Flexible Intrusion Detection Systems for Memory-Constrained Embedded Systems

Similar documents
A Model-Based Intrusion Detection System for Smart Meters

Intrusion Detection via Static Analysis

Transparent Monitoring of a Process Self in a Virtual Environment

The Model Checker SPIN

Keil C51 Cross Compiler

Using the CoreSight ITM for debug and testing in RTX applications

Contents. Intrusion Detection Systems (IDS) Intrusion Detection. Why Intrusion Detection? What is Intrusion Detection?

Intrusion Detection Systems

Lecture 9 verifying temporal logic

Intrusion Detection: Game Theory, Stochastic Processes and Data Mining

CSC230 Getting Starting in C. Tyler Bletsch

PERFORMANCE ENHANCEMENTS IN TreeAge Pro 2014 R1.0

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC

Boolean Expressions, Conditions, Loops, and Enumerations. Precedence Rules (from highest to lowest priority)

Building accurate intrusion detection systems. Diego Zamboni Global Security Analysis Lab IBM Zürich Research Laboratory

Section 6 Spring 2013

Korset: Code-based Intrusion Detection for Linux

Static Program Transformations for Efficient Software Model Checking

Putting it on the NIC: A Case Study on application offloading to a Network Interface Card (NIC)

StruxureWare TM Center Expert. Data

Automating Mimicry Attacks Using Static Binary Analysis

1 Introduction This document describes the service Performance monitoring for the GTS Virtual Hosting service.

Report Paper: MatLab/Database Connectivity

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation

Assertion Synthesis Enabling Assertion-Based Verification For Simulation, Formal and Emulation Flows

Modeling System Calls for Intrusion Detection with Dynamic Window Sizes

On Demand Loading of Code in MMUless Embedded System

Unified Static and Runtime Verification of Object-Oriented Software

Runtime Verification for Real-Time Automotive Embedded Software

Debugging. Common Semantic Errors ESE112. Java Library. It is highly unlikely that you will write code that will work on the first go

Test case design techniques I: Whitebox testing CISS

IDS / IPS. James E. Thiel S.W.A.T.

Detection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup

CS 141: Introduction to (Java) Programming: Exam 1 Jenny Orr Willamette University Fall 2013

Using Arduino Microcontrollers to Sense DC Motor Speed and Position

MAC A Run Time monitoring and checking tool

Doina Bucur. Temporal Monitors for

Getting Things Done: Practical Web/e-Commerce Application Stress Testing

Basics of VTune Performance Analyzer. Intel Software College. Objectives. VTune Performance Analyzer. Agenda

Computer Science 217

Arduino project. Arduino board. Serial transmission

Intrusion Detection via Machine Learning for SCADA System Protection

SIMATIC Sensors. The new software SIMATIC RF-MANAGER Simple management of RFID systems. Brochure April Answers for industry.

Security Products Development. Leon Juranic

GEMALTO M2M KEY TECHNOLOGY TRENDS OF M2M

Techniques for Real-System Characterization of Java Virtual Machine Energy and Power Behavior

Which ARM Cortex Core Is Right for Your Application: A, R or M?

Fingerprint Based Biometric Attendance System

Smart Cards a(s) Safety Critical Systems

Optimising the resource utilisation in high-speed network intrusion detection systems.

Wind River Device Management Wind River

Efficient RAM and control flow in verifiable outsourced computation

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Tutorial: Load Testing with CLIF

Intelligent Home Automation and Security System

Side Channel Analysis and Embedded Systems Impact and Countermeasures

Digitale Signalverarbeitung mit FPGA (DSF) Soft Core Prozessor NIOS II Stand Mai Jens Onno Krah

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

Helping you avoid stack overflow crashes!

