Abstract
This paper describes EM-Based Detection of Deviations in Program Execution (EDDIE), a new method for detecting anomalies in program execution, such as malware and other code injections, without introducing any overheads, adding any hardware support, changing any software, or using any resources on the monitored system itself. Monitoring with EDDIE involves receiving electromagnetic (EM) emanations that are emitted as a side effect of execution on the monitored system, and it relies on spikes in the EM spectrum that are produced as a result of periodic (e.g. loop) activity in the monitored execution. During training, EDDIE characterizes normal execution behavior in terms of peaks in the EM spectrum that are observed at various points in the program execution, but it does not need any characterization of the malware or other code that might later be injected. During monitoring, EDDIE identifies peaks in the observed EM spectrum, and compares these peaks to those learned during training. Since EDDIE requires no resources on the monitored machine and no changes to the monitored software, it is especially well suited for security monitoring of embedded and IoT devices. We evaluate EDDIE on a real IoT system and in a cycle-accurate simulator, and find that even relatively brief injected bursts of activity (a few milliseconds) are detected by EDDIE with high accuracy, and that it also accurately detects when even a few instructions are injected into an existing loop within the application.
- AARONIA. 2016. Datasheet: RF Near Field Probe Set DC to 9GHz. (April 2016). Retrieved April 6, 2016 from "http://www.aaronia.com/Datasheets/Antennas/RF-Near-Field-Probe-Set.pdf".Google Scholar
- Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2009. Control-flow Integrity Principles, Implementations, and Applications. ACM Trans. Inf. Syst. Secur. 13, 1, Article 4 (Nov. 2009), 40 pages. Google ScholarDigital Library
- Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi. 2003. The EM Side-Channel(s). In Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES '02). Springer-Verlag, London, UK, UK, 29--45. http://dl.acm.org/citation.cfm?id=648255.752713 Google ScholarDigital Library
- CarlosR. Aguayo Gonzalez and JeffreyH. Reed. 2011. Power fingerprinting in SDR integrity assessment for security and regulatory compliance. Analog Integrated Circuits and Signal Processing 69, 2--3 (2011), 307--327. Google ScholarDigital Library
- Mamoun Alazab, Sitalakshmi Venkatraman, Paul Watters, and Moutaz Alazab. 2011. Zero-day Malware Detection Based on Supervised Learning Algorithms of API Call Signatures. In Proceedings of the Ninth Australasian Data Mining Conference - Volume 121 (AusDM '11). Australian Computer Society, Inc., Darlinghurst, Australia, Australia, 171--182. http://dl.acm.org/citation.cfm?id=2483628.2483648 Google ScholarDigital Library
- Kevin Allix, Tegawendé F. Bissyandé, Quentin Jérome, Jacques Klein, Radu State, and Yves Le Traon. 2016. Empirical Assessment of Machine Learning-based Malware Detectors for Android. Empirical Softw. Engg. 21, 1 (Feb. 2016), 183--211. Google ScholarDigital Library
- Gorka Irazoqui Apecechea, Thomas Eisenbarth, and Berk Sunar. 2015. S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing - and Its Application to AES. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. 591--604. Google ScholarDigital Library
- ARM. 2016. ARM Cortex A8 Processor Manual. (April 2016). Retrieved April 3, 2016 from "https://www.arm.com/products/processors/cortex-a/cortex-a8.php".Google Scholar
- Divya Arora, Srivaths Ravi, Anand Raghunathan, and Niraj K. Jha. 2005. Secure Embedded Processing Through Hardware-Assisted Run-Time Monitoring. In Proceedings of the Conference on Design, Automation and Test in Europe - Volume 1 (DATE '05). IEEE Computer Society, Washington, DC, USA, 178--183. Google ScholarDigital Library
- Ali Galip Bayrak, Francesco Regazzoni, Philip Brisk, François-Xavier Standaert, and Paolo Ienne. 2011. A First Step Towards Automatic Application of Power Analysis Countermeasures. In Proceedings of the 48th Design Automation Conference (DAC '11). ACM, New York, NY, USA, 230--235. Google ScholarDigital Library
