Stream cipher hash based execution monitoring (SCHEM) framework for intrusion detection on embedded processors

Abstract

Hardware based execution monitoring of applications holds the promise for an effective and tamper-proof solution for intrusion detection on processor. This paper presents a practical hardware based intrusion detection framework which uses stream cipher based hashing techniques for runtime control flow and instruction integrity monitoring. This framework enables accurate monitoring of the control flow of a process with an instruction level granularity. Additional hardware required for implementation of our framework has very low power and area overheads which makes it possible to practically implement execution monitoring even on embedded processors. Our technique achieves an order of magnitude lower power overhead compared to other similar techniques. Furthermore, our implementation of the developed framework has a low intrusion detection latency, which enables us to verify the control flow integrity of the executing code before the violating control flow instructions are retired from the processor pipeline.