Abstract
The increasing complexity and connectivity of modern embedded systems highlight the importance of runtime monitoring to ensure correctness and security. This poses a significant challenge, since monitoring tools can break extra-functional requirements such as timing constraints. Non-intrusive program tracing through side-channel analysis techniques have recently appeared in the literature and constitute a promising approach. Existing techniques, however, exhibit important limitations.
In this paper, we present a novel technique for non-intrusive program tracing from power consumption, based on a signals and system analysis approach: we view the power consumption signal as the output of a system with the power consumption of training samples as input. Using spectral analysis, we compute the impulse response to identify the system; the intuition is that for the correct training sample, the system will appear close to a system that outputs a shifted copy of the input signal, for which the impulse response is an impulse at the position corresponding to the shift. We also use the Control Flow Graph (CFG) from the source code to constrain the classifier to valid sequences only, leading to substantial performance improvements over previous works.
Experimental results confirm the effectiveness of our technique and show its applicability to runtime monitoring. The experiments include tracing programs that execute randomly generated sequences of functions as well as tracing a real application developed with SCADE. The experimental evaluation also includes a case-study as evidence of the usability of our technique to detect anomalous execution through runtime monitoring.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We adopt the electrical engineering convention of using \(\mathrm {j}\) to denote the imaginary unit, to avoid ambiguity with the symbol for electrical current or intensity, i.
- 2.
Technically, the resulting graph is not a CFG, since the blocks can contain conditionals; however, it maintains the aspect that is relevant to our application: edges indicate the possible sequences during execution.
References
One, A.: Smashing the stack for fun and profit. Phrack Magazine (1996)
Atmel Corporation: ATmega2560 (2016). http://www.atmel.com/devices/ATMEGA2560.aspx
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Computing Surveys (CSUR) 41(3), 15 (2009)
Chen, F., Roşu, G.: Java-MOP: a monitoring oriented programming environment for Java. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 546–550. Springer, Heidelberg (2005). doi:10.1007/978-3-540-31980-1_36
Clark, S.S., Ransford, B., Rahmati, A., Guineau, S., Sorber, J., Fu, K., Xu, W.: WattsUpDoc: power side channels to nonintrusively discover untargeted malware on embedded medical devices. In: USENIX Workshop on Health Information Technologies. USENIX (2013)
Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. The MIT Press, Cambridge (2009)
Solar Designer: “return-to-libc” Attack, Bugtraq, August 1997
Dormoy, F.X.: SCADE 6: a model based solution for safety critical software development. In: Proceedings of the 4th European Congress on Embedded Real Time Software (ERTS 2008) (2008)
Eisenbarth, T., Paar, C., Weghenkel, B.: Building a side channel based disassembler. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science X. LNCS, vol. 6340, pp. 78–99. Springer, Heidelberg (2010). doi:10.1007/978-3-642-17499-5_4
Frigo, M., Johnson, S.G.: The design and implementation of FFTW3. In: Proceedings of the IEEE special issue on “Program Generation, Optimization, and Platform Adaptation" (2005)
Guthaus, M.R., Ringenberg, J.S., Ernst, D., Austin, T.M., Mudge, T., Brown, R.B.: MiBench: a free, commercially representative embedded benchmark suite. In: Proceedings of the Workload Characterization. IEEE Computer Society (2001)
Havelund, K.: Runtime verification of C programs. In: International Conference on Testing of Software and Communicating Systems (2008)
Havelund, K., Roşu, G.: Monitoring Java programs with Java PathExplorer. Electron. Notes Theoret. Comput. Sci. 55(2), 200–217 (2001). Runtime Verification (RV 2001)
Kim, M., Viswanathan, M., Kannan, S., Lee, I., Sokolsky, O.: Java-MaC: a run-time assurance approach for Java programs. Formal Methods Syst. Des. 24(2), 129–155 (2004)
Knuth, D.E.: The Art of Computer Programming, Volume 2: Seminumerical Algorithms, 3rd edn. Addison-Wesley, Reading (1998)
Lattner, C., the LLVM Developer Group: The LLVM Compiler Infrastructure - online documentation. http://llvm.org
Bishop, M.: Computer Security: Art and Science. Addison-Wesley, Reading (2003)
Moreno, C.: Side-channel analysis: countermeasures and application to embedded systems debugging. Ph.D. Thesis (University of Waterloo) (2013)
Moreno, C., Fischmeister, S., Hasan, M.A.: Non-intrusive program tracing and debugging of deployed embedded systems through side-channel analysis. In: Conference on Languages, Compilers and Tools for Embedded Systems, pp. 77–88 (2013)
Moreno, C., Kauffman, S., Fischmeister, S.: Efficient program tracing and monitoring through power consumption - with a little help from the compiler. In: Design, Automation, and Test (DATE) (2016)
Navabpour, S., Joshi, Y., Wu, W., Berkovich, S., Medhat, R., Bonakdarpour, B., Fischmeister, S.: RiTHM: a tool for enabling time-triggered runtime verification for C programs. In: Foundations of Software Engineering, pp. 603–606. ACM (2013)
Pnueli, A., Zacks, A.: PSL model checking and run-time verification via testers. In: 14th International Symposium on Formal Methods (2006)
Press, W., Teukolsky, S., Vetterling, W., Flannery, B.: Numerical Recipes in C, 2nd edn. Cambridge University Press, Cambridge (1992)
Proakis, J.G., Manolakis, D.G.: Digital Signal Processing: Principles, Algorithms, and Applications, 4th edn. Prentice Hall, Upper Saddle River (2006)
Seyster, J., Dixit, K., Huang, X., Grosu, R., Havelund, K., Smolka, S.A., Stoller, S.D., Zadok, E.: Aspect-oriented instrumentation with GCC. In: Barringer, H., et al. (eds.) RV 2010. LNCS, vol. 6418, pp. 405–420. Springer, Heidelberg (2010). doi:10.1007/978-3-642-16612-9_31
Webb, A.R., Copsey, K.D.: Statistical Pattern Recognition, 3rd edn. Wiley, New York (2011)
Acknowledgments
The authors would like to thank Pansy Arafa, Hany Kashif, and Samaneh Navabpour for their valuable assistance with the CFG and instrumentation infrastructure as well as related discussions.
This research was supported in part by the Natural Sciences and Engineering Research Council of Canada and the Ontario Research Fund.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Moreno, C., Fischmeister, S. (2016). Non-intrusive Runtime Monitoring Through Power Consumption: A Signals and System Analysis Approach to Reconstruct the Trace. In: Falcone, Y., Sánchez, C. (eds) Runtime Verification. RV 2016. Lecture Notes in Computer Science(), vol 10012. Springer, Cham. https://doi.org/10.1007/978-3-319-46982-9_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-46982-9_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46981-2
Online ISBN: 978-3-319-46982-9
eBook Packages: Computer ScienceComputer Science (R0)