- David Brooks, Vivek Tiwari, and Margaret Martonosi. 2000. Wattch: A Framework for Architectural-level Power Analysis and Optimizations. In Proceedings of the 27th Annual International Symposium on Computer Architecture (ISCA '00). ACM, New York, NY, USA, 83--94. Google ScholarDigital Library
- David Brumley and Dan Boneh. 2003. Remote Timing Attacks Are Practical. In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12 (SSYM'03). USENIX Association, Berkeley, CA, USA, 1--1. http://dl.acm.org/citation.cfm?id=1251353.1251354 Google ScholarDigital Library
- Robert Callan, Farnaz Behrang, Alenka Zajic, Milos Prvulovic, and Alessandro Orso. 2016. Zero-overhead Profiling via EM Emanations. In Proceedings of the 25th International Symposium on Software Testing and Analysis (ISSTA 2016). ACM, New York, NY, USA, 401--412. Google ScholarDigital Library
- Davide Canali, Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, and Engin Kirda. 2012. A Quantitative Study of Accuracy in System Call-based Malware Detection. In Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA 2012). ACM, New York, NY, USA, 122--132. Google ScholarDigital Library
- Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. 1999. Towards Sound Approaches to Counteract Power-Analysis Attacks. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '99). Springer-Verlag, London, UK, UK, 398--412. http://dl.acm.org/citation.cfm?id=646764.703964 Google ScholarDigital Library
- ShaneS. Clark, Hossen Mustafa, Benjamin Ransford, Jacob Sorber, Kevin Fu, and Wenyuan Xu. 2013. Current Events: Identifying Webpages by Tapping the Electrical Outlet. In Computer Security- ESORICS 2013. Lecture Notes in Computer Science, Vol. 8134. 700--717.Google ScholarCross Ref
- Shane S. Clark, Benjamin Ransford, and Kevin Fu. 2012. Potentia Est Scientia: Security and Privacy Implications of Energy-proportional Computing. In Proceedings of the 7th USENIX Conference on Hot Topics in Security (HotSec'12). USENIX Association, Berkeley, CA, USA, 3--3. http://dl.acm.org/citation.cfm?id=2372387.2372390 Google ScholarDigital Library
- Shane S. Clark, Benjamin Ransford, Amir Rahmati, Shane Guineau, Jacob Sorber, Kevin Fu, and Wenyuan Xu. 2013. WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices. In Proceedings of the 2013 USENIX Conference on Safety, Security, Privacy and Interoperability of Health Information Technologies (HealthTech'13). USENIX Association, Berkeley, CA, USA, 9--9. http://dl.acm.org/citation.cfm?id=2696523.2696532 Google ScholarDigital Library
- Bart Coppens, Ingrid Verbauwhede, Koen De Bosschere, and Bjorn De Sutter. 2009. Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy (SP '09). IEEE Computer Society, Washington, DC, USA, 45--60. Google ScholarDigital Library
- Sanjeev Das, Yang Liu, Wei Zhang, and Mahintham Chandramohan. 2016. Semantics-Based Online Malware Detection: Towards Efficient Real-Time Protection Against Malware. IEEE Transactions on Information Forensics and Security 11, 2 (Feb 2016), 289--302.Google ScholarCross Ref
- Lucas Davi, Matthias Hanreich, Debayan Paul, Ahmad-Reza Sadeghi, Patrick Koeberl, Dean Sullivan, Orlando Arias, and Yier Jin. 2015. HAFIX: Hardware-assisted Flow Integrity Extension. In Proceedings of the 52Nd Annual Design Automation Conference (DAC '15). ACM, New York, NY, USA, Article 74, 6 pages. Google ScholarDigital Library
- Lucas Davi, Patrick Koeberl, and Ahmad-Reza Sadeghi. 2014. Hardware-Assisted Fine-Grained Control-Flow Integrity: Towards Efficient Protection of Embedded Systems Against Software Exploitation. In Proceedings of the 51st Annual Design Automation Conference (DAC '14). ACM, New York, NY, USA, Article 133, 6 pages. Google ScholarDigital Library
- John Demme, Matthew Maycock, Jared Schmitz, Adrian Tang, Adam Waksman, Simha Sethumadhavan, and Salvatore Stolfo. 2013. On the Feasibility of Online Malware Detection with Performance Counters. In Proceedings of the 40th Annual International Symposium on Computer Architecture (ISCA '13). ACM, New York, NY, USA, 559--570. Google ScholarDigital Library
- Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee. 2008. Ether: Malware Analysis via Hardware Virtualization Extensions. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS '08). ACM, New York, NY, USA, 51--62. Google ScholarDigital Library
