research-article

EDDIE: EM-Based Detection of Deviations in Program Execution

Authors:

Alireza Nazari,

Nader Sehatbakhsh,

Milos PrvulovicAuthors Info & Claims

ISCA '17: Proceedings of the 44th Annual International Symposium on Computer Architecture

Pages 333 - 346

https://doi.org/10.1145/3079856.3080223

Published: 24 June 2017 Publication History

Abstract

This paper describes EM-Based Detection of Deviations in Program Execution (EDDIE), a new method for detecting anomalies in program execution, such as malware and other code injections, without introducing any overheads, adding any hardware support, changing any software, or using any resources on the monitored system itself. Monitoring with EDDIE involves receiving electromagnetic (EM) emanations that are emitted as a side effect of execution on the monitored system, and it relies on spikes in the EM spectrum that are produced as a result of periodic (e.g. loop) activity in the monitored execution. During training, EDDIE characterizes normal execution behavior in terms of peaks in the EM spectrum that are observed at various points in the program execution, but it does not need any characterization of the malware or other code that might later be injected. During monitoring, EDDIE identifies peaks in the observed EM spectrum, and compares these peaks to those learned during training. Since EDDIE requires no resources on the monitored machine and no changes to the monitored software, it is especially well suited for security monitoring of embedded and IoT devices. We evaluate EDDIE on a real IoT system and in a cycle-accurate simulator, and find that even relatively brief injected bursts of activity (a few milliseconds) are detected by EDDIE with high accuracy, and that it also accurately detects when even a few instructions are injected into an existing loop within the application.

References

[1]

AARONIA. 2016. Datasheet: RF Near Field Probe Set DC to 9GHz. (April 2016). Retrieved April 6, 2016 from "http://www.aaronia.com/Datasheets/Antennas/RF-Near-Field-Probe-Set.pdf".

[2]

Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2009. Control-flow Integrity Principles, Implementations, and Applications. ACM Trans. Inf. Syst. Secur. 13, 1, Article 4 (Nov. 2009), 40 pages.

Digital Library

[3]

Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi. 2003. The EM Side-Channel(s). In Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES '02). Springer-Verlag, London, UK, UK, 29--45. http://dl.acm.org/citation.cfm?id=648255.752713

Digital Library

[4]

CarlosR. Aguayo Gonzalez and JeffreyH. Reed. 2011. Power fingerprinting in SDR integrity assessment for security and regulatory compliance. Analog Integrated Circuits and Signal Processing 69, 2--3 (2011), 307--327.

Digital Library

[5]

Mamoun Alazab, Sitalakshmi Venkatraman, Paul Watters, and Moutaz Alazab. 2011. Zero-day Malware Detection Based on Supervised Learning Algorithms of API Call Signatures. In Proceedings of the Ninth Australasian Data Mining Conference - Volume 121 (AusDM '11). Australian Computer Society, Inc., Darlinghurst, Australia, Australia, 171--182. http://dl.acm.org/citation.cfm?id=2483628.2483648

Digital Library

[6]

Kevin Allix, Tegawendé F. Bissyandé, Quentin Jérome, Jacques Klein, Radu State, and Yves Le Traon. 2016. Empirical Assessment of Machine Learning-based Malware Detectors for Android. Empirical Softw. Engg. 21, 1 (Feb. 2016), 183--211.

Digital Library

[7]

Gorka Irazoqui Apecechea, Thomas Eisenbarth, and Berk Sunar. 2015. S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing - and Its Application to AES. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. 591--604.

Digital Library

[8]

ARM. 2016. ARM Cortex A8 Processor Manual. (April 2016). Retrieved April 3, 2016 from "https://www.arm.com/products/processors/cortex-a/cortex-a8.php".

[9]

Divya Arora, Srivaths Ravi, Anand Raghunathan, and Niraj K. Jha. 2005. Secure Embedded Processing Through Hardware-Assisted Run-Time Monitoring. In Proceedings of the Conference on Design, Automation and Test in Europe - Volume 1 (DATE '05). IEEE Computer Society, Washington, DC, USA, 178--183.

