Are hardware performance counters a cost effective way for integrity checking of programs

Corey Malone, Mohamed Zahran, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this paper, we propose to use hardware performance counters (HPC) to detect malicious program modifications at load time (static) and at runtime (dynamic). HPC have been used for program characterization and testing, system testing and performance evaluation, and as side channels. We propose to use HPCs for static and dynamic integrity checking of programs.. The main advantage of HPC-based integrity checking is that it is almost free in terms of hardware cost; HPCs are built into almost all processors. The runtime performance overhead is minimal because we use the operating system for integrity checking, which is called anyway for process scheduling and other interrupts. Our preliminary results confirm that HPC very efficiently detect program modifications with very low cost.

Original languageEnglish (US)
Title of host publicationSTC'11 - Proceedings of the 6th ACM Workshop: Scalable Trusted Computing
Pages71-76
Number of pages6
DOIs
StatePublished - 2011
Event6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011 - Chicago, IL, United States
Duration: Oct 17 2011Oct 17 2011

Other

Other6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011
CountryUnited States
CityChicago, IL
Period10/17/1110/17/11

Fingerprint

Hardware
Costs
Testing
Scheduling

Keywords

  • hardware performance counters
  • integrity

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Malone, C., Zahran, M., & Karri, R. (2011). Are hardware performance counters a cost effective way for integrity checking of programs. In STC'11 - Proceedings of the 6th ACM Workshop: Scalable Trusted Computing (pp. 71-76) https://doi.org/10.1145/2046582.2046596

Are hardware performance counters a cost effective way for integrity checking of programs. / Malone, Corey; Zahran, Mohamed; Karri, Ramesh.

STC'11 - Proceedings of the 6th ACM Workshop: Scalable Trusted Computing. 2011. p. 71-76.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Malone, C, Zahran, M & Karri, R 2011, Are hardware performance counters a cost effective way for integrity checking of programs. in STC'11 - Proceedings of the 6th ACM Workshop: Scalable Trusted Computing. pp. 71-76, 6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, IL, United States, 10/17/11. https://doi.org/10.1145/2046582.2046596
Malone C, Zahran M, Karri R. Are hardware performance counters a cost effective way for integrity checking of programs. In STC'11 - Proceedings of the 6th ACM Workshop: Scalable Trusted Computing. 2011. p. 71-76 https://doi.org/10.1145/2046582.2046596
Malone, Corey ; Zahran, Mohamed ; Karri, Ramesh. / Are hardware performance counters a cost effective way for integrity checking of programs. STC'11 - Proceedings of the 6th ACM Workshop: Scalable Trusted Computing. 2011. pp. 71-76
@inproceedings{1c12736e33264c91b1065a83ff4ea0d3,
title = "Are hardware performance counters a cost effective way for integrity checking of programs",
abstract = "In this paper, we propose to use hardware performance counters (HPC) to detect malicious program modifications at load time (static) and at runtime (dynamic). HPC have been used for program characterization and testing, system testing and performance evaluation, and as side channels. We propose to use HPCs for static and dynamic integrity checking of programs.. The main advantage of HPC-based integrity checking is that it is almost free in terms of hardware cost; HPCs are built into almost all processors. The runtime performance overhead is minimal because we use the operating system for integrity checking, which is called anyway for process scheduling and other interrupts. Our preliminary results confirm that HPC very efficiently detect program modifications with very low cost.",
keywords = "hardware performance counters, integrity",
author = "Corey Malone and Mohamed Zahran and Ramesh Karri",
year = "2011",
doi = "10.1145/2046582.2046596",
language = "English (US)",
isbn = "9781450310017",
pages = "71--76",
booktitle = "STC'11 - Proceedings of the 6th ACM Workshop: Scalable Trusted Computing",

}

TY - GEN

T1 - Are hardware performance counters a cost effective way for integrity checking of programs

AU - Malone, Corey

AU - Zahran, Mohamed

AU - Karri, Ramesh

PY - 2011

Y1 - 2011

N2 - In this paper, we propose to use hardware performance counters (HPC) to detect malicious program modifications at load time (static) and at runtime (dynamic). HPC have been used for program characterization and testing, system testing and performance evaluation, and as side channels. We propose to use HPCs for static and dynamic integrity checking of programs.. The main advantage of HPC-based integrity checking is that it is almost free in terms of hardware cost; HPCs are built into almost all processors. The runtime performance overhead is minimal because we use the operating system for integrity checking, which is called anyway for process scheduling and other interrupts. Our preliminary results confirm that HPC very efficiently detect program modifications with very low cost.

AB - In this paper, we propose to use hardware performance counters (HPC) to detect malicious program modifications at load time (static) and at runtime (dynamic). HPC have been used for program characterization and testing, system testing and performance evaluation, and as side channels. We propose to use HPCs for static and dynamic integrity checking of programs.. The main advantage of HPC-based integrity checking is that it is almost free in terms of hardware cost; HPCs are built into almost all processors. The runtime performance overhead is minimal because we use the operating system for integrity checking, which is called anyway for process scheduling and other interrupts. Our preliminary results confirm that HPC very efficiently detect program modifications with very low cost.

KW - hardware performance counters

KW - integrity

UR - http://www.scopus.com/inward/record.url?scp=80755143408&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80755143408&partnerID=8YFLogxK

U2 - 10.1145/2046582.2046596

DO - 10.1145/2046582.2046596

M3 - Conference contribution

SN - 9781450310017

SP - 71

EP - 76

BT - STC'11 - Proceedings of the 6th ACM Workshop: Scalable Trusted Computing

ER -