Spectral profiling: Observer-effect-free profiling by monitoring EM emanations

This paper presents Spectral Profiling, a new method for profiling program execution without instrumenting or otherwise affecting the profiled system. Spectral Profiling monitors EM emanations unintentionally produced by the profiled system, looking for spectral “spikes” produced by periodic program activity (e.g. loops). This allows Spectral Profiling to determine which parts of the program have executed at what time. By analyzing the frequency and shape of the spectral “spike”, Spectral Profiling can obtain additional information such as the per-iteration execution time of a loop. The key advantage of Spectral Profiling is that it can monitor a system as-is, without program instrumentation, system activity, etc. associated with the profiling itself, i.e. it completely eliminates the “Observer's Effect” and allows profiling of programs whose execution is performance-dependent and/or programs that run on even the simplest embedded systems that have no resources or support for profiling. We evaluate the effectiveness of Spectral Profiling by applying it to several benchmarks from MiBench suite on a real system, and also on a cycle-accurate simulator. Our results confirm that Spectral Profiling yields useful information about the runtime behavior of a program, allowing Spectral Profiling to be used for profiling in systems where profiling infrastructure is not available, or where profiling overheads may perturb the results too much (“Observer's Effect”).

[1]  Wenyuan Xu,et al.  WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices , 2013, HealthTech.

[2]  Y. Hayashi,et al.  Analysis of Electromagnetic Information Leakage From Cryptographic Devices With Different Physical Structures , 2013, IEEE Transactions on Electromagnetic Compatibility.

[3]  Thomas Plos,et al.  Enhancing Side-Channel Analysis with Low-Cost Shielding Techniques , 2014 .

[4]  Milos Prvulovic,et al.  Experimental Demonstration of Electromagnetic Information Leakage From Modern Processor-Memory Systems , 2014, IEEE Transactions on Electromagnetic Compatibility.

[5]  Simha Sethumadhavan,et al.  Rapid identification of architectural bottlenecks via precise event counting , 2011, 2011 38th Annual International Symposium on Computer Architecture (ISCA).

[6]  Milos Prvulovic,et al.  A new approach for measuring electromagnetic side-channel energy available to the attacker in modern processor-memory systems , 2015, 2015 9th European Conference on Antennas and Propagation (EuCAP).

[7]  Philippe Clauss,et al.  Profiling Data-Dependence to Assist Parallelization: Framework, Scope, and Optimization , 2012, 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture.

[8]  Pascal Benoit,et al.  Spatial EM jamming: A countermeasure against EM Analysis? , 2010, 2010 18th IEEE/IFIP International Conference on VLSI and System-on-Chip.

[9]  M. G. Kuhn,et al.  Compromising emanations of LCD TV sets , 2011, 2011 IEEE International Symposium on Electromagnetic Compatibility.

[10]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[11]  Norman P. Jouppi,et al.  CACTI 2.0: An Integrated Cache Timing and Power Model , 2002 .

[12]  Michael D. Bond,et al.  Targeted path profiling: lower overhead path profiling for staged dynamic optimization systems , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[13]  Dirk Grunwald,et al.  Identifying potential parallelism via loop-centric profiling , 2007, CF '07.

[14]  Y. Hayashi,et al.  Efficient Evaluation of EM Radiation Associated With Information Leakage From Cryptographic Devices , 2013, IEEE Transactions on Electromagnetic Compatibility.

[15]  Trishul M. Chilimbi,et al.  HOLMES: Effective statistical debugging via efficient path profiling , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[16]  Hidema Tanaka,et al.  Information Leakage Via Electromagnetic Emanations and Evaluation of Tempest Countermeasures , 2007, ICISS.

[17]  Yasunao Suzuki,et al.  Jamming technique to prevent information leakage caused by unintentional emissions of PC video signals , 2010, 2010 IEEE International Symposium on Electromagnetic Compatibility.

[18]  Milos Prvulovic,et al.  FASE: Finding Amplitude-modulated Side-channel Emanations , 2015, 2015 ACM/IEEE 42nd Annual International Symposium on Computer Architecture (ISCA).

[19]  Markus G. Kuhn,et al.  Compromising Emanations , 2002, Encyclopedia of Cryptography and Security.

[20]  Lance M. Berc,et al.  Continuous profiling: where have all the cycles gone? , 1997, TOCS.

[21]  Harold Joseph Highland,et al.  Electromagnetic radiation revisited , 1986, Computers & security.

[22]  Jin Jiang,et al.  Time-frequency feature representation using energy concentration: An overview of recent advances , 2009, Digit. Signal Process..

[23]  Milos Prvulovic,et al.  Comparison of electromagnetic side-channel energy available to the attacker from different computer systems , 2015, 2015 IEEE International Symposium on Electromagnetic Compatibility (EMC).

[24]  Wenyuan Xu,et al.  Current Events: Identifying Webpages by Tapping the Electrical Outlet , 2013, ESORICS.

[25]  James R. Larus,et al.  Efficient path profiling , 1996, Proceedings of the 29th Annual IEEE/ACM International Symposium on Microarchitecture. MICRO 29.

[26]  Qin Zhao,et al.  Pipa: pipelined profiling and analysis on multi-core systems , 2008, CGO 2008.

[27]  Alessandro Orso,et al.  Zero-overhead profiling via EM emanations , 2016, ISSTA.

[28]  Jeffrey H. Reed,et al.  Power fingerprinting in SDR integrity assessment for security and regulatory compliance , 2011 .

[29]  Tadao Nakamura,et al.  On-the-fly detection of precise loop nests across procedures on a dynamic binary translation system , 2011, CF '11.

[30]  Trevor Mudge,et al.  MiBench: A free, commercially representative embedded benchmark suite , 2001 .

[31]  Saumya K. Debray,et al.  Profile-guided code compression , 2002, PLDI '02.

[32]  Hidenori Sekiguchi,et al.  MEASUREMENT OF RADIATED COMPUTER RGB SIGNALS , 2009 .

[33]  Margaret Martonosi,et al.  Wattch: a framework for architectural-level power analysis and optimizations , 2000, Proceedings of 27th International Symposium on Computer Architecture (IEEE Cat. No.RS00201).

[34]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[35]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[36]  Kim M. Hazelwood,et al.  SuperPin: Parallelizing Dynamic Instrumentation for Real-Time Performance , 2007, International Symposium on Code Generation and Optimization (CGO'07).

[37]  H. Sekiguchi,et al.  Study on Maximum Receivable Distance for Radiated Emission of Information Technology Equipment Causing Information Leakage , 2013, IEEE Transactions on Electromagnetic Compatibility.

[38]  Xi Yang,et al.  Computer performance microscopy with Shim , 2015, 2015 ACM/IEEE 42nd Annual International Symposium on Computer Architecture (ISCA).

[39]  Milos Prvulovic,et al.  A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.