tutorial

EDDIE: EM-Based Detection of Deviations in Program Execution

Authors:
Alireza Nazari

Georgia Institute of Technology, Atlanta, GA, USA

Georgia Institute of Technology, Atlanta, GA, USA
View Profile

,
Nader Sehatbakhsh

Georgia Institute of Technology, Atlanta, GA, USA

Georgia Institute of Technology, Atlanta, GA, USA
View Profile

,
Monjur Alam

Georgia Institute of Technology, Atlanta, GA, USA

Georgia Institute of Technology, Atlanta, GA, USA
View Profile

,
Alenka Zajic

Georgia Institute of Technology, Atlanta, GA, USA

Georgia Institute of Technology, Atlanta, GA, USA
View Profile

,
Milos Prvulovic

Georgia Institute of Technology, Atlanta, GA, USA

Georgia Institute of Technology, Atlanta, GA, USA
View Profile

Authors Info & Claims

ACM SIGARCH Computer Architecture News Volume 45 Issue 2May 2017pp 333–346https://doi.org/10.1145/3140659.3080223

Published:24 June 2017Publication History

ACM SIGARCH Computer Architecture News

Abstract

This paper describes EM-Based Detection of Deviations in Program Execution (EDDIE), a new method for detecting anomalies in program execution, such as malware and other code injections, without introducing any overheads, adding any hardware support, changing any software, or using any resources on the monitored system itself. Monitoring with EDDIE involves receiving electromagnetic (EM) emanations that are emitted as a side effect of execution on the monitored system, and it relies on spikes in the EM spectrum that are produced as a result of periodic (e.g. loop) activity in the monitored execution. During training, EDDIE characterizes normal execution behavior in terms of peaks in the EM spectrum that are observed at various points in the program execution, but it does not need any characterization of the malware or other code that might later be injected. During monitoring, EDDIE identifies peaks in the observed EM spectrum, and compares these peaks to those learned during training. Since EDDIE requires no resources on the monitored machine and no changes to the monitored software, it is especially well suited for security monitoring of embedded and IoT devices. We evaluate EDDIE on a real IoT system and in a cycle-accurate simulator, and find that even relatively brief injected bursts of activity (a few milliseconds) are detected by EDDIE with high accuracy, and that it also accurately detects when even a few instructions are injected into an existing loop within the application.

