Hybrid slicing: integrating dynamic information with static analysis
ACM Transactions on Software Engineering and Methodology (TOSEM)
Tracking down software bugs using automatic anomaly detection
Proceedings of the 24th International Conference on Software Engineering
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Security in embedded systems: Design challenges
ACM Transactions on Embedded Computing Systems (TECS)
Mobility-based anomaly detection in cellular mobile networks
Proceedings of the 3rd ACM workshop on Wireless security
Efficient incremental algorithms for dynamic detection of likely invariants
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Towards an Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computing Devices
PERCOMW '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops
Host-Based Intrusion Detection for Advanced Mobile Devices
AINA '06 Proceedings of the 20th International Conference on Advanced Information Networking and Applications - Volume 02
SPiKE: engineering malware analysis tools using unobtrusive binary-instrumentation
ACSC '06 Proceedings of the 29th Australasian Computer Science Conference - Volume 48
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
Lares: An Architecture for Secure Active Monitoring Using Virtualization
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Dynamic Binary Instrumentation-Based Framework for Malware Defense
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
IDAMN: an intrusion detection architecture for mobile networks
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
The incidence of malicious code and software vulnerability exploits on embedded platforms is constantly on the rise. Yet, little effort is being devoted to combating such threats to embedded systems. Moreover, adapting security approaches designed for general-purpose systems generally fails because of the limited processing capabilities of their embedded counterparts. In this work, we evaluate a malware and software vulnerability exploit defense framework for embedded systems. The proposed framework extends our prior work, which defines two isolated execution environments: a testing environment, wherein an untrusted application is first tested using dynamic binary instrumentation (DBI), and a real environment, wherein a program is monitored at runtime using an extracted behavioral model, along with a continuous learning process. We present a suite of software and hardware optimizations to reduce the overheads induced by the defense framework on embedded systems. Software optimizations include the usage of static analysis, complemented with DBI in the testing environment (i.e., a hybrid software analysis approach is used). Hardware optimizations exploit parallel processing capabilities of multiprocessor systems-on-chip. We have evaluated the defense framework and proposed optimizations on the ARM-Linux operating system. Experiments demonstrate that our framework achieves a high coverage of considered security threats, with acceptable performance penalties (the average execution time of applications goes up to 1.68X, considering all optimizations, which is much smaller than the 2.72X performance penalty when no optimizations are used).