SecureCore_RTAS2013_v3
advertisement
SecureCore: A Multicore-based Intrusion Detection
Architecture for Real-Time Embedded Systems
Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Jung-Eun Kim, Lui Sha
Dept. of Computer Science, UIUC
Information Trust Institute, UIUC
Lawrence Berkeley National Lab
Apr 9th, 2013
Rethinking Real-Time Embedded System Security
Increased
Capability
More
Networked
Open,
Standard
Platform
More
Vulnerable to
Security Attacks
2
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
SecureCore Architecture
Intrusion Detection, not prevention
•Most critical component: control application
•System recovery upon detection
Behavior monitoring
•Predictable timing behaviors of real-time apps
•Profile using statistical learning
SecureCore Architecture
Multicore-based core-to-core monitoring
•On-chip HW for processor state inspection
•Hypervisor-based protection/isolation
3
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Rest of the Talk
• System and Application Model
• Timing-based Intrusion Detection (Overview)
• SecureCore
– Architecture Design
– Timing-based Intrusion Detection (Detail)
• Implementation and Evaluation
• Limitations and Future Work
4
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
System and Application Model
• Multicore-based Real-Time Control System
Time
Controller
Sensor data
Actuation cmd
Threat Model: Malicious code execution
SecureCore
MonitoredCore
• Embedded in the control code
• Activated after system initialization
Actuation cmd
• Irrelevant how it gained entry
Sensor data
SecureCore Architecture
Physical plant
5
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Timing-Based Intrusion Detection
• Idea: Deterministic timing of real-time applications
– Any malicious activity consumes finite time to execute
– Deviation from expected timing → Suspicious!
Block 1
๐๐
Malicious
Code
๐๐
๐๐
Block 3
๐3∗ ≠ ๐3
Block 2
๐๐
Block 6
Block 4
Block 5
๐๐
Observed
Legitimate
๐๐
6
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Timing-Based Intrusion Detection
• Idea: Deterministic timing of real-time applications
– Any malicious activity consumes finite time to execute
– Deviation from expected timing → Suspicious!
Block 1
๐3
๐2
Execution time
variations
๐1
System effects
Control
Block 3
flow path
Input values
(e.g., shared
resource)
Block 2
๐4
Block 6
Block 4
๐6
Block 5
๐5
๐6 |๐๐๐กโ1 = 3๐๐
๐6 |๐๐๐กโ2 = 7๐๐
๐6 |๐๐๐กโ3 = 5๐๐
๐6 |๐๐๐กโ2 , ๐๐๐๐ข๐ก ๐ = 7 ๐๐
๐6 |๐๐๐กโ2 , ๐๐๐๐ข๐ก ๐ = 9 ๐๐
๐6 |๐๐๐กโ2 , ๐๐๐๐ข๐ก ๐ =? ๐๐
7
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Timing-Based Intrusion Detection
• Idea: Deterministic timing of real-time applications
– Any malicious activity consumes finite time to execute
– Deviation from expected timing → Suspicious!
Block 1 ๐1
Statistical learning-based
profiling/detection
๐3 Block 3
Block 2probabilistic execution time model
๐•2 Profile
Execution time
variations
flow path
Input values
(e.g., shared
resource)
0.0020
๐6 |๐๐๐กโ1 = 3๐๐
๐6 |๐๐๐กโ2 = 7๐๐
๐6 |๐๐๐กโ3 = 5๐๐
Block 5 ๐5
๐4 Block 4 variations
• Capture even legitimate
Prob. Density
0.0018
• Estimate Prob(e*)
0.0016
0.0014
0.0012
0.0010
0.0008
0.0006
0.0004
0.0002
Block 6
System effects
Control
๐6
๐6 |๐๐๐กโ2 , ๐๐๐๐ข๐ก ๐ = 3 ๐๐
๐6 |๐๐๐กโ2 , ๐๐๐๐ข๐ก ๐ = 2 ๐๐
0.0000
272000
274000
276000
278000
280000
282000
Execution Time
๐6 |๐๐๐กโ2 , ๐๐๐๐ข๐ก ๐ =? ๐๐
8
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Outline
• System and Application Models
• Timing-based Intrusion Detection (Overview)
• SecureCore
– Architecture Design
– Timing-based Intrusion Detection (Detail)
• Implementation and Evaluation
• Limitations and Future Work
9
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
SecureCore Architecture
Monitored Core
Complex
Controller
Secure Core
Timing
Trace
Module
Scratch
Pad
Memory
Hypervisor
OS
Decision
Module
Secure
Monitor
Safety
Ctrl.
I/O
Proxy
OS
Inter-Core
Communication
Hypervisor
Timing
Scratch
Trace
Pad Memory
Module (SPM)
(TTM)
I/O
Proxy
Secure
Monitor
Simplex
Architecture [Sha, 2001]
•Read
Memory
Stores
processor
a space
sequence
states
separation
of
when
trace
information
I/O
Verify
the
legitimacy
anplant
execution
•• Manages
For
reliable
& to/from
loss-lessofthe
control
•• Trust
aPrevent
Only
trace
base
visible
instruction
to the
is
secure
executed
core
I/O profile
data
obfuscation
Use
timing
Actuation
Command
Sensor
Data
Plant
10
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Timing-Based Intrusion Detection
• Block-level monitoring
Block 1
– Narrowing estimation domain
• Less variation, better accuracy
Block 3
Block 2
– Block boundary: check point
• Detect unexpected flow deviations
Block 4
Block 5
Block 6
11
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
How to Get Timing Profiles
0.0020
Statistical Learning
0.0015
0.0010
0.0005
0.0000
272000 274000 276000 278000 280000 282000
Raw Traces
Trace Tree
Profiles
Block
1
Block
1
Block
3
Block
3
Block
2
Block
2
Block
6
Block
4
Block
5
Block
6
Block
6
Block
6
Block
4
Block
5
Block
6
Block
6
12
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Timing Trace Module
4 Bytes
main() {
INST_REG_PID;
…
INST_ENABLE_TRACE;
…
foo();
...
INST_DISABLE_TRACE;
}
INST_REG_PID
INST_ENABLE_TRACE
INST_DISABLE_TRACE
INST_TRACE
foo() {
INST_TRACE;
Do_something();
INST_TRACE;
Do_something();
INST_TRACE;
}
rlwimi 0,0,0,0,1
rlwimi 0,0,0,0,2
rlwimi 0,0,0,0,3
rlwimi 0,0,0,0,4
Trace Instructions
0x000
PID
0x010
Timestamp j+1
AddrHead
BA
AddrTail
Addr j+1
...
0x8a0
Timestamp i
Addr i
0x8b0
Timestamp i+1
Addr i+1
0x8c0
Timestamp i+2
Addr i+2
...
0xFF0
Timestamp j
Addr j
SPM Layout
- PID
Readregistration
Timestampfor
and
Program Counter
from
the processor
preventing
traces from
being
forged registers
- Addr
– PCi (i.e.,
relative
address from BA)
BA: Base
Address
( = PC
of INST_REG_PID)
i = BA
13
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Raw Traces
INST_TRACE
(Addr1, t1)
Addr1
(Addr2, t2)
(Addr3, t3)
Block 1
INST_TRACE
Addr2
(Addr7, t4)
(Addr1, t5)
Block 3
INST_TRACE
Block 2
Addr4
Addr3 INST_TRACE
(Addr4, t7)
(Addr6, t8)
Block 4
Block 5
INST_TRACE
INST_TRACE
Addr5
Addr7
(Addr2, t6)
Block 6
INST_TRACE
Addr6
(Addr7, t9)
(Addr1, t10)
(Addr2, t11)
(Addr4, t12)
(Addr5, t13)
(Addr7, t14)
…
14
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Trace Tree
Addr1
(Addr2, t2)
t2-t1
t6-t5
t11-t10
(Addr3, t3)
(Addr7, t4)
(Addr1, t10)
Addr7
Addr7
Block 6
Block 6
t14-t13
t9-t8
…
Block 6
t4- t3
Addr6
…
(Addr5, t13)
Each has its own timing
profile
(Addr7, t14)
…
Addr5
…
(Addr
Same execution
block,
2, t11)
but on
different paths.
(Addr
4, t12)
t8-t7
…
Addr3
t13-t12
…
(Addr7, t9)
Addr4
Addr4
Block 4
(Addr6, t8)
Block 3
t3- t2
t7-t6
t12-t11
…
Block 2
Addr2
…
From a trace tree,
we
(Addr
1, tcan
5) get
• Execution (Addr
time samples
(each node)
2, t6)
• Legitimate(Addr
execution
flows
4, t7)
Addr2
Block 5
Block 1
(Addr1, t1)
Addr7
15
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Timing Profile
• What is a good estimation of execution times?
– Min & max, mean, …
• Not representative
• Cannot capture variations well
– Probabilistic timing model
• Estimate the likelihoods of execution times!
– Probability distribution
• Parametric vs. Non-parametric distribution
– Unknown shape
16
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Execution Time Profile Using
Kernel Density Estimation (KDE)
(Figure is from CSCE 666 Pattern Analysis by Ricardo Gutierrez-Osuna at TAMU)
• Non-parametric Probability Density Function Estimation
1. Given samples of execution times
Example
3
2. Draw scaled distribution at each sample point
3. Sum them up
Kernel function
2
Estimated pdf
1
Bandwidth
(Smoothing constant)
- Kernel & bandwidth affect shape and smoothness
- Gaussian kernel
17
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Intrusion Detection Using Timing Profiles
PDF of the Execution Time of an example block
0.0020
How much deviation
should we consider malicious?
