeries by checking frame offsets. In: Proceedings of the 10th ACM Workshop on Multimedia and Security, pp. 21–26. ACM, Oxford (2008)
Swaminathan, A., Mao, Y., Wu, M., Kailas, K.: Data Hiding in Compiled Program Binaries for Enhancing Computer System Performance. In: Barni, M., Herrera-Joancomartí, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 357–371. Springer, Heidelberg (2005)
Boufounos, P., Rane, S.: Secure binary embeddings for privacy preserving nearest neighbors. In: IEEE International Workshop on Information Forensics and Security (WIFS), pp. 1–6 (2011)
Annavaram, M., Rakvic, R., Polito, M., Bouguet, J., Hankins, R., Davies, B.: The fuzzy correlation between code and performance predictability. In: The 37th International Symposium on Microarchitecture (MICRO), pp. 93–104 (2004)
STMicroelectronics. STM32F207G DATA Sheet, http://www.st.com/ (accessed on January 2013)
KEIL. Keil uVision IDE Data Sheet, http://www.keil.com/uvision/ (accessed on January 2013)
Guthaus, M.R., Ringenberg, J.S., Ernst, D., Austin, T.M., Mudge, T., Brown, R.B.: MiBench: A free, commercially representative embedded benchmark suite. In: IEEE International Workshop on Workload Characterization, pp. 3–14 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhai, X. et al. (2014). Detecting Compromised Programs for Embedded System Applications. In: Maehle, E., Römer, K., Karl, W., Tovar, E. (eds) Architecture of Computing Systems – ARCS 2014. ARCS 2014. Lecture Notes in Computer Science, vol 8350. Springer, Cham. https://doi.org/10.1007/978-3-319-04891-8_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-04891-8_19
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04890-1
Online ISBN: 978-3-319-04891-8
eBook Packages: Computer ScienceComputer Science (R0)