- Ken Dunham. 2003. Evaluating Anti-Virus Software: Which Is Best? Information Systems Security 12, 3 (2003), 17--28.Google ScholarCross Ref
- Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2008. A Survey on Automated Dynamic Malware-analysis Techniques and Tools. ACM Comput. Surv. 44, 2, Article 6 (March 2008), 42 pages. Google ScholarDigital Library
- William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2010. TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones. (2010), 393--407. http://dl.acm.org/citation.cfm?id=1924943.1924971 Google ScholarDigital Library
- Aurélien Francillon and Claude Castelluccia. 2008. Code Injection Attacks on Harvard-architecture Devices. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS '08). ACM, New York, NY, USA, 15--26. Google ScholarDigital Library
- Karine Gandolfi, Christophe Mourtel, and Francis Olivier. 2001. Electromagnetic Analysis: Concrete Results. In Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems (CHES '01). Springer-Verlag, London, UK, UK, 251--261. http://dl.acm.org/citation.cfm?id=648254.752700 Google ScholarDigital Library
- Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer. 2015. Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation. In Cryptographic Hardware and Embedded Systems -- CHES 2015: 17th International Workshop, Saint-Malo, France, September 13-16, 2015, Proceedings, Tim Güneysu and Helena Handschuh (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 207--228.Google Scholar
- Daniel Genkin, Itamar Pipman, and Eran Tromer. 2014. Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs. In Proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems --- CHES 2014 - Volume 8731. Springer-Verlag New York, Inc., New York, NY, USA, 242--260. Google ScholarDigital Library
- Daniel Genkin, Adi Shamir, and Eran Tromer. 2014. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis. In Advances in Cryptology -- CRYPTO 2014: 34th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2014, Proceedings, Part I. Springer Berlin Heidelberg, Berlin, Heidelberg, 444--461.Google Scholar
- Louis Goubin and Jacques Patarin. 1999. DES and Differential Power Analysis (The "Duplication" Method). In Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems (CHES '99). Springer-Verlag, London, UK, UK, 158--172. http://dl.acm.org/citation.cfm?id=648252.752372 Google ScholarDigital Library
- Dale I Foreman Gregory W Corder. 2011. Nonparametric Statistics for Non-Statisticians: A Step-by-Step Approach. Wiley. https://books.google.com/books?id=T3qOqdpSz6YCGoogle Scholar
- Kent Griffin, Scott Schneider, Xin Hu, and Tzi-Cker Chiueh. 2009. Automatic Generation of String Signatures for Malware Detection. In Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection (RAID '09). Springer-Verlag, Berlin, Heidelberg, 101--120. Google ScholarDigital Library
- Matthew R Guthaus, Jeffrey S Ringenberg, Dan Ernst, Todd M Austin, Trevor Mudge, and Richard B Brown. 2001. MiBench: A Free, Commercially Representative Embedded Benchmark Suite. In Proceedings of the Workload Characterization, 2001. WWC-4. 2001 IEEE International Workshop (WWC '01). IEEE Computer Society, Washington, DC, USA, 3--14. Google ScholarDigital Library
- Yu-ichi Hayashi, Naofumi Homma, Takaaki Mizuki, Haruki Shimada, Takafumi Aoki, Hideaki Sone, Laurent Sauvage, and Jean-Luc Danger. 2013. Efficient Evaluation of EM Radiation Associated With Information Leakage From Cryptographic Devices. IEEE Transactions on Electromagnetic Compatibility 55, 3 (June 2013), 555--563.Google Scholar
- Harold Joseph Highland. 1986. Random Bits & Bytes: Electromagnetic Radiation Revisited. Comput. Secur. 5, 2 (June 1986), 85--93. Google ScholarDigital Library
- TD Huang, Wen-Sheng Wang, and Kuo-Lung Lian. 2015. A New Power Signature for Nonintrusive Appliance Load Monitoring. IEEE Transactions on Smart Grid 6, 4 (July 2015), 1994--1995.Google ScholarCross Ref
- Kelly Hughes and Yanzhen Qu. 2014. Performance Measures of Behavior-Based Signatures: An Anti-malware Solution for Platforms with Limited Computing Resource. In Proceedings of the 2014 Ninth International Conference on Availability, Reliability and Security (ARES '14). IEEE Computer Society, Washington, DC, USA, 303--309. Google ScholarDigital Library
