Towards Host Intrusion Detection for Embedded Industrial Systems

Original Equipment Manufacturers now embed hardware virtualization in car equipment to reduce costs and hardware complexity, while allowing more functionalities, such as connectivity. This evolution forces the cohabitation of distinct criticality domains on the same hardware, reaffirming the need for security. Because of the trade-off between performance and system overall complexity, deploying security becomes a challenging balancing act. Host Intrusion Detection Systems (HIDS) security protects the behavior of a program at run-time: it monitors the program execution flow to distinguish threats from benign activity. This paper presents a novel run-time security solution for embedded mixed-criticality systems, which integrates HIDS in a partitioned system based on Multiple Independent Levels of Security (MILS) architecture. Our HIDS monitors a program's execution by observing both hardware and software signals; there is to our knowledge no HIDS providing such precise representation of program execution.