0.0018
0.0016
Prob. Density
0.0014
0.0012
Threshold test
0.0010
0.0008
0.0006
0.0004
Prob(๐ ∗ ) < ๐ฝ
Malicious
Prob(๐ ∗ ) ≥ ๐ฝ
Legitimate
0.0002
0.0000
272000 273000 274000 275000 276000 277000 278000 279000 280000 281000 282000
Execution Time
•E.g., ๐ = 0.01 or 0.05
Highly likely
•At least ๐ of measurements were close to ๐ ∗
Multiple peaks: different inputs or system effects
18
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Summary of Timing-Based Intrusion Detection
Monitored Core
Complex
Controller
Secure Core
Timing
Trace
Module
Secure
Monitor
Scratch
Pad
Memory
[Profile]
[Run-time Execution]
(Addr7, ti+4)
Block 3
Block 2
Addr3
Addr7
Addr4
Block 5
(Addr6, ti+3)
Traverse and
check
Addr4
Block 4
Block
5
(Addr4, ti+2)
Addr5
Block 6
Block
4
(Addr2, ti+1)
Block 6
Trace
Block
2
Addr2
Addr2
Addr6
Block 6
(Addr1, ti)
Block
3
Block
6
Block 1
Addr1
Block
1
Addr7
Addr7
19
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Outline
• System and Application Models
• Timing-based Intrusion Detection (Overview)
• SecureCore
– Architecture Design
– Timing-based Intrusion Detection (Detail)
• Implementation and Evaluation
• Limitations and Future Work
20
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Implementation
Host PC
Simics (P4080)
Secure Core
Monitored Core
DM
TTM
SPM
IOP
Linux 2.6.34
LWE
Hypervisor
SC
SM
CC
Inverted
Pendulum (IP)
Dynamics
Byte channel
Serial (tty)
Pseudo Terminal (pts)
Inverted
FreescalePendulum
P4080 on Control
Simics
Controller
and(Core
dynamics
(cart position, rod’s angle)
• Only
two cores
0 and 1)
• Cache
(L1 and
L2) and
bus models
for system effects
Generated
from
Simulink
IP model
• ISA modification for trace instruction
21
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Application Model
• IP Control + FFT (EEMBC)
FFT
Init
0
FFT
Phase #1
PathID = 0
FFT
Phase #3
PathID = 1, 2
Malicious code
FFT
Phase #2
•
•
1 run if PathID = 0, 1
2 runs if PathID = 2
•
•
IP
Control
•
•
+ 1 meter
Injected at the end of FFT Phase #3
Simple loop (some array copy)
• 440, 720, 1000 cycles for 1,3,5 loops
• (FFT Phase#3: ~260,000 cycles)
Activated when the cart passes +0.7 m
Execute randomly thereafter
• Loop execution
• Sends old actuation cmd
Timing Profile
Total exec time: 850,000 ~ 1,200,000 cycles (~1ms)
Control period: 10 ms
•
•
~10,000 runs (no malicious code activation)
‘ksdensity’ (Matlab) for Gaussian KDE
22
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Early Detection
๐ฝ: ๐. ๐๐ (1%)
Loop count: 3 ( ~ 720 cycles)
1.2
1.1
Cart position (meter)
1
Simplex only
0.9
0.8 Attack activated
0.7
No attack
Our method
No protection
0.6
0.5
0.4
0.3
0.2
0.1
0
0
5
10
15
20
25
30
Time (sec)
23
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Intrusion Detection Accuracy
• Criteria: False prediction rates
Real
Predicted
– False positive: predict “malicious” when not
– False negative: fail to detect a real attack
False negative rates
False positive rates
1 loop
3 loops
5 loops
๐ = 0.01
1/1024 (0.10%)
827/1022 (81%)
574/1046 (55%)
130/1098 (12%)
๐ = 0.05
7/1015 (0.69%)
578/1050 (55%)
117/1011 (12%)
0/1024 (0%)
High ๐ฝ
Low ๐ฝ
Probability
Trade off: Low ๐ฝ? High ๐ฝ?
272000
274000
276000
278000
280000
Detect well
More false alarms
Miss often
Fewer false alarms
282000
Execution Time
24
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Limitations and Future Work
• Limitations
– Low detection accuracy for short malicious code
→ More deterministic execution
– Still high false positive
→ Long-term monitoring
• Other future work
– Monitoring multiple applications on multiple cores
– Monitoring of other behavioral aspects (e.g., Memory, I/O)
– Multi-dimensional monitoring
25
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
Thank you
26
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems
