WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices
نویسندگان
چکیده
Medical devices based on embedded systems are ubiquitous in clinical settings. Increasingly, they connect to networks and run off-the-shelf operating systems vulnerable to malware. But strict validation requirements make it prohibitively difficult or costly to use anti-virus software or automated operating system updates on these systems. Our add-on monitoring system, WattsUpDoc, uses a traditionally undesirable side channel of power consumption to enable run-time malware detection. In our experiments, WattsUpDoc detected previously known malware with at least 94% accuracy and previously unknown malware with at least 85% accuracy on several embedded devices—detection rates similar to those of conventional malware-detection systems on PCs. WattsUpDoc detects malware without requiring hardware or software modifications or network communication.
منابع مشابه
Potentia Est Scientia: Security and Privacy Implications of Energy-Proportional Computing
The trend toward energy-proportional computing, in which power consumption scales closely with workload, is making computers increasingly vulnerable to information leakage via whole-system power analysis. Saving energy is an unqualified boon for computer operators, but this trend has produced an unintentional side effect: it is becoming easier to identify computing activities in power traces be...
متن کاملDABLS: Device Attestation with Bounded Leakage of Secrets
Use of commodity platforms for embedded systems makes it difficult to authenticate remote devices in the presence of malware and to obtain confirmation of malware-free device states in a verifiable manner. We propose a scheme for achieving these properties by installing and maintaining a pool of secrets in device memory that cannot be leaked by malware in its entirety via a bandwidth-limited (e...
متن کاملDABLS: Device Attestation with Bounded Leakage of Secrets (CMU-CyLab-13-010)
Use of commodity platforms for embedded systems makes it difficult to authenticate remote devices in the presence of malware and to obtain confirmation of malware-free device states in a verifiable manner. We propose a scheme for achieving these properties by installing and maintaining a pool of secrets in device memory that cannot be leaked by malware in its entirety via a bandwidth-limited (e...
متن کاملClient Honeypot Based Malware Program Detection Embedded Into Web Pages
In today’s world where internet is hosting major resources of this world, the malware programs embedded into web pages have become a severe threat in today’s internet which launches the client side attacks by exploiting the browser based vulnerabilities. With the improvement of software security, vulnerabilities based attacks declined whereas the attacks based on the client side application is ...
متن کاملProtecting E-healthcare Client Devices against Malware and Physical Theft
The growing adoption of electronic medical records will require that healthcare professionals and patients are able to access health information on devices such as laptops, personal computers, and even smart phones. Due to the sensitive nature of such information, it is important to secure client-side devices used in electronic healthcare systems that handle sensitive medical data. These device...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013