Side-channel based intrusion detection for industrial control systems

Industrial Control Systems are under increased scrutiny. Their security is historically sub-par, and although measures are being taken by the manufacturers to remedy this, the large installed base of legacy systems cannot easily be updated with state-of-the-art security measures. We propose a system that uses electromagnetic side-channel measurements to detect behavioural changes of the software running on industrial control systems. To demonstrate the feasibility of this method, we show it is possible to profile and distinguish between even small changes in programs on Siemens S7-317 PLCs, using methods from cryptographic side-channel analysis.Comment: 12 pages, 7 figures. For associated code, see https://polvanaubel.com/research/em-ics/code

Toward Contention Analysis for Parallel Executing Real-Time Tasks

In measurement-based probabilistic timing analysis, the execution conditions imposed to tasks as measurement scenarios, have a strong impact to the worst-case execution time estimates. The scenarios and their effects on the task execution behavior have to be deeply investigated. The aim has to be to identify and to guarantee the scenarios that lead to the maximum measurements, i.e. the worst-case scenarios, and use them to assure the worst-case execution time estimates. We propose a contention analysis in order to identify the worst contentions that a task can suffer from concurrent executions. The work focuses on the interferences on shared resources (cache memories and memory buses) from parallel executions in multi-core real-time systems. Our approach consists of searching for possible task contenders for parallel executions, modeling their contentiousness, and classifying the measurement scenarios accordingly. We identify the most contentious ones and their worst-case effects on task execution times. The measurement-based probabilistic timing analysis is then used to verify the analysis proposed, qualify the scenarios with contentiousness, and compare them. A parallel execution simulator for multi-core real-time system is developed and used for validating our framework. The framework applies heuristics and assumptions that simplify the system behavior. It represents a first step for developing a complete approach which would be able to guarantee the worst-case behavior

Inferring Temporal Behaviours Through Kernel Tracing

In order to provide reliable system support for real-time applications, it is often important to be able to collect statistics about the tasks temporal behaviours (in terms of execution times and inter-arrival times). Such statistics can, for example, be used to provide a-priori schedulability guarantees, or to perform some kind of on-line adaptation of the scheduling parameters (adaptive scheduling, or feedback scheduling). This work shows how the Linux kernel allows to collect such statistics by using an internal function tracer called Ftrace. Based on this feature, tools can be developed to evaluate the real-time performance of a system or an application, to debug real-time applications, and/or to infer the temporal properties (for example, periodicity) of tasks running in the system

Study of the Reliability of Statistical Timing Analysis for Real-Time Systems

Presented at 23rd International Conference on Real-Time Networks and Systems (RTNS 2015). 4 to 6, Nov, 2015, Main Track. Lille, France.Probabilistic and statistical temporal analyses have been developedas a means of determining the worst-case execution and responsetimes of real-time software for decades. A number of such methodshave been proposed in the literature, of which the majority claim tobe able to provide worst-case timing scenarios with respect to agiven likelihood of a certain value being exceeded. Further, suchclaims are based on either some estimates associated with a probability,or probability distributions with a certain level of confidence.However, the validity of the claims are very much dependent on anumber of factors, such as the achieved samples and the adopteddistributions for analysis.In this paper, we investigate whether the claims made are in facttrue as well as the establishing an understanding of the factors thataffect the validity of these claims. The results are of importancefor two reasons: to allow researchers to examine whether there areimportant issues that mean their techniques need to be refined; andso that practitioners, including industrialists who are currently usingcommercial timing analysis tools based on these types of techniques,understand how the techniques should be used to ensure theresults are fit for their purposes

Probabilistic-WCET Reliability: Statistical Testing of EVT hypotheses

In recent years, the interest in probabilistic real-time has grown, as a response to the limitations of traditional static Worst-Case Execution Time (WCET) methods, in performing timing analysis of applications running on complex systems, like multi/many-cores and COTS platforms. The probabilistic theory can partially solve this problem, but it requires strong guarantees on the execution time traces, in order to provide safe probabilistic-WCET estimations. These requirements can be verified through suitable statistical tests, as described in this paper. In this work, we identify also challenges and problems of using statistical testing procedures in probabilistic real-time computing, proposing a unified test procedure based on a single index called Probabilistic Predictability Index (PPI). An experimental campaign has been carried out, considering both synthetic and realistic datasets, and the analysis of the impact of the Linux PREEMPT_RT patch on a modern complex platform as a use-case of the proposed index

Methodologies for the WCET Analysis of Parallel Applications on Many-core Architectures

Euromicro Conference on Digital System Design (DSD 2015), Funchal, Portugal.There is an increasing eagerness to deploy and execute parallel applications on many-core infrastructures, pre- serving the time-predictability of the execution as required by real-time practices to upper-bound the response time of the embedded application. In this context, the paper discusses the application of the currently-available WCET analysis techniques and tools on such platforms and with highly parallel activities. After discussing the pros and cons of all different methodologies for WCET analysis, we introduce a new approach that is developed within the P-SOCRATES project