Software Integrity Monitoring Using Hardware Performance Counters Corey Malone.

Slides:

Advertisements

Similar presentations

1/1/ / faculty of Electrical Engineering eindhoven university of technology Speeding it up Part 3: Out-Of-Order and SuperScalar execution dr.ir. A.C. Verschueren.

Advertisements

ARM Cortex A8 Pipeline EE126 Wei Wang. Cortex A8 is a processor core designed by ARM Holdings. Application: Apple A4, Samsung Exynos What’s the.

Programmability Issues

Yaron Doweck Yael Einziger Supervisor: Mike Sumszyk Spring 2011 Semester Project.

Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?

Chapter 2 Operating System Overview Operating Systems: Internals and Design Principles, 6/E William Stallings.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

CS0004: Introduction to Programming Introduction to Programming.

Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.

Software Certification and Attestation Rajat Moona Director General, C-DAC.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

Hit or Miss ? !!!.  Cache RAM is high-speed memory (usually SRAM).  The Cache stores frequently requested data.  If the CPU needs data, it will check.

Hit or Miss ? !!!.  Small size.  Simple and fast.  Implementable with hardware.  Does not need too much power.  Does not predict miss if we have.

SE 450 Software Processes & Product Metrics Reliability: An Introduction.

Figure 1.1 Interaction between applications and the operating system.

PathExpander: Architectural Support for Increasing the Path Coverage of Dynamic Bug Detection S. Lu, P. Zhou, W. Liu, Y. Zhou, J. Torrellas University.

16/27/2015 3:38 AM6/27/2015 3:38 AM6/27/2015 3:38 AMTesting and Debugging Testing The process of verifying the software performs to the specifications.

Computer Organization and Architecture

ED 4 I: Error Detection by Diverse Data and Duplicated Instructions Greg Bronevetsky.

November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli

@ NCSU Zhi NCSU Xuxian Microsoft Research Weidong Microsoft NCSU Peng NCSU ACM CCS’09.

Automatic Generation of Parallel OpenGL Programs Robert Hero CMPS 203 December 2, 2004.

Swami NatarajanJuly 14, 2015 RIT Software Engineering Reliability: Introduction.

Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.

Software Development, Programming, Testing & Implementation.

On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

An Integrated Hardware-Software Approach to Transactional Memory Sean Lie Theory of Parallel Systems Monday December 8 th, 2003.

P51UST: Unix and Software Tools Unix and Software Tools (P51UST) Compilers, Interpreters and Debuggers Ruibin Bai (Room AB326) Division of Computer Science.

Virtualization Concept. Virtualization  Real: it exists, you can see it.  Transparent: it exists, you cannot see it  Virtual: it does not exist, you.

A survey of Buffer overflow exploitation on HTC touch mobile phone Advanced Defense Lab CSIE NCU Chih-Wen Ou.

© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.

What is a Computer? An, electrical machine, that can be programmed to accept data (input), process it into useful information (output) and store it away.

Real-Time Java on JOP Martin Schöberl. Real-Time Java on JOP2 Overview RTSJ – why not Simple RT profile Scheduler implementation User defined scheduling.

Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science and Technology, Fall 2010 Performance.

Countering Kernel Rootkits with Lightweight Hook Protection Presented by: Hector M Lugo-Cordero, MS CAP 6135 March 24, 2011.

Chapter 1: Introduction. 1.2 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 1: Introduction What Operating Systems Do Computer-System.

Silberschatz, Galvin and Gagne  2002 Modified for CSCI 399, Royden, Operating System Concepts Operating Systems Lecture 7 OS System Structure.

1 Programming of FPGA in LiCAS ADC for Continuous Data Readout Week 3 Report Jack Hickish.

10/27: Lecture Topics Survey results Current Architectural Trends Operating Systems Intro –What is an OS? –Issues in operating systems.

1 CSE 451 Section 2: Interrupts, Syscalls, Virtual Machines, and Project 1.

Instrumentation in Software Dynamic Translators for Self-Managed Systems Bruce R. Childers Naveen Kumar, Jonathan Misurda and Mary.

Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.

Precomputation- based Prefetching By James Schatz and Bashar Gharaibeh.

Intro to Programming Web Design ½ Shade Adetoro. Programming Slangs IDE - Integrated Development Environment – the software in which you develop an application.

Introduction Selenium IDE is a Firefox extension that allows you to record, edit, and debug tests for HTML Easy record and playback Intelligent field selection.

© 2011 Delmar, Cengage Learning Chapter 10 Using ActionScript to Enhance User Experience.

Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.

Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw (ONL)

Interrupt driven I/O Computer Organization and Assembly Language: Module 12.

Performed By: Itamar Niddam and Lior Motorin Instructor: Inna Rivkin Bi-Semesterial. Winter 2012/2013 3/12/2012.

Vertical Profiling : Understanding the Behavior of Object-Oriented Applications Sookmyung Women’s Univ. PsLab Sewon,Moon.

Lecture 7 Rootkits Hoglund/Butler (Chapter 5-6). Avoiding detection Two ways rootkits can avoid detection –Modify execution path of operating system to.

Class Presentation Pete Bohman, Adam Kunk, Erik Shaw (ONL)

VMM Based Rootkit Detection on Android

Virtual Machines Mr. Monil Adhikari. Agenda Introduction Classes of Virtual Machines System Virtual Machines Process Virtual Machines.

Evolution of C and C++ n C was developed by Dennis Ritchie at Bell Labs (early 1970s) as a systems programming language n C later evolved into a general-purpose.

Interrupts and Exception Handling. Execution We are quite aware of the Fetch, Execute process of the control unit of the CPU –Fetch and instruction as.

Some of the utilities associated with the development of programs. These program development tools allow users to write and construct programs that the.

Introduction to Performance Tuning Chia-heng Tu PAS Lab Summer Workshop 2009 June 30,

Just-In-Time Compilation. Introduction Just-in-time compilation (JIT), also known as dynamic translation, is a method to improve the runtime performance.

Compilers and Security

14 Compilers, Interpreters and Debuggers

SOFTWARE TESTING OVERVIEW

Hiding Malware Rootkits

Input-Output-Process Demo

Prof. Leonardo Mostarda University of Camerino

Countering Kernel Rootkits with Lightweight Hook Protection

Timing analysis research

Programming language translators

Presentation transcript:

Software Integrity Monitoring Using Hardware Performance Counters Corey Malone

Software Integrity Software that runs as it was originally “designed” or “compiled” At load – verify hash Runtime – Check every jump – Follow the control flow graph

Performance Counters Measure events such as ins retired, cache accesses, etc Already on most processors Give “insight” into processor state  program execution

Simple Model for Integrity Checking Profile application using counters At completion….compare to see if within certain range, to generate a probability of compromise. EXPECTED ACTUAL Instructions Retired Acceptable Range

Whole Program Monitoring NP-Complete, Very hard to do “Insight” into program not fine enough Lots of false positives.. So now what? main() { …… } main() { …… }

foo() { …… } foo() { …… } Function Monitoring Look at a smaller part of a program or kernel Fixed inputs to function lead to less variation Still have other variables, such as program or system status

System Call Monitoring for Rootkit Detection w/Terry Wang System calls commonly modified for rootkits – Hide files – Hide processes – Read files as they opened A VMM could monitor guest system calls to determine if any major variation occurs

Current Status X86 Implementation Complete ARM/Android Platform Research Progress – Sys Calls Guest & VMM – ARM performance counters less mature SmartGrid Proposal in Final Stages

Questions ?