TY - GEN
T1 - ConFirm
T2 - 34th IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2015
AU - Wang, Xueyang
AU - Konstantinou, Charalambos
AU - Maniatakos, Michail
AU - Karri, Ramesh
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2016/1/5
Y1 - 2016/1/5
N2 - Critical infrastructure components nowadays use microprocessor-based embedded control systems. It is often infeasible, however, to employ the same level of security measures used in general purpose computing systems, due to the stringent performance and resource constraints of embedded control systems. Furthermore, as software sits atop and relies on the firmware for proper operation, software-level techniques cannot detect malicious behavior of the firmware. In this work, we propose ConFirm, a low-cost technique to detect malicious modifications in the firmware of embedded control systems by measuring the number of low-level hardware events that occur during the execution of the firmware. In order to count these events, ConFirm leverages the Hardware Performance Counters (HPCs), which readily exist in many embedded processors. We evaluate the detection capability and performance overhead of the proposed technique on various types of firmware running on ARM- and PowerPC-based embedded processors. Experimental results demonstrate that ConFirm can detect all the tested modifications with low performance overhead.
AB - Critical infrastructure components nowadays use microprocessor-based embedded control systems. It is often infeasible, however, to employ the same level of security measures used in general purpose computing systems, due to the stringent performance and resource constraints of embedded control systems. Furthermore, as software sits atop and relies on the firmware for proper operation, software-level techniques cannot detect malicious behavior of the firmware. In this work, we propose ConFirm, a low-cost technique to detect malicious modifications in the firmware of embedded control systems by measuring the number of low-level hardware events that occur during the execution of the firmware. In order to count these events, ConFirm leverages the Hardware Performance Counters (HPCs), which readily exist in many embedded processors. We evaluate the detection capability and performance overhead of the proposed technique on various types of firmware running on ARM- and PowerPC-based embedded processors. Experimental results demonstrate that ConFirm can detect all the tested modifications with low performance overhead.
UR - http://www.scopus.com/inward/record.url?scp=84964440091&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84964440091&partnerID=8YFLogxK
U2 - 10.1109/ICCAD.2015.7372617
DO - 10.1109/ICCAD.2015.7372617
M3 - Conference contribution
AN - SCOPUS:84964440091
T3 - 2015 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2015
SP - 544
EP - 551
BT - 2015 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2015
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 2 November 2015 through 6 November 2015
ER -