Digital Library

[10]

Ali Galip Bayrak, Francesco Regazzoni, Philip Brisk, François-Xavier Standaert, and Paolo Ienne. 2011. A First Step Towards Automatic Application of Power Analysis Countermeasures. In Proceedings of the 48th Design Automation Conference (DAC '11). ACM, New York, NY, USA, 230--235.

Digital Library

[11]

David Brooks, Vivek Tiwari, and Margaret Martonosi. 2000. Wattch: A Framework for Architectural-level Power Analysis and Optimizations. In Proceedings of the 27th Annual International Symposium on Computer Architecture (ISCA '00). ACM, New York, NY, USA, 83--94.

Digital Library

[12]

David Brumley and Dan Boneh. 2003. Remote Timing Attacks Are Practical. In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12 (SSYM'03). USENIX Association, Berkeley, CA, USA, 1--1. http://dl.acm.org/citation.cfm?id=1251353.1251354

Digital Library

[13]

Robert Callan, Farnaz Behrang, Alenka Zajic, Milos Prvulovic, and Alessandro Orso. 2016. Zero-overhead Profiling via EM Emanations. In Proceedings of the 25th International Symposium on Software Testing and Analysis (ISSTA 2016). ACM, New York, NY, USA, 401--412.

Digital Library

[14]

Davide Canali, Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, and Engin Kirda. 2012. A Quantitative Study of Accuracy in System Call-based Malware Detection. In Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA 2012). ACM, New York, NY, USA, 122--132.

Digital Library

[15]

Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. 1999. Towards Sound Approaches to Counteract Power-Analysis Attacks. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '99). Springer-Verlag, London, UK, UK, 398--412. http://dl.acm.org/citation.cfm?id=646764.703964

Digital Library

[16]

ShaneS. Clark, Hossen Mustafa, Benjamin Ransford, Jacob Sorber, Kevin Fu, and Wenyuan Xu. 2013. Current Events: Identifying Webpages by Tapping the Electrical Outlet. In Computer Security- ESORICS 2013. Lecture Notes in Computer Science, Vol. 8134. 700--717.

[17]

Shane S. Clark, Benjamin Ransford, and Kevin Fu. 2012. Potentia Est Scientia: Security and Privacy Implications of Energy-proportional Computing. In Proceedings of the 7th USENIX Conference on Hot Topics in Security (HotSec'12). USENIX Association, Berkeley, CA, USA, 3--3. http://dl.acm.org/citation.cfm?id=2372387.2372390

Digital Library

[18]

Shane S. Clark, Benjamin Ransford, Amir Rahmati, Shane Guineau, Jacob Sorber, Kevin Fu, and Wenyuan Xu. 2013. WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices. In Proceedings of the 2013 USENIX Conference on Safety, Security, Privacy and Interoperability of Health Information Technologies (HealthTech'13). USENIX Association, Berkeley, CA, USA, 9--9. http://dl.acm.org/citation.cfm?id=2696523.2696532

Digital Library

[19]

Bart Coppens, Ingrid Verbauwhede, Koen De Bosschere, and Bjorn De Sutter. 2009. Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy (SP '09). IEEE Computer Society, Washington, DC, USA, 45--60.

Digital Library

[20]

Sanjeev Das, Yang Liu, Wei Zhang, and Mahintham Chandramohan. 2016. Semantics-Based Online Malware Detection: Towards Efficient Real-Time Protection Against Malware. IEEE Transactions on Information Forensics and Security 11, 2 (Feb 2016), 289--302.

[21]

Lucas Davi, Matthias Hanreich, Debayan Paul, Ahmad-Reza Sadeghi, Patrick Koeberl, Dean Sullivan, Orlando Arias, and Yier Jin. 2015. HAFIX: Hardware-assisted Flow Integrity Extension. In Proceedings of the 52Nd Annual Design Automation Conference (DAC '15). ACM, New York, NY, USA, Article 74, 6 pages.

