Processor Control Flow Monitoring Using Signatured Instruction Streams
IEEE Transactions on Computers
Enabling trusted software integrity
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
WWC '98 Proceedings of the Workload Characterization: Methodology and Case Studies
Proceedings of the 30th annual international symposium on Computer architecture
Runtime Execution Monitoring (REM) to Detect and Prevent Malicious Code Execution
ICCD '04 Proceedings of the IEEE International Conference on Computer Design
Establishing the genuinity of remote computer systems
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Side effects are not sufficient to authenticate software
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
TOCTOU, Traps, and Trusted Computing
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Exploiting Hardware Performance Counters
FDTC '08 Proceedings of the 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography
Detecting Return-to-libc Buffer Overflow Attacks Using Network Intrusion Detection Systems
ICDS '10 Proceedings of the 2010 Fourth International Conference on Digital Society
Evil maid goes after PGP whole disk encryption
Proceedings of the 3rd international conference on Security of information and networks
Using Hardware Performance Counters for Fault Localization
VALID '10 Proceedings of the 2010 Second International Conference on Advances in System Testing and Validation Lifecycle
Analysing the fidelity of measurements performed with hardware performance counters
Proceedings of the 2nd ACM/SPEC International Conference on Performance engineering
Rapid identification of architectural bottlenecks via precise event counting
Proceedings of the 38th annual international symposium on Computer architecture
CODESSEAL: Compiler/FPGA approach to secure applications
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
On the feasibility of online malware detection with performance counters
Proceedings of the 40th Annual International Symposium on Computer Architecture
NumChecker: detecting kernel control-flow modifying rootkits by using hardware performance counters
Proceedings of the 50th Annual Design Automation Conference
Improving execution unit occupancy on SMT-based processors through hardware-aware thread scheduling
Future Generation Computer Systems
Performance optimization of deployed software-as-a-service applications
Journal of Systems and Software
| Hi-index | 0.00 |
In this paper, we propose to use hardware performance counters (HPC) to detect malicious program modifications at load time (static) and at runtime (dynamic). HPC have been used for program characterization and testing, system testing and performance evaluation, and as side channels. We propose to use HPCs for static and dynamic integrity checking of programs.. The main advantage of HPC-based integrity checking is that it is almost free in terms of hardware cost; HPCs are built into almost all processors. The runtime performance overhead is minimal because we use the operating system for integrity checking, which is called anyway for process scheduling and other interrupts. Our preliminary results confirm that HPC very efficiently detect program modifications with very low cost.