References

AARONIA. 2016. Datasheet: RF Near Field Probe Set DC to 9GHz. (April 2016). Retrieved April 6, 2016 from "http://www.aaronia.com/Datasheets/Antennas/RF-Near-Field-Probe-Set.pdf".Google Scholar
Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2009. Control-flow Integrity Principles, Implementations, and Applications. ACM Trans. Inf. Syst. Secur. 13, 1, Article 4 (Nov. 2009), 40 pages. Google ScholarDigital Library
Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi. 2003. The EM Side-Channel(s). In Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES '02). Springer-Verlag, London, UK, UK, 29--45. http://dl.acm.org/citation.cfm?id=648255.752713 Google ScholarDigital Library
CarlosR. Aguayo Gonzalez and JeffreyH. Reed. 2011. Power fingerprinting in SDR integrity assessment for security and regulatory compliance. Analog Integrated Circuits and Signal Processing 69, 2--3 (2011), 307--327. Google ScholarDigital Library
Mamoun Alazab, Sitalakshmi Venkatraman, Paul Watters, and Moutaz Alazab. 2011. Zero-day Malware Detection Based on Supervised Learning Algorithms of API Call Signatures. In Proceedings of the Ninth Australasian Data Mining Conference - Volume 121 (AusDM '11). Australian Computer Society, Inc., Darlinghurst, Australia, Australia, 171--182. http://dl.acm.org/citation.cfm?id=2483628.2483648 Google ScholarDigital Library
Kevin Allix, Tegawendé F. Bissyandé, Quentin Jérome, Jacques Klein, Radu State, and Yves Le Traon. 2016. Empirical Assessment of Machine Learning-based Malware Detectors for Android. Empirical Softw. Engg. 21, 1 (Feb. 2016), 183--211. Google ScholarDigital Library
Gorka Irazoqui Apecechea, Thomas Eisenbarth, and Berk Sunar. 2015. S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing - and Its Application to AES. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. 591--604. Google ScholarDigital Library
ARM. 2016. ARM Cortex A8 Processor Manual. (April 2016). Retrieved April 3, 2016 from "https://www.arm.com/products/processors/cortex-a/cortex-a8.php".Google Scholar
Divya Arora, Srivaths Ravi, Anand Raghunathan, and Niraj K. Jha. 2005. Secure Embedded Processing Through Hardware-Assisted Run-Time Monitoring. In Proceedings of the Conference on Design, Automation and Test in Europe - Volume 1 (DATE '05). IEEE Computer Society, Washington, DC, USA, 178--183. Google ScholarDigital Library
Ali Galip Bayrak, Francesco Regazzoni, Philip Brisk, François-Xavier Standaert, and Paolo Ienne. 2011. A First Step Towards Automatic Application of Power Analysis Countermeasures. In Proceedings of the 48th Design Automation Conference (DAC '11). ACM, New York, NY, USA, 230--235. Google ScholarDigital Library
David Brooks, Vivek Tiwari, and Margaret Martonosi. 2000. Wattch: A Framework for Architectural-level Power Analysis and Optimizations. In Proceedings of the 27th Annual International Symposium on Computer Architecture (ISCA '00). ACM, New York, NY, USA, 83--94. Google ScholarDigital Library
David Brumley and Dan Boneh. 2003. Remote Timing Attacks Are Practical. In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12 (SSYM'03). USENIX Association, Berkeley, CA, USA, 1--1. http://dl.acm.org/citation.cfm?id=1251353.1251354 Google ScholarDigital Library
Robert Callan, Farnaz Behrang, Alenka Zajic, Milos Prvulovic, and Alessandro Orso. 2016. Zero-overhead Profiling via EM Emanations. In Proceedings of the 25th International Symposium on Software Testing and Analysis (ISSTA 2016). ACM, New York, NY, USA, 401--412. Google ScholarDigital Library
Davide Canali, Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, and Engin Kirda. 2012. A Quantitative Study of Accuracy in System Call-based Malware Detection. In Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA 2012). ACM, New York, NY, USA, 122--132. Google ScholarDigital Library
Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. 1999. Towards Sound Approaches to Counteract Power-Analysis Attacks. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '99). Springer-Verlag, London, UK, UK, 398--412. http://dl.acm.org/citation.cfm?id=646764.703964 Google ScholarDigital Library
ShaneS. Clark, Hossen Mustafa, Benjamin Ransford, Jacob Sorber, Kevin Fu, and Wenyuan Xu. 2013. Current Events: Identifying Webpages by Tapping the Electrical Outlet. In Computer Security- ESORICS 2013. Lecture Notes in Computer Science, Vol. 8134. 700--717.Google ScholarCross Ref