StruxureWare TM Data Center Expert

Icepak High-Performance Computing at Rockwell Automation: Benefits and Benchmarks

Carlos Villavieja, Nacho Navarro Arati Baliga, Liviu Iftode

JReport Server Deployment Scenarios

The shortest path to cellular communications: Cellular Development Platform

RIOS: A Lightweight Task Scheduler for Embedded Systems

Embedded Software development Process and Tools:

Restorable Logical Topology using Cross-Layer Optimization

Security Optimization of Dynamic Networks with Probabilistic Graph Modeling and Linear Programming

>

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC

Application Intrusion Detection

Automatic Extraction of Accurate Application-Specific Sandboxing Policy

introduction to program monitoring

Introduction to Parallel Programming and MapReduce

Challenges in Mobile App Development. Brian Vanpee Samer Fahmy

3.1 Solving Systems Using Tables and Graphs

DESIGN OF SMS ENABLED CAR SECURITY SYSTEM

PyCompArch: Python-Based Modules for Exploring Computer Architecture Concepts

2.0 Command and Data Handling Subsystem

Service and Resource Discovery in Smart Spaces Composed of Low Capacity Devices

Chapter 13. PIC Family Microcontroller

Context-Bounded Model Checking of LTL Properties for ANSI-C Software. Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole

NGASI AppServer Manager SaaS/ASP Hosting Automation for Cloud Computing Administrator and User Guide

Real Time Monitoring System based on Embedded Linux Application

POMPDs Make Better Hackers: Accounting for Uncertainty in Penetration Testing. By: Chris Abbott

A Transport Protocol for Multimedia Wireless Sensor Networks

Help on the Embedded Software Block

A cloud-based architecture to crowdsource mobile app privacy leaks

Reviving smart card analysis

The Need for Intelligent Network Security: Adapting IPS for today s Threats

Korset: Automated, Zero False-Alarm Intrusion Detection for Linux

NSPK Protocol Security Model Checking System Builder

Design And Implementation Of Bank Locker Security System Based On Fingerprint Sensing Circuit And RFID Reader

Network Traffic Analysis

The Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack

Configuration Maximums VMware vsphere 4.1

Hello and welcome to this presentation of the STM32L4 Firewall. It covers the main features of this system IP used to secure sensitive code and data.

Instrumentation Software Profiling

Computer Automation Techniques. Arthur Carroll

Transcription:

Flexible Intrusion Detection Systems for Memory-Constrained Embedded Systems Farid Molazem, Karthik Pattabiraman University of British Columbia

2 Embedded Systems

3 Attacks spreading

Attacks spreading Need an Intrusion Detection System Intrusion Alarm 4

Existing solutions Statistical Techniques Neural networks [Moradi et. al.] Hidden Markov Models [Warrender et. al.] Support Vector Machines [Wenjie et. al.] Static analysis Call-graph, NDPDA [Wagner et. al.] Dyck [Giffin et. al.] 5

Challenge False positives device device device Center device device device device 6

Challenge Memory { a = receive(); if (a > 0) foo(a); else bar(a); } void foo(int a) { if (a % 2 == 0) even(a); else odd(a); } void bar(int a) { if (a == -1) error1(); else if (a == -2) error2(); } a > 0 a <= 0 a % 2 == 0 a % 2 == 1 a == -1 a == -2 7

Idea Can t fit everything in memory Quantify security Optimize security for the memory we have 8

Overview Coverage function Documents (SDD) Our work Code Monitoring trace IDS 9

What we do Coverage function Coverage function Documents (SDD) Documents (SDD) 1- Study Document Our work 2-Generating abstract Code 3-Static Analysis 4- Generating concrete 5- Select optimized Code 10

Steps 1-2 1- Study Document 2-Generating abstract 3-Static Analysis 4- Generating concrete 5- Select optimized Storage/Retrieval integrity Sensor data must eventually be stored on flash memory (getting sensordata ( store on flash)) Receive sensor data Temporal Logic : Something eventually happens : Something always happens : Something happens the next time Store on flash memory 11

Steps 3-4 Coverage function Documents (SDD) 1- Study Document 2-Generating abstract 3-Static Analysis 4- Generating concrete 5- Select optimized Code 12 Abstract Concrete (contain system calls)