- Mikhail Kazdagli, Vijay Janapa Reddi, and Mohit Tiwari. 2016. Quantifying and improving the efficiency of hardware-based mobile malware detectors. In 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 1--13.Google ScholarCross Ref
- Keysight-Technologies. 2016. DSOS804A High-Definition Oscilloscope: 8 GHz, 4 Analog Channels. (April 2016). Retrieved April 1, 2016 from "http://www.keysight.com/en/pdx-x202073-pn-DSOS804A/high-definition-oscilloscope-8-ghz-4-analog-channels?cc=US&lc=eng".Google Scholar
- Mohammad Maifi Hasan Khan, Hieu K. Le, Michael LeMay, Parya Moinzadeh, Lili Wang, Yong Yang, Dong K. Noh, Tarek Abdelzaher, Carl A. Gunter, Jiawei Han, and Xin Jin. 2010. Diagnostic Powertracing for Sensor Node Failure Analysis. In Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN '10). ACM, New York, NY, USA, 117--128. Google ScholarDigital Library
- Hahnsang Kim, Joshua Smith, and Kang G. Shin. 2008. Detecting Energy-greedy Anomalies and Mobile Malware Variants. In Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services (MobiSys '08). ACM, New York, NY, USA, 239--252. Google ScholarDigital Library
- Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. STEALTHMEM: System-level Protection Against Cache-based Side Channel Attacks in the Cloud. In Proceedings of the 21st USENIX Conference on Security Symposium (Security'12). USENIX Association, Berkeley, CA, USA, 11--11. http://dl.acm.org/citation.cfm?id=2362793.2362804 Google ScholarDigital Library
- Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors. In Proceeding of the 41st Annual International Symposium on Computer Architecuture (ISCA '14). IEEE Press, Piscataway, NJ, USA, 361--372. http://dl.acm.org/citation.cfm?id=2665671.2665726 Google ScholarDigital Library
- Paul C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '96). Springer-Verlag, London, UK, UK, 104--113. http://dl.acm.org/citation.cfm?id=646761.706156 Google ScholarDigital Library
- Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '99). Springer-Verlag, London, UK, UK, 388--397. http://dl.acm.org/citation.cfm?id=646764.703989 Google ScholarDigital Library
- Markus Guenther Kuhn. 2003. Compromising emanations: eavesdropping risks of computer displays. (dec 2003). Retrieved:http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.pdfGoogle Scholar
- Markus Guenther Kuhn. 2013. Compromising Emanations of LCD TV Sets. IEEE Transactions on Electromagnetic Compatibility 55, 3 (June 2013), 564--570.Google ScholarCross Ref
- Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-Level Cache Side-Channel Attacks Are Practical. In Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP '15). IEEE Computer Society, Washington, DC, USA, 605--622. Google ScholarDigital Library
- Shufu Mao and Tilman Wolf. 2007. Hardware Support for Secure Processing in Embedded Systems. In Proceedings of the 44th Annual Design Automation Conference (DAC '07). ACM, New York, NY, USA, 483--488. Google ScholarDigital Library
- Frank J Massey Jr. 1951. The Kolmogorov-Smirnov test for goodness of fit. Journal of the American statistical Association 46, 253 (1951), 68--78.Google ScholarCross Ref
- Gary McGraw and Greg Morrisett. 2000. Attacking Malicious Code: A Report to the Infosec Research Council. IEEE Softw. 17, 5 (Sept. 2000), 33--41. Google ScholarDigital Library
- Thomas S. Messerges, Ezzy A. Dabbish, and Robert H. Sloan. 1999. Power Analysis Attacks of Modular Exponentiation in Smartcards. In Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems (CHES '99). Springer-Verlag, London, UK, UK, 144--157. http://dl.acm.org/citation.cfm?id=648252.752374 Google ScholarDigital Library
- Aziz Mohaisen and Omar Alrawi. 2014. AV-Meter: An Evaluation of Antivirus Scans and Labels. Springer International Publishing, Cham, 112--131.Google Scholar
- James Newsome and Dawn Xiaodong Song. 2005. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2005, San Diego, California, USA.Google Scholar
- Meltem Ozsoy, Caleb Donovick, Iakov Gorelik, Nael Abu-Ghazaleh, and Dmitry Ponomarev. 2015. Malware-aware processors: A framework for efficient online malware detection. In 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA). 651--661.Google ScholarCross Ref
