【 摘 要 】

Verifyingsoftwareintegrityforembeddedsystems,especiallylegacyanddeployedsystems,isvery challenging.Ordinaryintegrityprotectionandverificationmethodsrelyonsophisticatedprocessorsor security hardware, and cannot be applied to many embedded systems due to cost, energy consumption, and inability of update. Furthermore, embedded systems are often small computers on a single chip, making it more difficult to verify integrity without invasive access to the hardware. In this work, we propose “side-channel programming”, a novel method to assist with non-intrusive software integrity checking by transforming code in a functionality-preserving manner while making it possible to verify the internal state of a running device via side-channels. To do so, we first need to accurately profile the side-channel emanations of an embedded device. Using new black-box side-channel profiling techniques, weshowthatitispossibletobuildaccurateside-channelmodelsofaPICmicrocontrollerwithnoprior knowledge of the detailed microcontroller architecture. It even allows us to uncover undocumented behavior of the microcontroller. Then we show how to “side-channel program” the target device in a way that we can verify its internal state from simply measuring the passive side-channel emanations.

【 授权许可】

Unknown