Abstract | ||
---|---|---|
Embedded system security has become a critical challenge given the increasing prevalence of network-connected systems. While anomaly-based detection methods provide the advantage of detecting zero-day exploits, existing approaches incur significant performance overheads and are susceptible to mimicry attacks. In this paper, we present a formal runtime security model that defines the normal system behavior. The runtime security model is applied to a timing-based, runtime anomaly detection method that utilizes on-chip hardware to non-intrusively monitor both the system execution sequence and execution timing to detect malicious activity. Monitoring all possible execution paths of an embedded application is infeasible due to its complexity. Thus, we analyze the properties of the timing distribution for control flow events within a network-connected pacemaker to evaluate the resulting detection rate for various levels of mimicry attacks, considering constraints on the number of monitored events supported in the on-chip hardware. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1145/2818362.2818365 | WESS |
DocType | Citations | PageRank |
Conference | 4 | 0.40 |
References | Authors | |
12 | 2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Sixing Lu | 1 | 4 | 0.73 |
Roman Lysecky | 2 | 605 | 60.43 |