Digital Library

[22]

Lucas Davi, Patrick Koeberl, and Ahmad-Reza Sadeghi. 2014. Hardware-Assisted Fine-Grained Control-Flow Integrity: Towards Efficient Protection of Embedded Systems Against Software Exploitation. In Proceedings of the 51st Annual Design Automation Conference (DAC '14). ACM, New York, NY, USA, Article 133, 6 pages.

Digital Library

[23]

John Demme, Matthew Maycock, Jared Schmitz, Adrian Tang, Adam Waksman, Simha Sethumadhavan, and Salvatore Stolfo. 2013. On the Feasibility of Online Malware Detection with Performance Counters. In Proceedings of the 40th Annual International Symposium on Computer Architecture (ISCA '13). ACM, New York, NY, USA, 559--570.

Digital Library

[24]

Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee. 2008. Ether: Malware Analysis via Hardware Virtualization Extensions. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS '08). ACM, New York, NY, USA, 51--62.

Digital Library

[25]

Ken Dunham. 2003. Evaluating Anti-Virus Software: Which Is Best? Information Systems Security 12, 3 (2003), 17--28.

[26]

Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2008. A Survey on Automated Dynamic Malware-analysis Techniques and Tools. ACM Comput. Surv. 44, 2, Article 6 (March 2008), 42 pages.

Digital Library

[27]

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2010. TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones. (2010), 393--407. http://dl.acm.org/citation.cfm?id=1924943.1924971

Digital Library

[28]

Aurélien Francillon and Claude Castelluccia. 2008. Code Injection Attacks on Harvard-architecture Devices. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS '08). ACM, New York, NY, USA, 15--26.

Digital Library

[29]

Karine Gandolfi, Christophe Mourtel, and Francis Olivier. 2001. Electromagnetic Analysis: Concrete Results. In Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems (CHES '01). Springer-Verlag, London, UK, UK, 251--261. http://dl.acm.org/citation.cfm?id=648254.752700

Digital Library

[30]

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer. 2015. Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation. In Cryptographic Hardware and Embedded Systems -- CHES 2015: 17th International Workshop, Saint-Malo, France, September 13-16, 2015, Proceedings, Tim Güneysu and Helena Handschuh (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 207--228.

[31]

Daniel Genkin, Itamar Pipman, and Eran Tromer. 2014. Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs. In Proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems --- CHES 2014 - Volume 8731. Springer-Verlag New York, Inc., New York, NY, USA, 242--260.

Digital Library

[32]

Daniel Genkin, Adi Shamir, and Eran Tromer. 2014. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis. In Advances in Cryptology -- CRYPTO 2014: 34th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2014, Proceedings, Part I. Springer Berlin Heidelberg, Berlin, Heidelberg, 444--461.

[33]

Louis Goubin and Jacques Patarin. 1999. DES and Differential Power Analysis (The "Duplication" Method). In Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems (CHES '99). Springer-Verlag, London, UK, UK, 158--172. http://dl.acm.org/citation.cfm?id=648252.752372

Digital Library

[34]

Dale I Foreman Gregory W Corder. 2011. Nonparametric Statistics for Non-Statisticians: A Step-by-Step Approach. Wiley. https://books.google.com/books?id=T3qOqdpSz6YC

[35]

Kent Griffin, Scott Schneider, Xin Hu, and Tzi-Cker Chiueh. 2009. Automatic Generation of String Signatures for Malware Detection. In Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection (RAID '09). Springer-Verlag, Berlin, Heidelberg, 101--120.

Digital Library

[36]

Matthew R Guthaus, Jeffrey S Ringenberg, Dan Ernst, Todd M Austin, Trevor Mudge, and Richard B Brown. 2001. MiBench: A Free, Commercially Representative Embedded Benchmark Suite. In Proceedings of the Workload Characterization, 2001. WWC-4. 2001 IEEE International Workshop (WWC '01). IEEE Computer Society, Washington, DC, USA, 3--14.

