ProfileMe: hardware support for instruction-level profiling on out-of-order processors
MICRO 30 Proceedings of the 30th annual ACM/IEEE international symposium on Microarchitecture
Distributed caching with memcached
Linux Journal
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
ISCA '08 Proceedings of the 35th Annual International Symposium on Computer Architecture
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Control flow obfuscation with information flow tracking
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
Monitoring for security intrusion using performance signatures
Proceedings of the first joint WOSP/SIPEW international conference on Performance engineering
Defeating return-oriented rootkits with "Return-Less" kernels
Proceedings of the 5th European conference on Computer systems
Return-oriented rootkits: bypassing kernel code integrity protection mechanisms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Return-oriented programming without returns
Proceedings of the 17th ACM conference on Computer and communications security
Production-run software failure diagnosis via hardware performance counters
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Run-time control flow authentication: an assessment on contemporary x86 platforms
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Transparent ROP exploit mitigation using indirect branch tracing
SEC'13 Proceedings of the 22nd USENIX conference on Security
Leveraging the short-term memory of hardware to diagnose production-run software failures
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Hi-index | 0.00 |
This paper considers and validates the applicability of leveraging pervasively-available performance counters for detecting and reasoning about security breaches. Our key observation is that many security breaches, which typically cause abnormal control flow, usually incur precisely identifiable deviation in performance samples captured by processors. Based on this observation, we implement a prototype system called Eunomia, which is the first non-intrusive system that can detect emerging attacks based on return-oriented programming without any changes to applications (either source or binary code) or special-purpose hardware. Our security evaluation shows that Eunomia can detect some realistic attacks including code-injection attacks, return-to-libc attacks and return-oriented programming attacks on unmodified binaries with relatively low overhead.