Shane S. Clark, Benjamin Ransford, and Kevin Fu. 2012. Potentia Est Scientia: Security and Privacy Implications of Energy-proportional Computing. In Proceedings of the 7th USENIX Conference on Hot Topics in Security (HotSec'12). USENIX Association, Berkeley, CA, USA, 3--3. http://dl.acm.org/citation.cfm?id=2372387.2372390 Google ScholarDigital Library
Shane S. Clark, Benjamin Ransford, Amir Rahmati, Shane Guineau, Jacob Sorber, Kevin Fu, and Wenyuan Xu. 2013. WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices. In Proceedings of the 2013 USENIX Conference on Safety, Security, Privacy and Interoperability of Health Information Technologies (HealthTech'13). USENIX Association, Berkeley, CA, USA, 9--9. http://dl.acm.org/citation.cfm?id=2696523.2696532 Google ScholarDigital Library
Bart Coppens, Ingrid Verbauwhede, Koen De Bosschere, and Bjorn De Sutter. 2009. Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy (SP '09). IEEE Computer Society, Washington, DC, USA, 45--60. Google ScholarDigital Library
Sanjeev Das, Yang Liu, Wei Zhang, and Mahintham Chandramohan. 2016. Semantics-Based Online Malware Detection: Towards Efficient Real-Time Protection Against Malware. IEEE Transactions on Information Forensics and Security 11, 2 (Feb 2016), 289--302.Google ScholarCross Ref
Lucas Davi, Matthias Hanreich, Debayan Paul, Ahmad-Reza Sadeghi, Patrick Koeberl, Dean Sullivan, Orlando Arias, and Yier Jin. 2015. HAFIX: Hardware-assisted Flow Integrity Extension. In Proceedings of the 52Nd Annual Design Automation Conference (DAC '15). ACM, New York, NY, USA, Article 74, 6 pages. Google ScholarDigital Library
Lucas Davi, Patrick Koeberl, and Ahmad-Reza Sadeghi. 2014. Hardware-Assisted Fine-Grained Control-Flow Integrity: Towards Efficient Protection of Embedded Systems Against Software Exploitation. In Proceedings of the 51st Annual Design Automation Conference (DAC '14). ACM, New York, NY, USA, Article 133, 6 pages. Google ScholarDigital Library
John Demme, Matthew Maycock, Jared Schmitz, Adrian Tang, Adam Waksman, Simha Sethumadhavan, and Salvatore Stolfo. 2013. On the Feasibility of Online Malware Detection with Performance Counters. In Proceedings of the 40th Annual International Symposium on Computer Architecture (ISCA '13). ACM, New York, NY, USA, 559--570. Google ScholarDigital Library
Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee. 2008. Ether: Malware Analysis via Hardware Virtualization Extensions. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS '08). ACM, New York, NY, USA, 51--62. Google ScholarDigital Library
Ken Dunham. 2003. Evaluating Anti-Virus Software: Which Is Best? Information Systems Security 12, 3 (2003), 17--28.Google ScholarCross Ref
Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2008. A Survey on Automated Dynamic Malware-analysis Techniques and Tools. ACM Comput. Surv. 44, 2, Article 6 (March 2008), 42 pages. Google ScholarDigital Library
William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2010. TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones. (2010), 393--407. http://dl.acm.org/citation.cfm?id=1924943.1924971 Google ScholarDigital Library
Aurélien Francillon and Claude Castelluccia. 2008. Code Injection Attacks on Harvard-architecture Devices. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS '08). ACM, New York, NY, USA, 15--26. Google ScholarDigital Library
Karine Gandolfi, Christophe Mourtel, and Francis Olivier. 2001. Electromagnetic Analysis: Concrete Results. In Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems (CHES '01). Springer-Verlag, London, UK, UK, 251--261. http://dl.acm.org/citation.cfm?id=648254.752700 Google ScholarDigital Library
Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer. 2015. Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation. In Cryptographic Hardware and Embedded Systems -- CHES 2015: 17th International Workshop, Saint-Malo, France, September 13-16, 2015, Proceedings, Tim Güneysu and Helena Handschuh (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 207--228.Google Scholar
Daniel Genkin, Itamar Pipman, and Eran Tromer. 2014. Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs. In Proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems --- CHES 2014 - Volume 8731. Springer-Verlag New York, Inc., New York, NY, USA, 242--260. Google ScholarDigital Library
Daniel Genkin, Adi Shamir, and Eran Tromer. 2014. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis. In Advances in Cryptology -- CRYPTO 2014: 34th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2014, Proceedings, Part I. Springer Berlin Heidelberg, Berlin, Heidelberg, 444--461.Google Scholar
