Visible to the public Using Hardware Performance Counters to Detect Control Hijacking Attacks

TitleUsing Hardware Performance Counters to Detect Control Hijacking Attacks
Publication TypeConference Paper
Year of Publication2019
AuthorsYu, M., Halak, B., Zwolinski, M.
Conference Name2019 IEEE 4th International Verification and Security Workshop (IVSW)
Date Publishedjul
Keywordsattack detection, composability, Hardware performance counters, Human Behavior, human factors, malicious code execution, pubcrawl, Resiliency, return oriented programming, rop attacks, Scalability, security

Code reuse techniques can circumvent existing security measures. For example, attacks such as Return Oriented Programming (ROP) use fragments of the existing code base to create an attack. Since this code is already in the system, the Data Execution Prevention methods cannot prevent the execution of this reorganised code. Existing software-based Control Flow Integrity can prevent this attack, but the overhead is enormous. Most of the improved methods utilise reduced granularity in exchange for a small performance overhead. Hardware-based detection also faces the same performance overhead and accuracy issues. Benefit from HPC's large-area loading on modern CPU chips, we propose a detection method based on the monitoring of hardware performance counters, which is a lightweight system-level detection for malicious code execution to solve the restrictions of other software and hardware security measures, and is not as complicated as Control Flow Integrity.

Citation Keyyu_using_2019