sok the challenges pitfalls and perils of using hardware
play

SoK: The Challenges, Pitfalls, and Perils of Using Hardware - PowerPoint PPT Presentation

Nov 06, 2022 •242 likes •529 views

SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security Sanjeev Das , Jan Werner, Manos Antonakakis, Michalis Polychronakis, and Fabian Monrose SoK: The Challenges, Pitfalls, and Perils of Using Hardware

  1. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security Sanjeev Das , Jan Werner, Manos Antonakakis, Michalis Polychronakis, and Fabian Monrose

  2. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 2 Hardware Performance Counters

  3. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 3 • Available in processors for over two decades • Monitor and measure hardware events, e.g.: • Instruction retired, cycles • Memory accesses • Cache hits/misses • Translation look-aside buffer hits/misses

  4. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 4 • Myriad of applications: • Software Profiling • Debugging • High Performance Computing • Power Analysis • Sharp rise in security domain

  5. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 5 • HPCs provide a good foundation for measuring micro- architectural information (e.g., branch misses, cache misses) • Low performance overhead

  6. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 6 Recent Security Applications SIGDROP: Signature-based ROP Detection using Hardware Performance Counters. Wang et al. [arXiv’16] Who Watches the Watchmen?: Utilizing On the feasibility of online malware Performance Monitors for Compromising detection with performance counters. Keys of RSA on Intel Platforms , Demme et al., SIGARCH, 2013. Bhattacharya et al.[CHES’15] Hardware-Assisted Rootkits : Abusing Performance Counters on the ARM and x86 Architectures. Spisak et al. [WOOT’16]

  7. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 7 Recent Security Applications Detecting Spectre And Meltdown Using Hardware Performance Counters . Pierce, Endgame Inc., Jan. 08, 2018 Detecting Attacks that Exploit Meltdown and Spectre with Performance Counters . Fiser & Gamazo Sanchez, Trend Micro Inc., 2018 Detecting Spectre Attacks by identifying Cache Side-Channel Attacks using Machine Learning . Depoix et al. [WAMOS, 2018 ]

  8. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 8 Impetus of this SoK paper: Can we use HPCs as a foundation for thwarting Data Only Attacks?

  9. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 9 Challenges • Which events should we measure? • There are HUNDREDS of HPC events • How are the events related to each other? • Is there a standard way to collect HPC measurements? • What framework should we use? • Collection techniques vary widely

  10. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 10 • Non-determinism issue in HPCs • “ Can hardware performance counters be trusted? ” Weaver & McKee, Workload Characterization, 2008 • Lack of application-level profiling • No process-level filtering of HPC data at the hardware level

  11. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 11 Did other researchers also notice these pitfalls?

  12. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 12 • We analyzed nearly 100 papers from • Debugging di ff erent application domains • Power Analysis • Performance Analysis • Security • We also conducted a survey: • Sent questionnaire to authors • After repeated attempts, response was 28%

  13. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 13 Findings Non-security domains • We examined 56 papers that acknowledged non-determinism issues from non-security application domains No Yes • Painstakingly evaluated if they recommended 45% 55% using HPCs • 45% of the papers did not, because of lack of determinism and portability

  14. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 14 Findings • Of the 40 security papers that used HPCs • Only 10% acknowledge non- determinism issues • Acceptance of HPCs in security is in stark contrast to other domains Can hardware performance counters be trusted? Weaver & McKee, Workload Characterization, 2008

  15. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 15 Common Failures • Mishandling of performance counter data • Lack of process-level filtering • Ignoring non-determinism issues • Skid • Over/under-counting of events

  16. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 16 Handling of HPC Data • Limited number of programmable counters • Configuration • done in kernel mode by reading and writing into model specific registers (MSRs) • Two modes : Polling vs Sampling

  17. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 17 Handling of HPC Data Event-based sampling using Performance Monitoring Interrupt (PMI) 1.Configure events in sampling mode, e.g., N instructions retired 2. Program begin execution 3. PMI is generated N instructions 4. At interrupt, read counter values

  18. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 18 Mishandling of HPC Data Filtering of processes at performance monitoring interrupt (PMI) Fix : Save HPC Restore HPC Context switch Context switch Process B Process A Process A PMI PMI Noise from process B Loss of events’ count • Thankfully, there is an easy fix • Some papers applied this fix, but many didn’t

  19. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 19 Non-determinism: Skid • In sampling mode: E.g., sampling every N DTLB misses • Late delivery of PMI (due to skid) 0 N 2N 3N leads to variation in measurements • Fingerprint of an application may PMI PMI disappear (e.g., Data only attacks) N+30 N+10 skid skid Program execution “Hardware performance monitoring for the rest of us: a position and survey” Moseley et al., Network and Parallel Computing, 2011

  20. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 20 Non-determinism: Overcount • We revisited the non-determinism issues based on the seminal work by Weaver & McKee [IWC, 2008] • Several problems fixed, but some old issues persist even today • New problem: page faults

  21. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 21 Why do these issues matter from a security perspective?

