POWER-BASED PROGRAM TRACING IN EMBEDDED SYSTEMS USING DYNAMIC TIME WARPING

Abstract

With the increasing pervasiveness of embedded processors in safety-critical systems, the importance of monitoring and verifying the runtime behavior of the software running in these devices is continuously growing. Since typical embedded processors are normally heavily constrained in computing resources and their software must be validated at design time, monitoring their runtime behavior without compromising their functional requirements imposes important technical challenges. In this context, side-channel analysis represents an attractive alternative for inferring functional properties of systems with limited computing resources and without requiring modifications to already deployed production software. This thesis presents and evaluates a set of techniques for non-intrusive code execution tracking using side-channel signals of power consumption captured from a target processor. Using a database of power consumption profiles for all the basic blocks the target processor will execute at runtime (constructed during a profiling stage before system deployment), our approaches automatically segment and classify profiles contained within an unmarked long trace of power consumption captured at runtime from deployed systems. The proposed methods leverage ideas from previous works on power-based program tracing, using a nearest-neighbor classifier that integrates techniques derived from Dynamic Time Warping algorithms with information from the Control Flow Graph, enabling identification of subsequences that may exhibit distortions in the temporal axis, or warping, due to assembly-level artifacts and varying operational conditions. Our experiments report over 95% of precision when inferring the program execution flow of a cruise control application using unmarked traces of power consumption collected from different processors. The ability to track code execution through side-channel power signals provides a first step for developing new procedures for control-flow integrity checking, faults and anomaly detection, post-mortem analysis, and other applications in resource constrained embedded systems.