Lightweight Intrusion Detection for Resource-Constrained Embedded Control Systems

Securing embedded control systems presents a unique challenge. In addition to the resource restrictions inherent to embedded devices, embedded control systems must accommodate strict, non-negotiable timing requirements, and their massive scale greatly increases other costs such as power consumption. These constraints render conventional host-based intrusion detection – using a hypervisor to create a safe environment under which a monitoring entity can operate – costly and impractical.

[1]  Xuxian Jiang,et al.  Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction , 2007, CCS '07.

[2]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[3]  S. T. Buckland,et al.  An Introduction to the Bootstrap. , 1994 .

[4]  Ashwin Ramaswamy Autoscopy: Detecting Pattern-Searching Rootkits via Control Flow Tracing , 2009 .

[5]  Sergey Bratus,et al.  VM-based security overkill: a lament for applied systems security research , 2010, NSPW '10.

[6]  Xuxian Jiang,et al.  Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing , 2008, RAID.

[7]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[8]  Paul E. Proctor,et al.  Practical Intrusion Detection Handbook , 2000 .

[9]  Christopher Krügel,et al.  Effective and Efficient Malware Detection at the End Host , 2009, USENIX Security Symposium.

[10]  Brad Chen,et al.  Locating System Problems Using Dynamic Instrumentation , 2010 .

[11]  Xuxian Jiang,et al.  Countering kernel rootkits with lightweight hook protection , 2009, CCS.

[12]  William J. Kaiser,et al.  The Atom LEAP Platform For Energy-Efficient Embedded Computing , 2010 .

[13]  Youngseok Lee,et al.  Application-specific packet capturing using kernel probes , 2009, 2009 IFIP/IEEE International Symposium on Integrated Network Management.

[14]  Wenke Lee,et al.  Lares: An Architecture for Secure Active Monitoring Using Virtualization , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[15]  William A. Arbaugh,et al.  Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor , 2004, USENIX Security Symposium.

[16]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[17]  Henry L. Owen,et al.  A methodology to detect and characterize Kernel level rootkit exploits involving redirection of the system call table , 2004, Second IEEE International Information Assurance Workshop, 2004. Proceedings..

[18]  David Lie,et al.  Hypervisor Support for Identifying Covertly Executing Binaries , 2008, USENIX Security Symposium.

[19]  Trent Jaeger,et al.  From Trusted to Secure: Building and Executing Applications That Enforce System Security , 2007, USENIX Annual Technical Conference.

[20]  Bryan Cantrill,et al.  Dynamic Instrumentation of Production Systems , 2004, USENIX Annual Technical Conference, General Track.

[21]  Michael W. Hicks,et al.  Automated detection of persistent kernel control-flow attacks , 2007, CCS '07.

[22]  Michael E. Locasto Autoscopy: Detecting Pattern-Searching Rootkits via Control Flow Tracing , 2009 .

[23]  Ananth Mavinakayanahalli,et al.  Probing the Guts of Kprobes , 2010 .

[24]  Catherine A. Meadows Introduction to ACM TISSEC special issue on CCS 2005 , 2009, TSEC.

[25]  Carl Staelin,et al.  lmbench: Portable Tools for Performance Analysis , 1996, USENIX Annual Technical Conference.

[26]  Carl A. Gunter,et al.  Cumulative Attestation Kernels for Embedded Systems , 2009, IEEE Transactions on Smart Grid.