The overall objective of this work is to significantly increase cyber security across embedded and networked computing devices by developing real-time monitoring techniques that defeat cyber-attacks. The project hypothesizes that these devices can be enhanced by a novel class of malware detection approaches that rely on fine-grained timing information of such devices. The premise is that embedded devices are subject to control systems with soft or even hard real-time constraints. The execution path of such control code on embedded devices thus follows a stringent and predictable behavior, which can be characterized by timing analysis. Once upper bounds on timings along execution paths are established, this information not only aids in the verification of timing constraints, but it can also be exploited to detect deviations from the certified timing behavior. Timing-based malware detection thus provides a means for non-stop system integrity. What is more, it can be used to trigger transitions into a safe operating mode at an early intrusion detection point to prevent anomalous behavior from escalating.
"Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation."