Lightweight intrusion detection for resource-constrained embedded control systems

IFIP Advances in Information and Communication Technology

Volumn 367, Issue , 2011, Pages 31-46

  Reeves, Jason ^a   Ramaswamy, Ashwin ^b   Locasto, Michael ^c   Bratus, Sergey ^a   Smith, Sean ^a  

^a DARTMOUTH COLLEGE   (United States)

^b Bloomberg LP   (United States)

^c UNIVERSITY OF CALGARY   (Canada)

Author keywords

Embedded control systems; Intrusion detection

Indexed keywords

CONTROL SYSTEMS; CRITICAL INFRASTRUCTURES; EMBEDDED SYSTEMS; PUBLIC WORKS;

DESIGN AND IMPLEMENTATIONS; EMBEDDED CONTROL SYSTEMS; EXPERIMENTAL TEST; HOST-BASED INTRUSION DETECTION; HOST-BASED INTRUSION DETECTION SYSTEM; RESOURCE RESTRICTIONS; TIMING REQUIREMENTS; TRACING FRAMEWORK;

INTRUSION DETECTION;

EID: 84958770645     PISSN: 18684238     EISSN: 1868422X     Source Type: Book Series    
DOI: 10.1007/978-3-642-24864-1_3     Document Type: Conference Paper

References (39)

