ConFirm: Detecting firmware modifications in embedded systems using Hardware Performance Counters

Xueyang Wang, Charalambos Konstantinou, Michail Maniatakos, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Critical infrastructure components nowadays use microprocessor-based embedded control systems. It is often infeasible, however, to employ the same level of security measures used in general purpose computing systems, due to the stringent performance and resource constraints of embedded control systems. Furthermore, as software sits atop and relies on the firmware for proper operation, software-level techniques cannot detect malicious behavior of the firmware. In this work, we propose ConFirm, a low-cost technique to detect malicious modifications in the firmware of embedded control systems by measuring the number of low-level hardware events that occur during the execution of the firmware. In order to count these events, ConFirm leverages the Hardware Performance Counters (HPCs), which readily exist in many embedded processors. We evaluate the detection capability and performance overhead of the proposed technique on various types of firmware running on ARM- and PowerPC-based embedded processors. Experimental results demonstrate that ConFirm can detect all the tested modifications with low performance overhead.

Original languageEnglish (US)
Title of host publication2015 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages544-551
Number of pages8
ISBN (Electronic)9781467383882
DOIs
StatePublished - Jan 5 2016
Event34th IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2015 - Austin, United States
Duration: Nov 2 2015Nov 6 2015

Publication series

Name2015 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2015

Other

Other34th IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2015
CountryUnited States
CityAustin
Period11/2/1511/6/15

ASJC Scopus subject areas

  • Computer Graphics and Computer-Aided Design

Fingerprint Dive into the research topics of 'ConFirm: Detecting firmware modifications in embedded systems using Hardware Performance Counters'. Together they form a unique fingerprint.

  • Cite this

    Wang, X., Konstantinou, C., Maniatakos, M., & Karri, R. (2016). ConFirm: Detecting firmware modifications in embedded systems using Hardware Performance Counters. In 2015 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2015 (pp. 544-551). [7372617] (2015 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2015). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICCAD.2015.7372617