Digital Library

[37]

Yu-ichi Hayashi, Naofumi Homma, Takaaki Mizuki, Haruki Shimada, Takafumi Aoki, Hideaki Sone, Laurent Sauvage, and Jean-Luc Danger. 2013. Efficient Evaluation of EM Radiation Associated With Information Leakage From Cryptographic Devices. IEEE Transactions on Electromagnetic Compatibility 55, 3 (June 2013), 555--563.

[38]

Harold Joseph Highland. 1986. Random Bits & Bytes: Electromagnetic Radiation Revisited. Comput. Secur. 5, 2 (June 1986), 85--93.

Digital Library

[39]

TD Huang, Wen-Sheng Wang, and Kuo-Lung Lian. 2015. A New Power Signature for Nonintrusive Appliance Load Monitoring. IEEE Transactions on Smart Grid 6, 4 (July 2015), 1994--1995.

[40]

Kelly Hughes and Yanzhen Qu. 2014. Performance Measures of Behavior-Based Signatures: An Anti-malware Solution for Platforms with Limited Computing Resource. In Proceedings of the 2014 Ninth International Conference on Availability, Reliability and Security (ARES '14). IEEE Computer Society, Washington, DC, USA, 303--309.

Digital Library

[41]

Mikhail Kazdagli, Vijay Janapa Reddi, and Mohit Tiwari. 2016. Quantifying and improving the efficiency of hardware-based mobile malware detectors. In 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 1--13.

[42]

Keysight-Technologies. 2016. DSOS804A High-Definition Oscilloscope: 8 GHz, 4 Analog Channels. (April 2016). Retrieved April 1, 2016 from "http://www.keysight.com/en/pdx-x202073-pn-DSOS804A/high-definition-oscilloscope-8-ghz-4-analog-channels?cc=US&lc=eng".

[43]

Mohammad Maifi Hasan Khan, Hieu K. Le, Michael LeMay, Parya Moinzadeh, Lili Wang, Yong Yang, Dong K. Noh, Tarek Abdelzaher, Carl A. Gunter, Jiawei Han, and Xin Jin. 2010. Diagnostic Powertracing for Sensor Node Failure Analysis. In Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN '10). ACM, New York, NY, USA, 117--128.

Digital Library

[44]

Hahnsang Kim, Joshua Smith, and Kang G. Shin. 2008. Detecting Energy-greedy Anomalies and Mobile Malware Variants. In Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services (MobiSys '08). ACM, New York, NY, USA, 239--252.

Digital Library

[45]

Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. STEALTHMEM: System-level Protection Against Cache-based Side Channel Attacks in the Cloud. In Proceedings of the 21st USENIX Conference on Security Symposium (Security'12). USENIX Association, Berkeley, CA, USA, 11--11. http://dl.acm.org/citation.cfm?id=2362793.2362804

Digital Library

[46]

Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors. In Proceeding of the 41st Annual International Symposium on Computer Architecuture (ISCA '14). IEEE Press, Piscataway, NJ, USA, 361--372. http://dl.acm.org/citation.cfm?id=2665671.2665726

Digital Library

[47]

Paul C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '96). Springer-Verlag, London, UK, UK, 104--113. http://dl.acm.org/citation.cfm?id=646761.706156

Digital Library

[48]

Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '99). Springer-Verlag, London, UK, UK, 388--397. http://dl.acm.org/citation.cfm?id=646764.703989

[49]

Markus Guenther Kuhn. 2003. Compromising emanations: eavesdropping risks of computer displays. (dec 2003). Retrieved:http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.pdf

[50]

Markus Guenther Kuhn. 2013. Compromising Emanations of LCD TV Sets. IEEE Transactions on Electromagnetic Compatibility 55, 3 (June 2013), 564--570.