1. M. Abadi, M. Budiu, U. Erlingsson and J. Ligatti, Control flow integrity: Principles, implementations and applications, ACM Transactions on Information and System Security, vol. 13(1), pp. 4:1–40, 2009.
2. S. Bratus, M. Locasto, A. Ramaswamy and S. Smith, VM-based security overkill: A lament for applied systems security research, Proceedings of the New Security Paradigms Workshop, pp. 51–60, 2010.
3. B. Cantrill, M. Shapiro and A. Leventhal, Dynamic instrumentation of production systems, Proceedings of the USENIX Annual Technical Conference, pp. 15–28, 2004.
4. N. Falliere, L. O’Murchu and E. Chien, W32.Stuxnet Dossier, Symantec, Mountain View, California (www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/w32stuxnetdossier.pdf), 2011.
5. S. Forrest, S. Hofmeyr, A. Somayaji and T. Longstaff, A sense of self for Unix processes, Proceedings of the IEEE Symposium on Security and Privacy, pp. 120–128, 1996.
6. B. Hicks, S. Rueda, T. Jaeger and P. McDaniel, From trusted to secure: Building and executing applications that enforce system security, Proceedings of the USENIX Annual Technical Conference, 2007.
7. Institute of Electrical and Electronics Engineers, IEEE 1646-2004 Standard: Communication Delivery Time Performance Requirements for Electric Power Substation Automation, Piscataway, New Jersey, 2004.
8. X. Jiang, X. Wang and D. Xu, Stealthy malware detection through VMMbased “out-of-the-box” semantic view reconstruction, Proceedings of the Fourteenth ACM Conference on Computer and Communications Security, pp. 128–138, 2007.
9. C. Kolbitsch, P. Comparetti, C. Kruegel, E. Kirda, X. Zhou and X. Wang, Effective and efficient malware detection at the end host, Proceedings of the Eighteenth USENIX Security Symposium, pp. 351–366, 2009.
10. B. Lee, S. Moon and Y. Lee, Application-specific packet capturing using kernel probes, Proceedings of the Eleventh IFIP/IEEE International Conference on Symposium on Integrated Network Management, pp. 303–306, 2009.
11. M. LeMay and C. Gunter, Cumulative attestation kernels for embedded systems, Proceedings of the Fourteenth European Symposium on Research in Computer Security, pp. 655–670, 2009.
12. J. Levine, J. Grizzard and H. Owen, A methodology to detect and characterize kernel level rootkit exploits involving redirection of the system call table, Proceedings of the Second IEEE International Information Assurance Workshop, pp. 107–125, 2004.
13. L. Litty, H. Lagar-Cavilla and D. Lie, Hypervisor support for identifying covertly executing binaries, Proceedings of the Seventeenth USENIX Security Symposium, pp. 243–258, 2008.
14. A. Mavinakayanahalli, P. Panchamukhi, J. Keniston, A. Keshavamurthy and M. Hiramatsu, Probing the guts of Kprobes, Proceedings of the Linux Symposium, vol. 2, pp. 109–124, 2006.
15. L. McVoy and C. Staelin, lmbench: Portable tools for performance analysis, Proceedings of the USENIX Annual Technical Conference, 1996.
16. T. Mittner, Exploiting gresecurity/PaX with Dan Rosenberg and Jon Oberheide (resources.infosecinstitute.com/exploiting-gresecuritypax), May 18, 2011.
17. I. Molnar, NX (No eXecute) support for x86, 2.6.7-rc2-bk2, Linux Kernel Mailing List (lkml.org/lkml/2004/6/2/228), June 2, 2004.
18. Motorola Solutions, ACE3600 Specifications Sheet, Schaumburg, Illinois (www.motorola.com/web/Business/Products/SCADA%20Products/ACE3600/%5FDocuments/Static%20Files/ACE3600%20Specifications%20Sheet.pdf?pLibItem=1), 2009.
19. Openwall, Linux kernel patch from the Openwall Project (www.openwall.com/linux).
20. PaX Team, Homepage (pax.grsecurity.net).
21. B. Payne, M. Carbone, M. Sharif and W. Lee, Lares: An architecture for secure active monitoring using virtualization, Proceedings of the IEEE Symposium on Security and Privacy, pp. 233–247, 2008.
22. N. Petroni, T. Fraser, J. Molina and W. Arbaugh, Copilot – A coprocessorbased kernel runtime integrity monitor, Proceedings of the Thirteenth USENIX Security Symposium, pp. 179–194, 2004.
23. N. Petroni and M. Hicks, Automated detection of persistent kernel control flow attacks, Proceedings of the Fourteenth ACM Conference on Computer and Communications Security, pp. 103–115, 2007.
24. phrack.org, Phrack, no. 50 (www.phrack.org/issues.html?issue=50), April 9, 2007.
25. pragmatic/THC, (Nearly) complete Linux loadable kernel modules (dl.pac ketstormsecurity.net/docs/hack/LKM HACKING.html), 1999.
26. V. Prasad, W. Cohen, F. Eigler, M. Hunt, J. Keniston and B. Chen, Locating system problems using dynamic instrumentation, Proceedings of the Linux Symposium, pp. 49–64, 2005.
27. P. Proctor, The Practical Intrusion Detection Handbook, Prentice-Hall, Upper Saddle River, New Jersey, 2001.
28. A. Ramaswamy, Autoscopy: Detecting Pattern-Searching Rootkits via Control Flow Tracing, Master’s Thesis, Department of Computer Science, Dartmouth College, Hanover, New Hampshire, 2009.
29. R. Riley, X. Jiang and D. Xu, Guest-transparent prevention of kernel rootkits with VMM-based memory shadowing, Proceedings of the Eleventh International Symposium on Recent Advances in Intrusion Detection, pp. 1–20, 2008.
30. Schweitzer Engineering Laboratories, Home, Pullman, Washington (www.selinc.com).
31. Schweitzer Engineering Laboratories, SEL-3354 Embedded Automation Computing Platform Data Sheet, Pullman, Washington (www.selinc.com/WorkArea/DownloadAsset.aspx?id=6196), 2011.
32. D. Singh and W. Kaiser, The Atom LEAP Platform for Energy-Efficient Embedded Computing, Technical Report, Center for Embedded Network Sensing, University of California at Los Angeles, Los Angeles, California, 2010.
33. s0ftpr0ject Team, Tools and Projects (www.s0ftpj.org/en/tools.html).
34. R. Sommer and V. Paxson, Outside the closed world: On using machine learning for network intrusion detection, Proceedings of the IEEE Symposium on Security and Privacy, pp. 305–316, 2010.
35. SourceForge.net, Linux Test Project (ltp.sourceforge.net).
36. Standard Performance Evaluation Corporation, SPEC CPU2000 Benchmark Suite, Gainesville, Florida (www.spec.org/cpu2000), 2007.
37. V. Thampi, udis86 Disassembler Library for x86 and x86-64 (udis86.sf.net), 2009.
38. Transmission and Distribution World, About 212 million “smart” electric meters in 2014, says ABI Research (tdworld.com/smart gridautomation/abi-research-smart-meters-0210), February 3, 2010.
39. Z. Wang, X. Jiang, W. Cui and P. Ning, Countering kernel rootkits with lightweight hook protection, Proceedings of the Sixteenth ACM Conference on Computer and Communications Security, pp. 545–554, 2009.