Steps 3-4 1- Study Document 2-Generating abstract 3-Static Analysis 4- Generating concrete 5- Select optimized { }. data = socket.receive();. { }. write(f, data);. recv(4, 0x47cf68, 8192, 0) write(1, 0x47cf68, 4) = 4 (getting sensordata(data) ( store on flash(data))) 13 (receive(d) ( write(d)))

Step 5 Coverage function Documents (SDD) 1- Study Document 2-Generating abstract 3-Static Analysis 4- Generating concrete 5- Select optimized Code 14

Coverage, Example 1- Study Document 2- Generating abstract 3-Static Analysis 4- Generating concrete 5- Select optimized Define a coverage function on the graph and maximize it v 1 v 2 v 3 Security Properties p 1 p 2 p 3 v 4 p 4 15 v 5 v 6

Coverage, Example 1- Study Document 2- Generating abstract 3-Static Analysis 4- Generating concrete 5- Select optimized Define a coverage function on the graph and maximize it Security Properties p 1 p 2 p 3 p 4 v 1 16 v 2 v 3 v 4 v 5 v 6

Coverage, Example 1- Study Document 2- Generating abstract 3-Static Analysis 4- Generating concrete 5- Select optimized MaxMin Coverage IDS: Intuition: Make the weakest coverage as strong as possible Security Properties 1/2 2/3 1/2 0/1 p 1 p 2 p 3 p 4 17 v 1 v 2 v 3 v 4 v 5 v 6

Coverage, Example 1- Study Document 2- Generating abstract 3-Static Analysis 4- Generating concrete 5- Select optimized MaxMin Coverage IDS: Intuition: Make the weakest coverage as strong as possible Security Properties 2/2 2/3 1/2 1/1 p 1 p 2 p 3 p 4 18 v 1 v 2 v 3 v 4 v 5 v 6

Building the IDS Select the from the graph Automatically convert it to Buchi Automaton Iterative process, optimize for memory. 19

Building the IDS (a -> F b) && (a -> F s) && (b -> F c) && (e -> F c) && (t -> F (a && X b)) && (v -> F (e && X d)) && (s -> F d) && (s -> F e) && (s -> F w) 20

Building the IDS (a -> F b) && (a -> F s) && (b -> F c) && (e -> F c) && (t -> F (a && X b)) 21

Building the IDS (a -> F b) && (a -> F s) 22

Evaluation SegMeter: Smart meter, an important device used in smart homes Meter: Arduino board ATMEGA 32x series microcontroller Sensors Gateway board Broadcom BCM 3302 240MHz CPU 16 MB RAM 4 MB available for IDS OpenWRT Linux IDS runs on the Gateway board No attack database available => We use fault injection to simulate attacks 23

Fault injection Flipping branches if (data_file ~= nil) then big_string = data_file:read("*all") end if (data_file == nil) then big_string = data_file:read("*all") end 24

Research questions How close is the estimated coverage at design time to the coverage at run-time? Shows whether the theoretical optimization is useful What is the performance overhead Shows whether it is practical to implement and use 25

Results (MaxMin IDS) How good is the coverage of the IDS? How good the graph-based optimization is reflected at run-time? detection(%)= number of detected attacks/total umber of injected attac 26

27 Performance overhead

Discussions Quantifiable coverage provides flexibility How to pick a coverage function? Having a complete software engineering life cycle can help producing automated security solutions 28

Conclusions Traditional solutions don t work We can quantify security We can use different security measurement functions Coverage function Documents (SDD) 1- Study Document 2- Generating abstract 3-Static Analysis 4- Generating concrete 5- Select optimized Code 29 faridm@ece.ubc.ca

Coverage, Example 2 MaxProperty IDS: Maxmize security properties that are fully covered v 1 v 2 v 3 v 4 v 5 v 6 Security Properties p 1 p 2 p 3 p 4 30

Results (MaxProperty IDS) How good is the coverage of the IDS? How good the graph-based optimization is reflected at run-time? 31

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information