THC 2026 - Using hardware signals to detect malware in critical embedded systems

Lucas Georget (EDF R&D/LAAS-CNRS) 🎙️, Vincent Migliore (INSA Toulouse/LAAS-CNRS), Vincent Nicomette (INSA Toulouse/LAAS-CNRS), Frédéric Silvi (EDF R&D), Arthur Villard (EDF R&D) and Philippe Leleux (INSA Toulouse / LAAS-CNRS) Software and hardware compromises in critical infrastructure are becoming increasingly serious threats, particularly within the supply chain. These compromises can impact every layer of a system, including the lowest levels, such as firmware embedded in industrial components. As a last line of defense, runtime monitoring mechanisms for detection, diagnosis, and recovery can be integrated directly into these devices. This presentation proposes leveraging microarchitectural signals to identify software deviations during execution.