Cost, complexity and resource limitations make conventional “defense-in-depth” approaches to information security unsuitable for Internet of Things environments. Moreover, attackers have repeatedly breached the security boundaries of devices that aren’t hampered by those limitations.
As long as security logic executes within the same computing unit as the rest of a compromised device’s software, it’s susceptible.
That’s why DARPA launched LADS. The Leveraging the Analog Domain for Security program seeks to develop new information security capabilities that can monitor embedded devices through a combination of analog signal analysis and program analysis techniques. Advances from the program could also be applied to traditional IT devices.
In some instances, a physical side channel (e.g. electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations) can indicate the status of a connected device’s processor, and thus allow for the detection of disruptions to the system’s normal operation.
As a performer in the LADS program, we’re writing program analysis tools to help defend systems using the analog domain, specifically in Linux userspace binaries compiled for ARMv7. Currently, we’re developing tools to detect code that is susceptible to advanced cyber threats, such as RowHammer, which allow individual bits to get flipped in arbitrary program memory. The automated program analyzer we’re engineering is built on Manticore, our Python symbolic execution platform.