【 摘 要 】

Software and hardware attacks on embedded and medical devices can cause serious harm if not quickly detected. This dissertation presents techniques based on hardware signatures aiming to address the part of the attack surface which entails inserting malicious hardware circuitry (Hardware Trojans) during the manufacturing process of a digital microchip and maliciously modifying executable code at run-time. On the hardware side, the type of Hardware Trojan (HT) discussed in this work is composed of a few gates and attempts to modify the functionality of the chip. Such types of extremely small HTs are hard to detect using other conventional offline HT detection methods, such as side-channel analysis and digital systems test techniques. Our novel approach, however, focuses on an online method for rapidly detecting HTs at run-time by checking for the correct functionality of the underlying hardware. We present an architecture that addresses these threats by splitting the design into a two-chip approach where we generate signatures in the hardware at the very beginning of data harvesting, and we then check for these signatures during data processing and encryption. In addition, we take advantage of known physiological relationships between medical data to ensure the integrity of the data that is processed by the hardware. On the software side, techniques that detect attacks on application code at run-time typically rely on software due to the ease of implementation and integration. However, these techniques are still vulnerable to the same attacks due to their software nature. In this work, we present a novel hardware-assisted run-time code integrity checking technique where we aim to detect if executable code resident in memory is modified at run-time by an adversary. Specifically, a hardware monitor is designed and attached to the device’s main memory system. The monitor creates page-based signatures (hashes) of the code running on the system at compile-time and stores them in a secure database. It then checks for the integrity of the code pages at run-time by regenerating the page-based hashes (with unmapped regions zeroed out) and comparing them to the legitimate hashes. The goal is for any modification to the binary of a user-level or kernel-level process that is resident in memory to cause a comparison failure and lead to a kernel interrupt which allows the affected application to halt safely. We are able to check the majority of executable code with the exception of a few page table entries to redirect application code to libraries. Our experimental results demonstrate the efficiency and effectiveness of our proposed and implemented techniques. Specifically, our HT detection architecture was able to not only detect HT attacks but also distinguish these attacks from actual health problems. In addition, our run-time code integrity checking technique was able to rapidly detect zero-day malware attacks while introducing minimal resource overhead and negligible performance degradation on applications running on an embedded device such as a heart rate monitoring application.

【 预 览 】

附件列表

Files	Size	Format	View
Medical device security through hardware signatures	14612KB	PDF	download