  22. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 22 • Improper use of HPC in security applications can be disastrous • Incorrect data collection can impact the correctness of an approach • An adversary can manipulate events (e.g., via page faults) to undermine defenses

  23. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 23 Case Study: Malware Classification Malware (14 families), Benign app (IE) • Approach • State of the art temporal model by Tang et al. [RAID’14] • Sampling using PMI every N instructions retired • Events — store micro-operations, indirect call, mispredicted return and return instructions

  24. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 24 Results Filtering process at PMI Saving HPCs at Context switches • Incorrect HPC data collection significantly impacts detection accuracy • Larger question: are HPCs a good foundation for malware detection? • “Hardware Performance Counters Can Detect Malware: Myth or Fact?” [Zhou et al., AsiaCCS, 2018]

  25. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 25 Case Study: ROP Detection • Approach • State of the art [Wang & Backer, arXiv, 2016] • For a given number of return misses, and number of instructions retired < = threshold INC EDX; POP EDI; INC EDX; POP ESI; INC EAX; POP EBP; INC ECX; POP EBP; INC ECX; POP EDI; RET RET RET RET RET RET Gadgets ROP Attack! = Ins. Ret. Instruction = 4 Instruction = 7 Instruction = 2 Instruction = 0 Instruction = 16 Instruction = 13 Instruction = 10 Return = 5 Return = 6 Return = 4 Return = 3 Return = 2 Return = 1 Return = 0

  26. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security, S&P’19 26 Case Study: ROP Detection Results • Irrespective of parameter choices, non-determinism can be leveraged by an adversary to bypass the ROP detection INC EDX; Init. Manipulator Manipulator INC EAX; POP EBP; INC ECX; RET RET Gadget Gadget Gadget RET Gadgets = No ROP detected! Ins. Ret. Instruction = 0 Instruction = 4 Instruction = 2 Instruction = 516 Instruction = 513 Instruction = 260 Instruction = 257 Return = 6 Return = 5 Return = 4 Return = 3 Return = 2 Return = 1 Return = 0

Recommend

Past Perils Promise Happy Birthday Zoning: 1916-2016 Recent Challenges to Zoning Case Law

Past Perils Promise Happy Birthday Zoning: 1916-2016 Recent Challenges to Zoning Case Law

Welcome to Pace Law School A conference celebrating its past, acknowledging its perils, and anticipating its promise. Past Perils Promise Happy Birthday Zoning: 1916-2016 Recent Challenges to Zoning Case Law Update Patricia E. Salkin,

1.39k views • 78 slides
The Promises and Pitfalls of Hardware-Assisted Security Alexandra Dmitrienko

The Promises and Pitfalls of Hardware-Assisted Security Alexandra Dmitrienko

The Promises and Pitfalls of Hardware-Assisted Security Alexandra Dmitrienko Julius-Maximilians-Universitt Wrzburg alexandra.dmitrienko@uni-wuerzburg.de SEPTEMBER 9 13, 2019 CROSSING Summer School on Sustainable Security &amp; Privacy

2.37k views • 187 slides
Businesses and Tax The Perils of Perception October 2015 Business and Tax Perils of

Businesses and Tax The Perils of Perception October 2015 Business and Tax Perils of

Businesses and Tax The Perils of Perception October 2015 Business and Tax Perils of Perception | October 2015 | FINAL | Public 1 Business contributes the largest proportion of tax of any group of tax payers (29%), yet people massively

270 views • 14 slides
Cloud Computing: E-Discovery Challenges Best Practices to Minimize Pitfalls in Identification,

Cloud Computing: E-Discovery Challenges Best Practices to Minimize Pitfalls in Identification,