[51]

Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-Level Cache Side-Channel Attacks Are Practical. In Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP '15). IEEE Computer Society, Washington, DC, USA, 605--622.

Digital Library

[52]

Shufu Mao and Tilman Wolf. 2007. Hardware Support for Secure Processing in Embedded Systems. In Proceedings of the 44th Annual Design Automation Conference (DAC '07). ACM, New York, NY, USA, 483--488.

Digital Library

[53]

Frank J Massey Jr. 1951. The Kolmogorov-Smirnov test for goodness of fit. Journal of the American statistical Association 46, 253 (1951), 68--78.

[54]

Gary McGraw and Greg Morrisett. 2000. Attacking Malicious Code: A Report to the Infosec Research Council. IEEE Softw. 17, 5 (Sept. 2000), 33--41.

Digital Library

[55]

Thomas S. Messerges, Ezzy A. Dabbish, and Robert H. Sloan. 1999. Power Analysis Attacks of Modular Exponentiation in Smartcards. In Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems (CHES '99). Springer-Verlag, London, UK, UK, 144--157. http://dl.acm.org/citation.cfm?id=648252.752374

Digital Library

[56]

Aziz Mohaisen and Omar Alrawi. 2014. AV-Meter: An Evaluation of Antivirus Scans and Labels. Springer International Publishing, Cham, 112--131.

[57]

James Newsome and Dawn Xiaodong Song. 2005. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2005, San Diego, California, USA.

[58]

Meltem Ozsoy, Caleb Donovick, Iakov Gorelik, Nael Abu-Ghazaleh, and Dmitry Ponomarev. 2015. Malware-aware processors: A framework for efficient online malware detection. In 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA). 651--661.

[59]

Meltem Ozsoy, Khaled N Khasawneh, Caleb Donovick, Iakov Gorelik, Nael Abu-Ghazaleh, and Dmitry Ponomarev. 2016. Hardware-Based Malware Detection Using Low-Level Architectural Features. IEEE Trans. Comput. 65, 11 (Nov 2016), 3332--3344.

Digital Library

[60]

Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. 2013. Transparent ROP Exploit Mitigation Using Indirect Branch Tracing. In Proceedings of the 22Nd USENIX Conference on Security (SEC'13). USENIX Association, Berkeley, CA, USA, 447--462. http://dl.acm.org/citation.cfm?id=2534766.2534805

Digital Library

[61]

Bryan D. Payne, Martim Carbone, Monirul Sharif, and Wenke Lee. 2008. Lares: An Architecture for Secure Active Monitoring Using Virtualization. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP '08). IEEE Computer Society, Washington, DC, USA, 233--247.

Digital Library

[62]

Naser Peiravian and Xingquan Zhu. 2013. Machine Learning for Android Malware Detection Using Permission and API Calls. In Proceedings of the 2013 IEEE 25th International Conference on Tools with Artificial Intelligence (ICTAI '13). IEEE Computer Society, Washington, DC, USA, 300--305.

Digital Library

[63]

Thomas Plos, Michael Hutter, and Christoph Herbst. 2008. Enhancing side-channel analysis with low-cost shielding techniques. In Proceedings of Austrochip. Retrieved from "https://online.tugraz.at/tug_online/voe_main2.getvolltext?pCurrPk=38353".

[64]

Francois Poucheret, Lyonel Barthe, Pascal Benoit, Lionel Torres, Philippe Maurine, and Michel Robert. 2010. Spatial EM jamming: A countermeasure against EM Analysis?. In 2010 18th IEEE/IFIP International Conference on VLSI and System-on-Chip. 105--110.

[65]

Roshan G Ragel and Sri Parameswaran. 2006. IMPRES: integrated monitoring for processor reliability and security. In 2006 43rd ACM/IEEE Design Automation Conference. 502--505.

Digital Library

[66]

Mehryar Rahmatian, Hessam Kooti, Ian G Harris, and Elaheh Bozorgzadeh. 2012. Hardware-Assisted Detection of Malicious Software in Embedded Systems. IEEE Embedded Systems Letters 4, 4 (Dec 2012), 94--97.

Digital Library

[67]

Glen Reinman and Norman P Jouppi. 2000. CACTI 2.0: An integrated cache timing and power model. Western Research Lab Research Report 7 (2000).

[68]

Jose Renau, Basilio Fraguela, James Tuck, Wei Liu, Milos Prvulovic, Luis Ceze, Smruti Sarangi, Paul Sack, Karin Strauss, and Pablo Montesinos. 2005. SESC simulator. (January 2005). http://sesc.sourceforge.net.

[69]

Werner Schindler. 2000. A Timing Attack Against RSA with the Chinese Remainder Theorem. In Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems (CHES '00). Springer-Verlag, London, UK, UK, 109--124. http://dl.acm.org/citation.cfm?id=648253.752399

Digital Library

[70]

Colin Schmidt. 2014. Low Level Virtual Machine (LLVM). (Feb 2014). Retrieved on April 1 from https://github.com/llvm-mirror/llvm.

[71]

Nader Sehatbakhsh, Alireza Nazari, Alenka Zajic, and Milos Prvulovic. 2016. Spectral profiling: Observer-effect-free profiling by monitoring EM emanations. In 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 1--11.

[72]

Hidenori Sekiguchi and S Seto. 2008. Proposal of an Information Signal Measurement Method in Display Image Contained in Electromagnetic Noise Emanated from a Personal Computer. (May 2008), 1859--1863.

[73]

Hidenori Sekiguchi and S Seto. 2013. Study on Maximum Receivable Distance for Radiated Emission of Information Technology Equipment Causing Information Leakage. IEEE Transactions on Electromagnetic Compatibility 55, 3 (June 2013), 547--554.

[74]

Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek. 2016. HDFI: Hardware-Assisted Data-Flow Isolation. In 2016 IEEE Symposium on Security and Privacy (SP). 1--17.

[75]

G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. 2004. Secure Program Execution via Dynamic Information Flow Tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XI). ACM, New York, NY, USA, 85--96.

Digital Library

[76]

Yasunao Suzuki and Yoshiharu Akiyama. 2010. Jamming technique to prevent information leakage caused by unintentional emissions of PC video signals. In 2010 IEEE International Symposium on Electromagnetic Compatibility. 132--137.

[77]

Hidema Tanaka. 2007. Information Leakage via Electromagnetic Emanations and Evaluation of Tempest Countermeasures. In Proceedings of the 3rd International Conference on Information Systems Security (ICISS'07). Springer-Verlag, Berlin, Heidelberg, 167--179. http://dl.acm.org/citation.cfm?id=1779274.1779292

Digital Library

[78]

Adrian Tang, Simha Sethumadhavan, and Salvatore J. Stolfo. 2014. Unsupervised Anomaly-Based Malware Detection Using Hardware Features. Springer International Publishing, Cham, 109--129.

[79]

Guru Venkataramani, Ioannis Doudalis, Yan Solihin, and Milos Prvulovic. 2008. FlexiTaint: A programmable accelerator for dynamic taint propagation. In 2008 IEEE 14th International Symposium on High Performance Computer Architecture. 173--184.

[80]

Zhenghong Wang and Ruby B. Lee. 2007. New Cache Designs for Thwarting Software Cache-based Side Channel Attacks. In Proceedings of the 34th Annual International Symposium on Computer Architecture (ISCA '07). ACM, New York, NY, USA, 494--505.

Digital Library

[81]

Yubin Xia, Yutao Liu, Haibo Chen, and Binyu Zang. 2012. CFIMon: Detecting Violation of Control Flow Integrity Using Performance Counters. In Proceedings of the 2012 42Nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (DSN '12). IEEE Computer Society, Washington, DC, USA, 1--12. http://dl.acm.org/citation.cfm?id=2354410.2355130

Digital Library

[82]

Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-channel Attack. In Proceedings of the 23rd USENIX Conference on Security Symposium (SEC'14). USENIX Association, Berkeley, CA, USA, 719--732. http://dl.acm.org/citation.cfm?id=2671225.2671271

Digital Library

[83]

Ilsun You and Kangbin Yim. 2010. Malware Obfuscation Techniques: A Brief Survey. In Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA '10). IEEE Computer Society, Washington, DC, USA, 297--300.

Digital Library

[84]

A. Zajic and M. Prvulovic. 2014. Experimental Demonstration of Electromagnetic Information Leakage From Modern Processor-Memory Systems. IEEE Transactions on Electromagnetic Compatibility 56, 4 (Aug 2014), 885--893.

[85]

Mingwei Zhang and R. Sekar. 2013. Control Flow Integrity for COTS Binaries. In Proceedings of the 22Nd USENIX Conference on Security (SEC'13). USENIX Association, Berkeley, CA, USA, 337--352. http://dl.acm.org/citation.cfm?id=2534766.2534796

Digital Library

[86]

Ziqiao Zhou, Michael K. Reiter, and Yinqian Zhang. 2016. A Software Approach to Defeating Side Channels in Last-Level Caches. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). ACM, New York, NY, USA, 871--882.

Digital Library

Cited By

Cui MXie BWang QXiong JGanesan DShi W(2024)EVLeSen: In-Vehicle Sensing with EV-Leaked SignalProceedings of the 30th Annual International Conference on Mobile Computing and Networking10.1145/3636534.3649389(679-693)Online publication date: 29-May-2024
https://dl.acm.org/doi/10.1145/3636534.3649389
Zhang TTehranipoor MFarahmandi F(2024)TrustGuard: Standalone FPGA-Based Security Monitoring Through Power Side-ChannelIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2023.333587632:2(319-332)Online publication date: Feb-2024
https://doi.org/10.1109/TVLSI.2023.3335876
Ji XZhang JZou SChen YQu GXu W(2024)MagView++: Data Exfiltration via CPU Magnetic Signals Under Video DecodingIEEE Transactions on Mobile Computing10.1109/TMC.2023.326240023:3(2486-2503)Online publication date: Mar-2024
https://doi.org/10.1109/TMC.2023.3262400
Show More Cited By

Index Terms

EDDIE: EM-Based Detection of Deviations in Program Execution
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation

Recommendations

EDDIE: EM-Based Detection of Deviations in Program Execution
ISCA'17

This paper describes EM-Based Detection of Deviations in Program Execution (EDDIE), a new method for detecting anomalies in program execution, such as malware and other code injections, without introducing any overheads, adding any hardware support, ...
RHMD: evasion-resilient hardware malware detectors
MICRO-50 '17: Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture

Hardware Malware Detectors (HMDs) have recently been proposed as a defense against the proliferation of malware. These detectors use low-level features, that can be collected by the hardware performance monitoring units on modern CPUs to detect malware ...
A Brain-inspired Approach for Malware Detection using Sub-semantic Hardware Features
GLSVLSI '23: Proceedings of the Great Lakes Symposium on VLSI 2023

Despite significant efforts to enhance the resilience of computer systems against malware attacks, the abundance of exploitable vulnerabilities remains a significant challenge. While preventing compromises is difficult, traditional signature-based static ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ISCA '17: Proceedings of the 44th Annual International Symposium on Computer Architecture

June 2017

736 pages

ISBN:9781450348928

DOI:10.1145/3079856

ACM SIGARCH Computer Architecture News Volume 45, Issue 2
ISCA'17
May 2017
715 pages
ISSN:0163-5964
DOI:10.1145/3140659
Editor:
Babak Falsafi
Interim
Issue’s Table of Contents

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

IEEE: IEEE Computer Society Technical Committee on Design Automation
SIGARCH: ACM Special Interest Group on Computer Architecture

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ISCA '17

Sponsor:

IEEE
SIGARCH

ISCA '17: The 44th Annual International Symposium on Computer Architecture

June 24 - 28, 2017

ON, Toronto, Canada

Acceptance Rates

ISCA '17 Paper Acceptance Rate 54 of 322 submissions, 17%;

Overall Acceptance Rate 543 of 3,203 submissions, 17%

Upcoming Conference

ISCA '25

Sponsor:
sigarch

The 52nd Annual International Symposium on Computer Architecture

June 21 - 25, 2025

Tokyo , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

87
Total Citations
View Citations
814
Total Downloads

Downloads (Last 12 months)78
Downloads (Last 6 weeks)9

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cui MXie BWang QXiong JGanesan DShi W(2024)EVLeSen: In-Vehicle Sensing with EV-Leaked SignalProceedings of the 30th Annual International Conference on Mobile Computing and Networking10.1145/3636534.3649389(679-693)Online publication date: 29-May-2024
https://dl.acm.org/doi/10.1145/3636534.3649389
Zhang TTehranipoor MFarahmandi F(2024)TrustGuard: Standalone FPGA-Based Security Monitoring Through Power Side-ChannelIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2023.333587632:2(319-332)Online publication date: Feb-2024
https://doi.org/10.1109/TVLSI.2023.3335876
Ji XZhang JZou SChen YQu GXu W(2024)MagView++: Data Exfiltration via CPU Magnetic Signals Under Video DecodingIEEE Transactions on Mobile Computing10.1109/TMC.2023.326240023:3(2486-2503)Online publication date: Mar-2024
https://doi.org/10.1109/TMC.2023.3262400
Arkannezhad FAghanoury PFeng JKhalili HSehatbakhsh N(2024)SideGuard: Non-Invasive On-Chip Malware Detection in Heterogeneous IoT Systems by Leveraging Side-Channels2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00030(253-259)Online publication date: 23-May-2024
https://doi.org/10.1109/SPW63631.2024.00030
Wüstrich LGallenmüller SGünther SCarle GPahl M(2024)Shells Bells: Cyber-Physical Anomaly Detection in Data CentersNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575124(1-10)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575124
Ibrahim OSciancalepore SDi Pietro R(2024)MAG-PUFs: Authenticating IoT devices via electromagnetic physical unclonable functions and deep learningComputers & Security10.1016/j.cose.2024.103905143(103905)Online publication date: Aug-2024
https://doi.org/10.1016/j.cose.2024.103905
Iyer VYilmaz A(2023)Estimating Near-Field Signals Emanated by Embedded Systems Using Data-Dependent EM Profiles as Basis Functions2023 IEEE USNC-URSI Radio Science Meeting (Joint with AP-S Symposium)10.23919/USNC-URSI54200.2023.10289303(5-6)Online publication date: 23-Jul-2023
https://doi.org/10.23919/USNC-URSI54200.2023.10289303
Mei WLiu WChen JLi K(2023)A physical signal-based anomaly detection for industrial terminalProceedings of the 2023 7th International Conference on Electronic Information Technology and Computer Engineering10.1145/3650400.3650508(651-658)Online publication date: 20-Oct-2023
https://dl.acm.org/doi/10.1145/3650400.3650508
Iyer VThimmaiah AOrshansky MGerstlauer AYilmaz A(2023)A Hierarchical Classification Method for High-accuracy Instruction Disassembly with Near-field EM MeasurementsACM Transactions on Embedded Computing Systems10.1145/362916723:1(1-21)Online publication date: 25-Oct-2023
https://dl.acm.org/doi/10.1145/3629167
Gupta PTalukder ZAbir TNguyen PIslam MEskicioglu RHuang PPatwari N(2023)Enabling Low-Cost Server-Level Power Monitoring in Data Centers Using Conducted EMIProceedings of the 21st ACM Conference on Embedded Networked Sensor Systems10.1145/3625687.3625801(237-250)Online publication date: 12-Nov-2023
https://dl.acm.org/doi/10.1145/3625687.3625801
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents