|
Embedded computing systems are found at the heart of medical devices, automotive systems, smartphone, etc. Securing these embedded systems is a significant challenge that requires new methods that address the power, time, and cost requirements under which these systems operate. Because embedded systems must meet precise time requirements, detecting changes in timing can indicate the presence of malware. This research investigates new models for capturing the expected behavior of embedded systems, in which time requirements play a pivotal role. The project is developing fast, low power, and low cost methods to detect changes from the expected behavior. The resulting knowledge and tools will provide developers with techniques to eliminate, detect, or mitigate malware and cyber-threats in embedded systems. This research will further enable the development of embedded systems with stronger security guarantees compared to the existing state-of-the-art.
This project is investigating formal timing-centric nominal system behavior models that capture the correct system execution behavior, thereby enabling efficient runtime detection of unauthorized system actions. The formal models combine well-founded techniques relying on execution call graphs, sequence models, system timing requirements, and statistical analysis of execution times. The researchers are developing secure, non-intrusive, and efficient hardware-based identification methods to detect deviations from the timing and sequence characteristics defined within the nominal system behavior models. To ensure efficiency, the researchers are investigating performance models and systematic methods to evaluate and optimize the tradeoffs between security achieved by these methods and the area and energy overheads of the monitoring hardware. The project team is also investigating novel methods for analyzing the timing of networked embedded systems to separate the intrinsic software execution time from the incidental execution time resulting from the underlying hardware architecture, operating system, and physical environment. The resulting methods will substantially advance the state-of-the-art by: a) enabling fast, accurate, and non-intrusive detection, b) providing robust new ways of detecting unauthorized operations, and c) extending anomaly-based detection capabilities to zero-day exploits.
|
TWC: Small: Time-Centric Modeling of Correct Behaviors for Efficient Non-intrusive Runtime Detection of Unauthorized System Actions