Are hardware performance counters a cost effective way for integrity checking of programs

Corey Malone, Mohamed Zahran, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this paper, we propose to use hardware performance counters (HPC) to detect malicious program modifications at load time (static) and at runtime (dynamic). HPC have been used for program characterization and testing, system testing and performance evaluation, and as side channels. We propose to use HPCs for static and dynamic integrity checking of programs.. The main advantage of HPC-based integrity checking is that it is almost free in terms of hardware cost; HPCs are built into almost all processors. The runtime performance overhead is minimal because we use the operating system for integrity checking, which is called anyway for process scheduling and other interrupts. Our preliminary results confirm that HPC very efficiently detect program modifications with very low cost.

Original languageEnglish (US)
Title of host publicationSTC'11 - Proceedings of the 6th ACM Workshop
Subtitle of host publicationScalable Trusted Computing
Pages71-76
Number of pages6
DOIs
StatePublished - 2011
Event6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011 - Chicago, IL, United States
Duration: Oct 17 2011Oct 17 2011

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011
CountryUnited States
CityChicago, IL
Period10/17/1110/17/11

Keywords

  • hardware performance counters
  • integrity

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Are hardware performance counters a cost effective way for integrity checking of programs'. Together they form a unique fingerprint.

Cite this