- Meltem Ozsoy, Khaled N Khasawneh, Caleb Donovick, Iakov Gorelik, Nael Abu-Ghazaleh, and Dmitry Ponomarev. 2016. Hardware-Based Malware Detection Using Low-Level Architectural Features. IEEE Trans. Comput. 65, 11 (Nov 2016), 3332--3344. Google ScholarDigital Library
- Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. 2013. Transparent ROP Exploit Mitigation Using Indirect Branch Tracing. In Proceedings of the 22Nd USENIX Conference on Security (SEC'13). USENIX Association, Berkeley, CA, USA, 447--462. http://dl.acm.org/citation.cfm?id=2534766.2534805 Google ScholarDigital Library
- Bryan D. Payne, Martim Carbone, Monirul Sharif, and Wenke Lee. 2008. Lares: An Architecture for Secure Active Monitoring Using Virtualization. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP '08). IEEE Computer Society, Washington, DC, USA, 233--247. Google ScholarDigital Library
- Naser Peiravian and Xingquan Zhu. 2013. Machine Learning for Android Malware Detection Using Permission and API Calls. In Proceedings of the 2013 IEEE 25th International Conference on Tools with Artificial Intelligence (ICTAI '13). IEEE Computer Society, Washington, DC, USA, 300--305. Google ScholarDigital Library
- Thomas Plos, Michael Hutter, and Christoph Herbst. 2008. Enhancing side-channel analysis with low-cost shielding techniques. In Proceedings of Austrochip. Retrieved from "https://online.tugraz.at/tug_online/voe_main2.getvolltext?pCurrPk=38353".Google Scholar
- Francois Poucheret, Lyonel Barthe, Pascal Benoit, Lionel Torres, Philippe Maurine, and Michel Robert. 2010. Spatial EM jamming: A countermeasure against EM Analysis?. In 2010 18th IEEE/IFIP International Conference on VLSI and System-on-Chip. 105--110.Google ScholarCross Ref
- Roshan G Ragel and Sri Parameswaran. 2006. IMPRES: integrated monitoring for processor reliability and security. In 2006 43rd ACM/IEEE Design Automation Conference. 502--505. Google ScholarDigital Library
- Mehryar Rahmatian, Hessam Kooti, Ian G Harris, and Elaheh Bozorgzadeh. 2012. Hardware-Assisted Detection of Malicious Software in Embedded Systems. IEEE Embedded Systems Letters 4, 4 (Dec 2012), 94--97. Google ScholarDigital Library
- Glen Reinman and Norman P Jouppi. 2000. CACTI 2.0: An integrated cache timing and power model. Western Research Lab Research Report 7 (2000).Google Scholar
- Jose Renau, Basilio Fraguela, James Tuck, Wei Liu, Milos Prvulovic, Luis Ceze, Smruti Sarangi, Paul Sack, Karin Strauss, and Pablo Montesinos. 2005. SESC simulator. (January 2005). http://sesc.sourceforge.net.Google Scholar
- Werner Schindler. 2000. A Timing Attack Against RSA with the Chinese Remainder Theorem. In Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems (CHES '00). Springer-Verlag, London, UK, UK, 109--124. http://dl.acm.org/citation.cfm?id=648253.752399 Google ScholarDigital Library
- Colin Schmidt. 2014. Low Level Virtual Machine (LLVM). (Feb 2014). Retrieved on April 1 from https://github.com/llvm-mirror/llvm.Google Scholar
- Nader Sehatbakhsh, Alireza Nazari, Alenka Zajic, and Milos Prvulovic. 2016. Spectral profiling: Observer-effect-free profiling by monitoring EM emanations. In 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 1--11.Google ScholarCross Ref
- Hidenori Sekiguchi and S Seto. 2008. Proposal of an Information Signal Measurement Method in Display Image Contained in Electromagnetic Noise Emanated from a Personal Computer. (May 2008), 1859--1863.Google Scholar
- Hidenori Sekiguchi and S Seto. 2013. Study on Maximum Receivable Distance for Radiated Emission of Information Technology Equipment Causing Information Leakage. IEEE Transactions on Electromagnetic Compatibility 55, 3 (June 2013), 547--554.Google ScholarCross Ref
- Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek. 2016. HDFI: Hardware-Assisted Data-Flow Isolation. In 2016 IEEE Symposium on Security and Privacy (SP). 1--17.Google Scholar
- G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. 2004. Secure Program Execution via Dynamic Information Flow Tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XI). ACM, New York, NY, USA, 85--96. Google ScholarDigital Library
- Yasunao Suzuki and Yoshiharu Akiyama. 2010. Jamming technique to prevent information leakage caused by unintentional emissions of PC video signals. In 2010 IEEE International Symposium on Electromagnetic Compatibility. 132--137.Google ScholarCross Ref
- Hidema Tanaka. 2007. Information Leakage via Electromagnetic Emanations and Evaluation of Tempest Countermeasures. In Proceedings of the 3rd International Conference on Information Systems Security (ICISS'07). Springer-Verlag, Berlin, Heidelberg, 167--179. http://dl.acm.org/citation.cfm?id=1779274.1779292 Google ScholarDigital Library
- Adrian Tang, Simha Sethumadhavan, and Salvatore J. Stolfo. 2014. Unsupervised Anomaly-Based Malware Detection Using Hardware Features. Springer International Publishing, Cham, 109--129.Google Scholar
- Guru Venkataramani, Ioannis Doudalis, Yan Solihin, and Milos Prvulovic. 2008. FlexiTaint: A programmable accelerator for dynamic taint propagation. In 2008 IEEE 14th International Symposium on High Performance Computer Architecture. 173--184.Google ScholarCross Ref
- Zhenghong Wang and Ruby B. Lee. 2007. New Cache Designs for Thwarting Software Cache-based Side Channel Attacks. In Proceedings of the 34th Annual International Symposium on Computer Architecture (ISCA '07). ACM, New York, NY, USA, 494--505. Google ScholarDigital Library
- Yubin Xia, Yutao Liu, Haibo Chen, and Binyu Zang. 2012. CFIMon: Detecting Violation of Control Flow Integrity Using Performance Counters. In Proceedings of the 2012 42Nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (DSN '12). IEEE Computer Society, Washington, DC, USA, 1--12. http://dl.acm.org/citation.cfm?id=2354410.2355130 Google ScholarDigital Library
- Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-channel Attack. In Proceedings of the 23rd USENIX Conference on Security Symposium (SEC'14). USENIX Association, Berkeley, CA, USA, 719--732. http://dl.acm.org/citation.cfm?id=2671225.2671271 Google ScholarDigital Library
- Ilsun You and Kangbin Yim. 2010. Malware Obfuscation Techniques: A Brief Survey. In Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA '10). IEEE Computer Society, Washington, DC, USA, 297--300. Google ScholarDigital Library
- A. Zajic and M. Prvulovic. 2014. Experimental Demonstration of Electromagnetic Information Leakage From Modern Processor-Memory Systems. IEEE Transactions on Electromagnetic Compatibility 56, 4 (Aug 2014), 885--893.Google ScholarCross Ref
- Mingwei Zhang and R. Sekar. 2013. Control Flow Integrity for COTS Binaries. In Proceedings of the 22Nd USENIX Conference on Security (SEC'13). USENIX Association, Berkeley, CA, USA, 337--352. http://dl.acm.org/citation.cfm?id=2534766.2534796 Google ScholarDigital Library
- Ziqiao Zhou, Michael K. Reiter, and Yinqian Zhang. 2016. A Software Approach to Defeating Side Channels in Last-Level Caches. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). ACM, New York, NY, USA, 871--882. Google ScholarDigital Library
Index Terms
- EDDIE: EM-Based Detection of Deviations in Program Execution
Recommendations
EDDIE: EM-Based Detection of Deviations in Program Execution
ISCA '17: Proceedings of the 44th Annual International Symposium on Computer ArchitectureThis paper describes EM-Based Detection of Deviations in Program Execution (EDDIE), a new method for detecting anomalies in program execution, such as malware and other code injections, without introducing any overheads, adding any hardware support, ...
RHMD: evasion-resilient hardware malware detectors
MICRO-50 '17: Proceedings of the 50th Annual IEEE/ACM International Symposium on MicroarchitectureHardware Malware Detectors (HMDs) have recently been proposed as a defense against the proliferation of malware. These detectors use low-level features, that can be collected by the hardware performance monitoring units on modern CPUs to detect malware ...
Malware detection using adaptive data compression
AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISecA popular approach in current commercial anti-malware software detects malicious programs by searching in the code of programs for scan strings that are byte sequences indicative of malicious code. The scan strings, also known as the signatures of ...
Comments