License: Creative Commons Attribution 3.0 Unported license (CC BY 3.0)
When quoting this document, please refer to the following
DOI: 10.4230/OASIcs.CERTS.2019.2
URN: urn:nbn:de:0030-drops-108933
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2019/10893/
Go to the corresponding OASIcs Volume Portal

Kadar, Marine ; Tverdyshev, Sergey ; Fohler, Gerhard

System Calls Instrumentation for Intrusion Detection in Embedded Mixed-Criticality Systems

pdf-format:
OASIcs-CERTS-2019-2.pdf (0.4 MB)

Abstract

System call relative information such as occurrences, type, parameters, and return values are well established metrics to reveal intrusions in a system software. Many Host Intrusion Detection Systems (HIDS) from research and industry analyze these data for continuous system monitoring at runtime. Despite a significant false alarm rate, this type of defense offers high detection precision for both known and zero-day attacks. Recent research focuses on HIDS deployment for desktop computers. Yet, the integration of such run-time monitoring solution in mixed-criticality embedded systems has not been discussed. Because of the cohabitation of potentially vulnerable non-critical software with critical software, securing mixed-criticality systems is a non trivial but essential issue. Thus, we propose a methodology to evaluate the impact of deploying system call instrumentation in such context. We analyze the impact in a concrete use-case with PikeOS real-time hypervisor.

BibTeX - Entry

@InProceedings{kadar_et_al:OASIcs:2019:10893,
  author =	{Marine Kadar and Sergey Tverdyshev and Gerhard Fohler},
  title =	{{System Calls Instrumentation for Intrusion Detection in Embedded Mixed-Criticality Systems}},
  booktitle =	{4th International Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS 2019)},
  pages =	{2:1--2:13},
  series =	{OpenAccess Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-119-1},
  ISSN =	{2190-6807},
  year =	{2019},
  volume =	{73},
  editor =	{Mikael Asplund and Michael Paulitsch},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{http://drops.dagstuhl.de/opus/volltexte/2019/10893},
  URN =		{urn:nbn:de:0030-drops-108933},
  doi =		{10.4230/OASIcs.CERTS.2019.2},
  annote =	{Keywords: Instrumentation, Mixed-criticality, Real-Time, System Calls, Host Intrusion Detection Systems}
}

Keywords: Instrumentation, Mixed-criticality, Real-Time, System Calls, Host Intrusion Detection Systems
Collection: 4th International Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS 2019)
Issue Date: 2019
Date of publication: 29.07.2019

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI