Control Flow Graph Modifications for Improved RF-Based Processor Tracking Performance
This addresses security monitoring for embedded processors without traditional resources, though it appears incremental as it builds on existing RF and CFG methods.
The paper tackles the problem of monitoring program execution on resource-constrained embedded processors by using radio frequency (RF) measurements and control flow graphs (CFG), showing that modifications like changing basic block transitions or adding observable blocks improve tracking performance, with initial results applied to real-world programs such as gzip and md5sum.
Many dedicated embedded processors do not have memory or computational resources to coexist with traditional (host-based) security solutions. As a result, there is interest in using out-of-band analog side-channel measurements and their analyses to accurately monitor and analyze expected program execution. In this paper, we describe an approach to this problem using externally observable multi-band radio frequency (RF) measurements to make inferences about a program's execution. Because it is very difficult to identify individual instructions solely from their RF emissions, we compare RF measurements with the constrained execution logic of the program so that multiple RF measurements over time can effectively track program execution dynamically. In our approach, a program's execution is modeled by control flow graphs (CFG) and transitions between nodes of such graphs. We demonstrate that tracking performance can be improved through applications program modifications such as changing basic block transition properties and/or adding new basic blocks that are highly observable. In addition to demonstrating these principled approaches on some simple programs, we present initial results on the complexity and structure of real-world applications programs, namely gzip and md5sum, in this modeling framework.