Louis Goubin and Jacques Patarin. 1999. DES and Differential Power Analysis (The "Duplication" Method). In Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems (CHES '99). Springer-Verlag, London, UK, UK, 158--172. http://dl.acm.org/citation.cfm?id=648252.752372 Google ScholarDigital Library
Dale I Foreman Gregory W Corder. 2011. Nonparametric Statistics for Non-Statisticians: A Step-by-Step Approach. Wiley. https://books.google.com/books?id=T3qOqdpSz6YCGoogle Scholar
Kent Griffin, Scott Schneider, Xin Hu, and Tzi-Cker Chiueh. 2009. Automatic Generation of String Signatures for Malware Detection. In Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection (RAID '09). Springer-Verlag, Berlin, Heidelberg, 101--120. Google ScholarDigital Library
Matthew R Guthaus, Jeffrey S Ringenberg, Dan Ernst, Todd M Austin, Trevor Mudge, and Richard B Brown. 2001. MiBench: A Free, Commercially Representative Embedded Benchmark Suite. In Proceedings of the Workload Characterization, 2001. WWC-4. 2001 IEEE International Workshop (WWC '01). IEEE Computer Society, Washington, DC, USA, 3--14. Google ScholarDigital Library
Yu-ichi Hayashi, Naofumi Homma, Takaaki Mizuki, Haruki Shimada, Takafumi Aoki, Hideaki Sone, Laurent Sauvage, and Jean-Luc Danger. 2013. Efficient Evaluation of EM Radiation Associated With Information Leakage From Cryptographic Devices. IEEE Transactions on Electromagnetic Compatibility 55, 3 (June 2013), 555--563.Google Scholar
Harold Joseph Highland. 1986. Random Bits & Bytes: Electromagnetic Radiation Revisited. Comput. Secur. 5, 2 (June 1986), 85--93. Google ScholarDigital Library
TD Huang, Wen-Sheng Wang, and Kuo-Lung Lian. 2015. A New Power Signature for Nonintrusive Appliance Load Monitoring. IEEE Transactions on Smart Grid 6, 4 (July 2015), 1994--1995.Google ScholarCross Ref
Kelly Hughes and Yanzhen Qu. 2014. Performance Measures of Behavior-Based Signatures: An Anti-malware Solution for Platforms with Limited Computing Resource. In Proceedings of the 2014 Ninth International Conference on Availability, Reliability and Security (ARES '14). IEEE Computer Society, Washington, DC, USA, 303--309. Google ScholarDigital Library
Mikhail Kazdagli, Vijay Janapa Reddi, and Mohit Tiwari. 2016. Quantifying and improving the efficiency of hardware-based mobile malware detectors. In 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 1--13.Google ScholarCross Ref
Keysight-Technologies. 2016. DSOS804A High-Definition Oscilloscope: 8 GHz, 4 Analog Channels. (April 2016). Retrieved April 1, 2016 from "http://www.keysight.com/en/pdx-x202073-pn-DSOS804A/high-definition-oscilloscope-8-ghz-4-analog-channels?cc=US&lc=eng".Google Scholar
Mohammad Maifi Hasan Khan, Hieu K. Le, Michael LeMay, Parya Moinzadeh, Lili Wang, Yong Yang, Dong K. Noh, Tarek Abdelzaher, Carl A. Gunter, Jiawei Han, and Xin Jin. 2010. Diagnostic Powertracing for Sensor Node Failure Analysis. In Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN '10). ACM, New York, NY, USA, 117--128. Google ScholarDigital Library
Hahnsang Kim, Joshua Smith, and Kang G. Shin. 2008. Detecting Energy-greedy Anomalies and Mobile Malware Variants. In Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services (MobiSys '08). ACM, New York, NY, USA, 239--252. Google ScholarDigital Library
Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. STEALTHMEM: System-level Protection Against Cache-based Side Channel Attacks in the Cloud. In Proceedings of the 21st USENIX Conference on Security Symposium (Security'12). USENIX Association, Berkeley, CA, USA, 11--11. http://dl.acm.org/citation.cfm?id=2362793.2362804 Google ScholarDigital Library
Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors. In Proceeding of the 41st Annual International Symposium on Computer Architecuture (ISCA '14). IEEE Press, Piscataway, NJ, USA, 361--372. http://dl.acm.org/citation.cfm?id=2665671.2665726 Google ScholarDigital Library
Paul C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '96). Springer-Verlag, London, UK, UK, 104--113. http://dl.acm.org/citation.cfm?id=646761.706156 Google ScholarDigital Library
Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '99). Springer-Verlag, London, UK, UK, 388--397. http://dl.acm.org/citation.cfm?id=646764.703989 Google ScholarDigital Library
Markus Guenther Kuhn. 2003. Compromising emanations: eavesdropping risks of computer displays. (dec 2003). Retrieved:http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.pdfGoogle Scholar
Markus Guenther Kuhn. 2013. Compromising Emanations of LCD TV Sets. IEEE Transactions on Electromagnetic Compatibility 55, 3 (June 2013), 564--570.Google ScholarCross Ref
Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-Level Cache Side-Channel Attacks Are Practical. In Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP '15). IEEE Computer Society, Washington, DC, USA, 605--622. Google ScholarDigital Library
Shufu Mao and Tilman Wolf. 2007. Hardware Support for Secure Processing in Embedded Systems. In Proceedings of the 44th Annual Design Automation Conference (DAC '07). ACM, New York, NY, USA, 483--488. Google ScholarDigital Library
Frank J Massey Jr. 1951. The Kolmogorov-Smirnov test for goodness of fit. Journal of the American statistical Association 46, 253 (1951), 68--78.Google ScholarCross Ref
Gary McGraw and Greg Morrisett. 2000. Attacking Malicious Code: A Report to the Infosec Research Council. IEEE Softw. 17, 5 (Sept. 2000), 33--41. Google ScholarDigital Library
Thomas S. Messerges, Ezzy A. Dabbish, and Robert H. Sloan. 1999. Power Analysis Attacks of Modular Exponentiation in Smartcards. In Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems (CHES '99). Springer-Verlag, London, UK, UK, 144--157. http://dl.acm.org/citation.cfm?id=648252.752374 Google ScholarDigital Library
Aziz Mohaisen and Omar Alrawi. 2014. AV-Meter: An Evaluation of Antivirus Scans and Labels. Springer International Publishing, Cham, 112--131.Google Scholar
James Newsome and Dawn Xiaodong Song. 2005. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2005, San Diego, California, USA.Google Scholar
Meltem Ozsoy, Caleb Donovick, Iakov Gorelik, Nael Abu-Ghazaleh, and Dmitry Ponomarev. 2015. Malware-aware processors: A framework for efficient online malware detection. In 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA). 651--661.Google ScholarCross Ref
Meltem Ozsoy, Khaled N Khasawneh, Caleb Donovick, Iakov Gorelik, Nael Abu-Ghazaleh, and Dmitry Ponomarev. 2016. Hardware-Based Malware Detection Using Low-Level Architectural Features. IEEE Trans. Comput. 65, 11 (Nov 2016), 3332--3344. Google ScholarDigital Library
Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. 2013. Transparent ROP Exploit Mitigation Using Indirect Branch Tracing. In Proceedings of the 22Nd USENIX Conference on Security (SEC'13). USENIX Association, Berkeley, CA, USA, 447--462. http://dl.acm.org/citation.cfm?id=2534766.2534805 Google ScholarDigital Library
Bryan D. Payne, Martim Carbone, Monirul Sharif, and Wenke Lee. 2008. Lares: An Architecture for Secure Active Monitoring Using Virtualization. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP '08). IEEE Computer Society, Washington, DC, USA, 233--247. Google ScholarDigital Library
Naser Peiravian and Xingquan Zhu. 2013. Machine Learning for Android Malware Detection Using Permission and API Calls. In Proceedings of the 2013 IEEE 25th International Conference on Tools with Artificial Intelligence (ICTAI '13). IEEE Computer Society, Washington, DC, USA, 300--305. Google ScholarDigital Library
Thomas Plos, Michael Hutter, and Christoph Herbst. 2008. Enhancing side-channel analysis with low-cost shielding techniques. In Proceedings of Austrochip. Retrieved from "https://online.tugraz.at/tug_online/voe_main2.getvolltext?pCurrPk=38353".Google Scholar
Francois Poucheret, Lyonel Barthe, Pascal Benoit, Lionel Torres, Philippe Maurine, and Michel Robert. 2010. Spatial EM jamming: A countermeasure against EM Analysis?. In 2010 18th IEEE/IFIP International Conference on VLSI and System-on-Chip. 105--110.Google ScholarCross Ref
Roshan G Ragel and Sri Parameswaran. 2006. IMPRES: integrated monitoring for processor reliability and security. In 2006 43rd ACM/IEEE Design Automation Conference. 502--505. Google ScholarDigital Library
Mehryar Rahmatian, Hessam Kooti, Ian G Harris, and Elaheh Bozorgzadeh. 2012. Hardware-Assisted Detection of Malicious Software in Embedded Systems. IEEE Embedded Systems Letters 4, 4 (Dec 2012), 94--97. Google ScholarDigital Library
Glen Reinman and Norman P Jouppi. 2000. CACTI 2.0: An integrated cache timing and power model. Western Research Lab Research Report 7 (2000).Google Scholar
Jose Renau, Basilio Fraguela, James Tuck, Wei Liu, Milos Prvulovic, Luis Ceze, Smruti Sarangi, Paul Sack, Karin Strauss, and Pablo Montesinos. 2005. SESC simulator. (January 2005). http://sesc.sourceforge.net.Google Scholar
Werner Schindler. 2000. A Timing Attack Against RSA with the Chinese Remainder Theorem. In Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems (CHES '00). Springer-Verlag, London, UK, UK, 109--124. http://dl.acm.org/citation.cfm?id=648253.752399 Google ScholarDigital Library
Colin Schmidt. 2014. Low Level Virtual Machine (LLVM). (Feb 2014). Retrieved on April 1 from https://github.com/llvm-mirror/llvm.Google Scholar
Nader Sehatbakhsh, Alireza Nazari, Alenka Zajic, and Milos Prvulovic. 2016. Spectral profiling: Observer-effect-free profiling by monitoring EM emanations. In 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 1--11.Google ScholarCross Ref
Hidenori Sekiguchi and S Seto. 2008. Proposal of an Information Signal Measurement Method in Display Image Contained in Electromagnetic Noise Emanated from a Personal Computer. (May 2008), 1859--1863.Google Scholar
Hidenori Sekiguchi and S Seto. 2013. Study on Maximum Receivable Distance for Radiated Emission of Information Technology Equipment Causing Information Leakage. IEEE Transactions on Electromagnetic Compatibility 55, 3 (June 2013), 547--554.Google ScholarCross Ref
Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek. 2016. HDFI: Hardware-Assisted Data-Flow Isolation. In 2016 IEEE Symposium on Security and Privacy (SP). 1--17.Google Scholar
G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. 2004. Secure Program Execution via Dynamic Information Flow Tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XI). ACM, New York, NY, USA, 85--96. Google ScholarDigital Library
Yasunao Suzuki and Yoshiharu Akiyama. 2010. Jamming technique to prevent information leakage caused by unintentional emissions of PC video signals. In 2010 IEEE International Symposium on Electromagnetic Compatibility. 132--137.Google ScholarCross Ref
Hidema Tanaka. 2007. Information Leakage via Electromagnetic Emanations and Evaluation of Tempest Countermeasures. In Proceedings of the 3rd International Conference on Information Systems Security (ICISS'07). Springer-Verlag, Berlin, Heidelberg, 167--179. http://dl.acm.org/citation.cfm?id=1779274.1779292 Google ScholarDigital Library
Adrian Tang, Simha Sethumadhavan, and Salvatore J. Stolfo. 2014. Unsupervised Anomaly-Based Malware Detection Using Hardware Features. Springer International Publishing, Cham, 109--129.Google Scholar
Guru Venkataramani, Ioannis Doudalis, Yan Solihin, and Milos Prvulovic. 2008. FlexiTaint: A programmable accelerator for dynamic taint propagation. In 2008 IEEE 14th International Symposium on High Performance Computer Architecture. 173--184.Google ScholarCross Ref
Zhenghong Wang and Ruby B. Lee. 2007. New Cache Designs for Thwarting Software Cache-based Side Channel Attacks. In Proceedings of the 34th Annual International Symposium on Computer Architecture (ISCA '07). ACM, New York, NY, USA, 494--505. Google ScholarDigital Library
Yubin Xia, Yutao Liu, Haibo Chen, and Binyu Zang. 2012. CFIMon: Detecting Violation of Control Flow Integrity Using Performance Counters. In Proceedings of the 2012 42Nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (DSN '12). IEEE Computer Society, Washington, DC, USA, 1--12. http://dl.acm.org/citation.cfm?id=2354410.2355130 Google ScholarDigital Library
Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-channel Attack. In Proceedings of the 23rd USENIX Conference on Security Symposium (SEC'14). USENIX Association, Berkeley, CA, USA, 719--732. http://dl.acm.org/citation.cfm?id=2671225.2671271 Google ScholarDigital Library
Ilsun You and Kangbin Yim. 2010. Malware Obfuscation Techniques: A Brief Survey. In Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA '10). IEEE Computer Society, Washington, DC, USA, 297--300. Google ScholarDigital Library
A. Zajic and M. Prvulovic. 2014. Experimental Demonstration of Electromagnetic Information Leakage From Modern Processor-Memory Systems. IEEE Transactions on Electromagnetic Compatibility 56, 4 (Aug 2014), 885--893.Google ScholarCross Ref
Mingwei Zhang and R. Sekar. 2013. Control Flow Integrity for COTS Binaries. In Proceedings of the 22Nd USENIX Conference on Security (SEC'13). USENIX Association, Berkeley, CA, USA, 337--352. http://dl.acm.org/citation.cfm?id=2534766.2534796 Google ScholarDigital Library
Ziqiao Zhou, Michael K. Reiter, and Yinqian Zhang. 2016. A Software Approach to Defeating Side Channels in Last-Level Caches. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). ACM, New York, NY, USA, 871--882. Google ScholarDigital Library

Index Terms

EDDIE: EM-Based Detection of Deviations in Program Execution
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation

Recommendations

EDDIE: EM-Based Detection of Deviations in Program Execution
ISCA '17: Proceedings of the 44th Annual International Symposium on Computer Architecture

This paper describes EM-Based Detection of Deviations in Program Execution (EDDIE), a new method for detecting anomalies in program execution, such as malware and other code injections, without introducing any overheads, adding any hardware support, ...
Read More
RHMD: evasion-resilient hardware malware detectors
MICRO-50 '17: Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture

Hardware Malware Detectors (HMDs) have recently been proposed as a defense against the proliferation of malware. These detectors use low-level features, that can be collected by the hardware performance monitoring units on modern CPUs to detect malware ...
Read More
Malware detection using adaptive data compression
AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISec

A popular approach in current commercial anti-malware software detects malicious programs by searching in the code of programs for scan strings that are byte sequences indicative of malicious code. The scan strings, also known as the signatures of ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM SIGARCH Computer Architecture News Volume 45, Issue 2
ISCA'17
May 2017
715 pages
ISSN:0163-5964
DOI:10.1145/3140659
Editor:
Babak Falsafi
Interim
Issue’s Table of Contents
ISCA '17: Proceedings of the 44th Annual International Symposium on Computer Architecture
June 2017
736 pages
ISBN:9781450348928
DOI:10.1145/3079856
Copyright © 2017 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 24 June 2017
Check for updates
Author Tags
EM Emanation
Hardware Security
Internet-of-Things
Malware Detection
Qualifiers
- tutorial
- Research
- Refereed limited
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 82
  Total Citations
  View Citations
- 798
  Total Downloads
- Downloads (Last 12 months)70
- Downloads (Last 6 weeks)10
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

EDDIE: EM-Based Detection of Deviations in Program Execution

ACM SIGARCH Computer Architecture News

Abstract

References

Cited By

Index Terms

Recommendations

EDDIE: EM-Based Detection of Deviations in Program Execution

RHMD: evasion-resilient hardware malware detectors

Malware detection using adaptive data compression