Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Integrity Monitoring Using Hardware Performance Counters Corey Malone.

Published byMelvyn Griffith Modified over 9 years ago

Similar presentations

Presentation on theme: "Software Integrity Monitoring Using Hardware Performance Counters Corey Malone."— Presentation transcript:

1 Software Integrity Monitoring Using Hardware Performance Counters Corey Malone

2 Software Integrity Software that runs as it was originally “designed” or “compiled” At load – verify hash Runtime – Check every jump – Follow the control flow graph

3 Performance Counters Measure events such as ins retired, cache accesses, etc Already on most processors Give “insight” into processor state  program execution 1 1 3 3 7 7 0 0 9 9

4 Simple Model for Integrity Checking Profile application using counters At completion….compare to see if within certain range, to generate a probability of compromise. EXPECTED ACTUAL 0 2000 Instructions Retired Acceptable Range

5 Whole Program Monitoring NP-Complete, Very hard to do “Insight” into program not fine enough Lots of false positives.. So now what? main() { …… } main() { …… }

6 foo() { …… } foo() { …… } Function Monitoring Look at a smaller part of a program or kernel Fixed inputs to function lead to less variation Still have other variables, such as program or system status

7 System Call Monitoring for Rootkit Detection w/Terry Wang System calls commonly modified for rootkits – Hide files – Hide processes – Read files as they opened A VMM could monitor guest system calls to determine if any major variation occurs

8 Current Status X86 Implementation Complete ARM/Android Platform Research Progress – Sys Calls Guest & VMM – ARM performance counters less mature SmartGrid Proposal in Final Stages

9 Questions ?

Download ppt "Software Integrity Monitoring Using Hardware Performance Counters Corey Malone."

Similar presentations

1/1/ / faculty of Electrical Engineering eindhoven university of technology Speeding it up Part 3: Out-Of-Order and SuperScalar execution dr.ir. A.C. Verschueren.

1/1/ / faculty of Electrical Engineering eindhoven university of technology Speeding it up Part 3: Out-Of-Order and SuperScalar execution dr.ir. A.C. Verschueren.
ARM Cortex A8 Pipeline EE126 Wei Wang. Cortex A8 is a processor core designed by ARM Holdings. Application: Apple A4, Samsung Exynos 3110. What’s the.

ARM Cortex A8 Pipeline EE126 Wei Wang. Cortex A8 is a processor core designed by ARM Holdings. Application: Apple A4, Samsung Exynos What’s the.
Programmability Issues

Programmability Issues
Yaron Doweck Yael Einziger Supervisor: Mike Sumszyk Spring 2011 Semester Project.

Yaron Doweck Yael Einziger Supervisor: Mike Sumszyk Spring 2011 Semester Project.
Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?

Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?
Chapter 2 Operating System Overview Operating Systems: Internals and Design Principles, 6/E William Stallings.

Chapter 2 Operating System Overview Operating Systems: Internals and Design Principles, 6/E William Stallings.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
CS0004: Introduction to Programming Introduction to Programming.

CS0004: Introduction to Programming Introduction to Programming.
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.

Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
Software Certification and Attestation Rajat Moona Director General, C-DAC.

Software Certification and Attestation Rajat Moona Director General, C-DAC.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Hit or Miss ? !!!.  Cache RAM is high-speed memory (usually SRAM).  The Cache stores frequently requested data.  If the CPU needs data, it will check.

Hit or Miss ? !!!.  Cache RAM is high-speed memory (usually SRAM).  The Cache stores frequently requested data.  If the CPU needs data, it will check.
Hit or Miss ? !!!.  Small size.  Simple and fast.  Implementable with hardware.  Does not need too much power.  Does not predict miss if we have.

Hit or Miss ? !!!.  Small size.  Simple and fast.  Implementable with hardware.  Does not need too much power.  Does not predict miss if we have.
SE 450 Software Processes & Product Metrics Reliability: An Introduction.

SE 450 Software Processes & Product Metrics Reliability: An Introduction.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
PathExpander: Architectural Support for Increasing the Path Coverage of Dynamic Bug Detection S. Lu, P. Zhou, W. Liu, Y. Zhou, J. Torrellas University.

PathExpander: Architectural Support for Increasing the Path Coverage of Dynamic Bug Detection S. Lu, P. Zhou, W. Liu, Y. Zhou, J. Torrellas University.
16/27/2015 3:38 AM6/27/2015 3:38 AM6/27/2015 3:38 AMTesting and Debugging Testing The process of verifying the software performs to the specifications.

16/27/2015 3:38 AM6/27/2015 3:38 AM6/27/2015 3:38 AMTesting and Debugging Testing The process of verifying the software performs to the specifications.
Computer Organization and Architecture

Computer Organization and Architecture
ED 4 I: Error Detection by Diverse Data and Duplicated Instructions Greg Bronevetsky.

ED 4 I: Error Detection by Diverse Data and Duplicated Instructions Greg Bronevetsky.
November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli

November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli

Similar presentations

Ads by Google