Towards Dynamic Execution Environment for System Security Protection Against Hardware Flaws

Attacks exploiting security flaws in software are very common. They are typically addressed during the ongoing software development process or by providing software patches. Attacks making use of hardware related flaws via malicious software recently gained popularity. Prominent examples are errata-based, aging-related or, for example, the infamous Rowhammer-attack. In this paper, we present an approach to detect software-based attacks which exploit hardware flaws. Since the flaws are typically triggered by characteristic instruction sequences, our approach is implemented as a dynamic execution environment for program monitoring at runtime. Several case studies underline the effectiveness and the low overhead of our approach.

[1]  Reetuparna Das,et al.  ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks , 2016 .

[2]  Angelos D. Keromytis,et al.  The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications , 2015, CCS.

[3]  Bazara I. A. Barry,et al.  Enhancing the Detection of Metamorphic Malware using Call Graphs , 2015 .

[4]  Ranjani Parthasarathi,et al.  A Survey on Post-Silicon Functional Validation for Multicore Architectures , 2017, ACM Comput. Surv..

[5]  Christopher Domas Breaking the x86 ISA , 2017 .

[6]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[7]  Julio Hernandez-Castro,et al.  Economic Analysis of Ransomware , 2017, ArXiv.

[8]  Rolf Drechsler,et al.  Trust is good, control is better: Hardware-based instruction-replacement for reliable processor-IPs , 2017, 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC).

[9]  Gorka Irazoqui Apecechea,et al.  MASCAT: Stopping Microarchitectural Attacks Before Execution , 2016, IACR Cryptol. ePrint Arch..

[10]  Onur Mutlu,et al.  The RowHammer problem and other issues we may face as memory becomes denser , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[11]  Bryan Ford,et al.  Vx32: Lightweight User-level Sandboxing on the x86 , 2008, USENIX Annual Technical Conference.

[12]  Priyadarsan Patra On the cusp of a validation wall , 2007, IEEE Design & Test of Computers.

[13]  R. Nigel Horspool,et al.  A framework for metamorphic malware analysis and real-time detection , 2015, Comput. Secur..

[14]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[15]  Eric Filiol,et al.  Behavioral detection of malware: from a survey towards an established taxonomy , 2008, Journal in Computer Virology.

[16]  Ramesh Karri,et al.  MAGIC: Malicious Aging in Circuits/Cores , 2015, TACO.

[17]  Satish Narayanasamy,et al.  Patching Processor Design Errors with Programmable Hardware , 2007, IEEE Micro.

[18]  Jörg Henkel,et al.  Aging Resilience and Fault Tolerance in Runtime Reconfigurable Architectures , 2017, IEEE Transactions on Computers.

[19]  Valeria Bertacco,et al.  Caspar: Hardware patching for multicore processors , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[20]  Andrew Baumann Hardware is the new Software , 2017, HotOS.

[21]  Satish Narayanasamy,et al.  Patching Processor Design Errors , 2006, 2006 International Conference on Computer Design.

[22]  Thomas Eisenbarth,et al.  Hit by the Bus: QoS Degradation Attack on Android , 2017, AsiaCCS.

[23]  Mark Mohammad Tehranipoor,et al.  Counterfeit Integrated Circuits: Detection, Avoidance, and the Challenges Ahead , 2014, J. Electron. Test..