Are hardware performance counters a cost effective way for integrity checking of programs

Corey Malone; Mohamed Zahran; Ramesh Karri

doi:10.1145/2046582.2046596

Are hardware performance counters a cost effective way for integrity checking of programs

Corey Malone, Mohamed Zahran, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In this paper, we propose to use hardware performance counters (HPC) to detect malicious program modifications at load time (static) and at runtime (dynamic). HPC have been used for program characterization and testing, system testing and performance evaluation, and as side channels. We propose to use HPCs for static and dynamic integrity checking of programs.. The main advantage of HPC-based integrity checking is that it is almost free in terms of hardware cost; HPCs are built into almost all processors. The runtime performance overhead is minimal because we use the operating system for integrity checking, which is called anyway for process scheduling and other interrupts. Our preliminary results confirm that HPC very efficiently detect program modifications with very low cost.

Original language	English (US)
Title of host publication	STC'11 - Proceedings of the 6th ACM Workshop
Subtitle of host publication	Scalable Trusted Computing
Pages	71-76
Number of pages	6
DOIs	https://doi.org/10.1145/2046582.2046596
State	Published - 2011
Event	6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011 - Chicago, IL, United States Duration: Oct 17 2011 → Oct 17 2011

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Other

Other	6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011
Country/Territory	United States
City	Chicago, IL
Period	10/17/11 → 10/17/11

Keywords

hardware performance counters
integrity

ASJC Scopus subject areas

Software
Computer Networks and Communications

Access to Document

10.1145/2046582.2046596

Cite this

Are hardware performance counters a cost effective way for integrity checking of programs. / Malone, Corey; Zahran, Mohamed; Karri, Ramesh.
STC'11 - Proceedings of the 6th ACM Workshop: Scalable Trusted Computing. 2011. p. 71-76 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Malone, C, Zahran, M & Karri, R 2011, Are hardware performance counters a cost effective way for integrity checking of programs. in STC'11 - Proceedings of the 6th ACM Workshop: Scalable Trusted Computing. Proceedings of the ACM Conference on Computer and Communications Security, pp. 71-76, 6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, IL, United States, 10/17/11. https://doi.org/10.1145/2046582.2046596

@inproceedings{1c12736e33264c91b1065a83ff4ea0d3,

title = "Are hardware performance counters a cost effective way for integrity checking of programs",

abstract = "In this paper, we propose to use hardware performance counters (HPC) to detect malicious program modifications at load time (static) and at runtime (dynamic). HPC have been used for program characterization and testing, system testing and performance evaluation, and as side channels. We propose to use HPCs for static and dynamic integrity checking of programs.. The main advantage of HPC-based integrity checking is that it is almost free in terms of hardware cost; HPCs are built into almost all processors. The runtime performance overhead is minimal because we use the operating system for integrity checking, which is called anyway for process scheduling and other interrupts. Our preliminary results confirm that HPC very efficiently detect program modifications with very low cost.",

keywords = "hardware performance counters, integrity",

author = "Corey Malone and Mohamed Zahran and Ramesh Karri",

year = "2011",

doi = "10.1145/2046582.2046596",

language = "English (US)",

isbn = "9781450310017",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "71--76",

booktitle = "STC'11 - Proceedings of the 6th ACM Workshop",

note = "6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011 ; Conference date: 17-10-2011 Through 17-10-2011",

}

TY - GEN

T1 - Are hardware performance counters a cost effective way for integrity checking of programs

AU - Malone, Corey

AU - Zahran, Mohamed

AU - Karri, Ramesh

PY - 2011

Y1 - 2011

N2 - In this paper, we propose to use hardware performance counters (HPC) to detect malicious program modifications at load time (static) and at runtime (dynamic). HPC have been used for program characterization and testing, system testing and performance evaluation, and as side channels. We propose to use HPCs for static and dynamic integrity checking of programs.. The main advantage of HPC-based integrity checking is that it is almost free in terms of hardware cost; HPCs are built into almost all processors. The runtime performance overhead is minimal because we use the operating system for integrity checking, which is called anyway for process scheduling and other interrupts. Our preliminary results confirm that HPC very efficiently detect program modifications with very low cost.

AB - In this paper, we propose to use hardware performance counters (HPC) to detect malicious program modifications at load time (static) and at runtime (dynamic). HPC have been used for program characterization and testing, system testing and performance evaluation, and as side channels. We propose to use HPCs for static and dynamic integrity checking of programs.. The main advantage of HPC-based integrity checking is that it is almost free in terms of hardware cost; HPCs are built into almost all processors. The runtime performance overhead is minimal because we use the operating system for integrity checking, which is called anyway for process scheduling and other interrupts. Our preliminary results confirm that HPC very efficiently detect program modifications with very low cost.

KW - hardware performance counters

KW - integrity

UR - http://www.scopus.com/inward/record.url?scp=80755143408&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80755143408&partnerID=8YFLogxK

U2 - 10.1145/2046582.2046596

DO - 10.1145/2046582.2046596

M3 - Conference contribution

AN - SCOPUS:80755143408

SN - 9781450310017

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 71

EP - 76

BT - STC'11 - Proceedings of the 6th ACM Workshop

T2 - 6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011

Y2 - 17 October 2011 through 17 October 2011

ER -

Are hardware performance counters a cost effective way for integrity checking of programs

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this