Presenting a live 90-minute webinar with interactive Q&amp;A Cloud Computing: E-Discovery Challenges Best Practices to Minimize Pitfalls in Identification, Preservation and Collection of ESI WEDNESDAY, OCTOBER 24, 2012 1pm Eastern | 12pm

865 views • 74 slides
BRINGING PEOPLE TO THE TABLE PITFALLS AND CHALLENGES OF COLLABORATIVE ORGANIZING Andrew Thomas

BRINGING PEOPLE TO THE TABLE PITFALLS AND CHALLENGES OF COLLABORATIVE ORGANIZING Andrew Thomas

BRINGING PEOPLE TO THE TABLE PITFALLS AND CHALLENGES OF COLLABORATIVE ORGANIZING Andrew Thomas Fundraising &amp; Membership Director WHY BOTHER WORKING TOGETHER? A camel is a horse designed by a committee What does this mean to folks here?

358 views • 12 slides
Making Collaboration Work Key Considerations, Challenges &amp; Pitfalls Ian Conner CPO

Making Collaboration Work Key Considerations, Challenges &amp; Pitfalls Ian Conner CPO

Making Collaboration Work Key Considerations, Challenges &amp; Pitfalls Ian Conner CPO Strategic Procurement Service Southwest One February 16th 2011 Agenda Southwest One who are we? Collaboration Its the next big thing

570 views • 21 slides
QS Domain: Challenges and Pitfalls Knut Mller UCB Biosciences Conference 2011 October 9th -

QS Domain: Challenges and Pitfalls Knut Mller UCB Biosciences Conference 2011 October 9th -

QS Domain: Challenges and Pitfalls Knut Mller UCB Biosciences Conference 2011 October 9th - 12th, Brighton UK Alun, living with Parkinsons disease Overview Introduction PRO data from source to analysis Data perspective

613 views • 20 slides
The Perils of Poor Communication Paul Kenny Pensions Ombudsman Perils of Poor communication

The Perils of Poor Communication Paul Kenny Pensions Ombudsman Perils of Poor communication

The Perils of Poor Communication Paul Kenny Pensions Ombudsman Perils of Poor communication (Its the way you tell it..) www.iapf.ie More confusion and more complaints result from poor communication than from almost any other single

408 views • 18 slides
Outline Background on Ketamine The Promise and Perils of Ketamine The Promise

Outline Background on Ketamine The Promise and Perils of Ketamine The Promise

Outline Background on Ketamine The Promise and Perils of Ketamine The Promise Single Infusion Therapy for TRD, Suicidal in Psychiatric Practice Ideation, PTSD Continuation Therapy Sanjay J. Mathew, MD The Perils

577 views • 9 slides
Committee of the whole House and beyond Outline What is committee of the whole House (CWH)?

Committee of the whole House and beyond Outline What is committee of the whole House (CWH)?

Committee of the whole House and beyond Outline What is committee of the whole House (CWH)? The role of officials Pitfalls, pratfalls, and perils Limits on what CWH can do Amendments admissibility, order of consideration,

632 views • 12 slides
What are the Pitfalls for Bangladesh? Presented by Towfiqul Islam Khan Research Fellow, CPD 10

What are the Pitfalls for Bangladesh? Presented by Towfiqul Islam Khan Research Fellow, CPD 10

Public Dialogue on Bangladeshs Graduation from the LDC Group Pitfalls and Promises Session Three: Graduating in a Brave New World Pursuing a Graduation Strategy within the Global and Regional Environment What are the Pitfalls for

650 views • 24 slides
Challenges of the VR Web Low level API to interface with VR hardware. What is Input :

Challenges of the VR Web Low level API to interface with VR hardware. What is Input :

Challenges of the VR Web Low level API to interface with VR hardware. What is Input : Access to headset and WebVR? controllers pose. Output: Efficient and versatile mechanism to send pixels to the headset display (high FPS and low

409 views • 13 slides
Measuring of homelessness in Belgium: pitfalls and challenges Prof. dr. Koen Hermans Belgian

Measuring of homelessness in Belgium: pitfalls and challenges Prof. dr. Koen Hermans Belgian

Measuring of homelessness in Belgium: pitfalls and challenges Prof. dr. Koen Hermans Belgian homelessness policies Federal level : Social assistance Health care (including mental health care) Regional level : Housing

76 views • 7 slides
Pitfalls in Using a case based approach, we will Arrhythmias review pitfalls in management of:

Pitfalls in Using a case based approach, we will Arrhythmias review pitfalls in management of:

Goals Pitfalls in Using a case based approach, we will Arrhythmias review pitfalls in management of: Tachydysrhythmias Jeffrey Tabas, M.D. Narrow Wide Professor of Emergency Medicine Bradydysrhythmias Director of Outcomes and

438 views • 19 slides
Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin

Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin

Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin Lukasiewycz TUM CREATE Singapore Outline Motivation (current E/E architectures) Trends (Integrated Architectures / Connected Car) Challenges Overview

496 views • 23 slides
Capitol View V O L U M E 2 , N U M B E R 6 M A R C H 2 0 0 4 PERILS OF PAULINE: THE

Capitol View V O L U M E 2 , N U M B E R 6 M A R C H 2 0 0 4 PERILS OF PAULINE: THE

Capitol View V O L U M E 2 , N U M B E R 6 M A R C H 2 0 0 4 PERILS OF PAULINE: THE ADVENTURES OF THE ENERGY BILL On March 4, 2004 the Chairman of the Senate Energy Committee, Pete Domenici (R-NM), stated that he hopes Congress can

181 views • 7 slides
Bare Metal Library Abstractions for modern hardware Cyprien Noel Plan 1. Modern Hardware? 2.

Bare Metal Library Abstractions for modern hardware Cyprien Noel Plan 1. Modern Hardware? 2.

Bare Metal Library Abstractions for modern hardware Cyprien Noel Plan 1. Modern Hardware? 2. New challenges &amp; opportunities 3. Three use cases Current solutions Leveraging hardware Simple abstraction Myself High

452 views • 26 slides
1 Freeing With Explicit Free Lists Freeing With a LIFO Policy (Case 1) conceptual graphic

1 Freeing With Explicit Free Lists Freeing With a LIFO Policy (Case 1) conceptual graphic

Today Explicit free lists Dynamic Memory Allocation: Segregated free lists Garbage collection Advanced Concepts Memory-related perils and pitfalls CSci 2021: Machine Architecture and Organization April 27th-29th, 2020 Your

211 views • 8 slides
Real-time KVM from the ground up LinuxCon NA 2016 Rik van Riel Red Hat Real-time KVM What

Real-time KVM from the ground up LinuxCon NA 2016 Rik van Riel Red Hat Real-time KVM What

Real-time KVM from the ground up LinuxCon NA 2016 Rik van Riel Red Hat Real-time KVM What is real time? Hardware pitfalls Realtime preempt Linux kernel patch set KVM &amp; qemu pitfalls KVM configuration Scheduling

400 views • 21 slides
Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, London, UK 25 June 2014

Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, London, UK 25 June 2014

Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, London, UK 25 June 2014 richard.lamb@icann.org Hardware Security Modules Cool but what are you protecting? This works fine in many cases ..but this may be the real problem No

255 views • 12 slides
Hardware Accelerated Application Integration: Challenges and Opportunities Active @

Hardware Accelerated Application Integration: Challenges and Opportunities Active @

Hardware Accelerated Application Integration: Challenges and Opportunities Active @ ACM/IFIP/USENIX Middleware 2017 Daniel Ritter Application Integration - De-coupling apps - Solving n-square connection and variety problems (for textual

490 views • 24 slides
3 Common Pitfalls in Microservice Integration (Bonus : And how to avoid them J ) credit to Bernd

3 Common Pitfalls in Microservice Integration (Bonus : And how to avoid them J ) credit to Bernd

3 Common Pitfalls in Microservice Integration (Bonus : And how to avoid them J ) credit to Bernd Ruecker Patricio Zambrano Technical Consultant, Camunda Inc. 2 Microservices Agenda Introduction 3 Common Challenges and How to Avoid Them

791 views • 75 slides
3 Common Pitfalls in Microservice Integration (Bonus : And how to avoid them ) credit to Bernd

3 Common Pitfalls in Microservice Integration (Bonus : And how to avoid them ) credit to Bernd

3 Common Pitfalls in Microservice Integration (Bonus : And how to avoid them ) credit to Bernd Ruecker Patricio Zambrano Technical Consultant, Camunda Inc. 2 Microservices Agenda Introduction 3 Common Challenges and How to Avoid

1.02k views • 75 slides
VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

The Business of Making Strategies for Success from Startup to Exit Hardware and Robotic Startup Accelerator what hardware used to be . VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to Entry Open

604 views • 32 slides

More recommend