Using hardware performance counters to detect control hijacking attacks
Using hardware performance counters to detect control hijacking attacks
Code reuse techniques can circumvent existing security measures. For example, attacks such as Return Oriented Programming (ROP) use fragments of the existing code base to create an attack. Since this code is already in the system, the Data Execution Prevention methods cannot prevent the execution of this reorganised code. Existing software-based Control Flow Integrity can prevent this attack, but the overhead is enormous. Most of the improved methods utilise reduced granularity in exchange for a small performance overhead. Hardware-based detection also faces the same performance overhead and accuracy issues. Benefit from HPC's large-area loading on modern CPU chips, we propose a detection method based on the monitoring of hardware performance counters, which is a lightweight system-level detection for malicious code execution to solve the restrictions of other software and hardware security measures, and is not as complicated as Control Flow Integrity.
Attack detection, Hardware performance counters, Malicious code execution, Security
Yu, Miao
3a1bc079-87ae-4174-b697-177678c90408
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Zwolinski, Mark
adfcb8e7-877f-4bd7-9b55-7553b6cb3ea0
3 October 2019
Yu, Miao
3a1bc079-87ae-4174-b697-177678c90408
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Zwolinski, Mark
adfcb8e7-877f-4bd7-9b55-7553b6cb3ea0
Yu, Miao, Halak, Basel and Zwolinski, Mark
(2019)
Using hardware performance counters to detect control hijacking attacks.
In 2019 IEEE 4th International Verification and Security Workshop, IVSW 2019.
IEEE.
6 pp
.
(doi:10.1109/IVSW.2019.8854399).
Record type:
Conference or Workshop Item
(Paper)
Abstract
Code reuse techniques can circumvent existing security measures. For example, attacks such as Return Oriented Programming (ROP) use fragments of the existing code base to create an attack. Since this code is already in the system, the Data Execution Prevention methods cannot prevent the execution of this reorganised code. Existing software-based Control Flow Integrity can prevent this attack, but the overhead is enormous. Most of the improved methods utilise reduced granularity in exchange for a small performance overhead. Hardware-based detection also faces the same performance overhead and accuracy issues. Benefit from HPC's large-area loading on modern CPU chips, we propose a detection method based on the monitoring of hardware performance counters, which is a lightweight system-level detection for malicious code execution to solve the restrictions of other software and hardware security measures, and is not as complicated as Control Flow Integrity.
This record has no associated files available for download.
More information
Published date: 3 October 2019
Additional Information:
Publisher Copyright:
© 2019 IEEE.
Venue - Dates:
4th IEEE International Verification and Security Workshop, IVSW 2019, , Rhodes Island, Greece, 2019-07-01 - 2019-07-03
Keywords:
Attack detection, Hardware performance counters, Malicious code execution, Security
Identifiers
Local EPrints ID: 473045
URI: http://eprints.soton.ac.uk/id/eprint/473045
PURE UUID: f6145938-18d6-4ea4-8845-ddc28e53b1c4
Catalogue record
Date deposited: 09 Jan 2023 18:25
Last modified: 17 Mar 2024 03:25
Export record
Altmetrics
Contributors
Author:
Miao Yu
Author:
Basel Halak
Author:
Mark Zwolinski
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics