Using hardware performance counters for detecting control hijacking attacks
Using hardware performance counters for detecting control hijacking attacks
Control Hijacking Attack (CHA) is one of the significant ways to exploit the buffer related vulnerability. New code reuse techniques used for the control hijacking attack can circumvent existing security measures. For example, the latest attacks such as Return Oriented Programming use fragments of the existing code base to create an attack. Since this code is already existing code in the system, the Data Execution Prevention methods cannot prevent the execution of this reorganised code. Existing software-based Control Flow Integrity can prevent this attack, but the algorithm and overhead are enormous. Hardware Performance Counters provide support for hardware level detection methods for against control hijacking attack. We proposed a detection method based on the supervision of Hardware Performance Counters (HPCs), and which is a lightweight detection for CHA to solve the monitoring restrictions of other software and hardware security measures, which has a small running overhead. This detection method supports faster information collection, shorter response times, and lower system consumption compared to software level detection. Simulation tests on Gem5 prove that this detection method can be used to detect CHAs
University of Southampton
Yu, Miao
3a1bc079-87ae-4174-b697-177678c90408
March 2022
Yu, Miao
3a1bc079-87ae-4174-b697-177678c90408
Zwolinski, Mark
adfcb8e7-877f-4bd7-9b55-7553b6cb3ea0
Yu, Miao
(2022)
Using hardware performance counters for detecting control hijacking attacks.
University of Southampton, Doctoral Thesis, 146pp.
Record type:
Thesis
(Doctoral)
Abstract
Control Hijacking Attack (CHA) is one of the significant ways to exploit the buffer related vulnerability. New code reuse techniques used for the control hijacking attack can circumvent existing security measures. For example, the latest attacks such as Return Oriented Programming use fragments of the existing code base to create an attack. Since this code is already existing code in the system, the Data Execution Prevention methods cannot prevent the execution of this reorganised code. Existing software-based Control Flow Integrity can prevent this attack, but the algorithm and overhead are enormous. Hardware Performance Counters provide support for hardware level detection methods for against control hijacking attack. We proposed a detection method based on the supervision of Hardware Performance Counters (HPCs), and which is a lightweight detection for CHA to solve the monitoring restrictions of other software and hardware security measures, which has a small running overhead. This detection method supports faster information collection, shorter response times, and lower system consumption compared to software level detection. Simulation tests on Gem5 prove that this detection method can be used to detect CHAs
Text
Thesis_Miao Yu
- Version of Record
Text
PTD_Thesis_Yu-SIGNED
Restricted to Repository staff only
More information
Published date: March 2022
Identifiers
Local EPrints ID: 470731
URI: http://eprints.soton.ac.uk/id/eprint/470731
PURE UUID: 5e943e1e-f493-4260-817b-6b173ea48b56
Catalogue record
Date deposited: 18 Oct 2022 17:34
Last modified: 17 Mar 2024 02:35
Export record
Contributors
Author:
Miao Yu
Thesis advisor:
Mark Zwolinski
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics