國立高雄大學圖資館 |

登入

回首頁

Securing Computer Systems Through Cyber Attack Detection at the Hardware Level.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Securing Computer Systems Through Cyber Attack Detection at the Hardware Level.
作者:	Li, Congmiao.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, 2020
面頁冊數:	88 p.
附註:	Source: Dissertations Abstracts International, Volume: 82-01, Section: B.
附註:	Advisor: Gaudiot, Jean-Luc.
Contained By:	Dissertations Abstracts International82-01B.
標題:	Computer engineering.
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=27743499
ISBN:	9798662423886

Securing Computer Systems Through Cyber Attack Detection at the Hardware Level.
Li, Congmiao.

Securing Computer Systems Through Cyber Attack Detection at the Hardware Level. - Ann Arbor : ProQuest Dissertations & Theses, 2020 - 88 p.

Source: Dissertations Abstracts International, Volume: 82-01, Section: B.

Thesis (Ph.D.)--University of California, Irvine, 2020.

This item must not be sold to any third party vendors.

Over the past decades, the major objectives of computer design have been to improve performance and to reduce cost, energy consumption, and size, while security has remained a secondary concern. Meanwhile, malicious attacks have rapidly grown as the number of Internet-connected devices, ranging from personal smart embedded systems to large cloud servers, have been increasing. Traditional antivirus software cannot keep up with the increasing incidence of these attacks, especially for exploits targeting hardware design vulnerabilities. In this research, we propose to add additional layer of malware detection mechanism at the hardware level to improve overall system security by monitoring anomalies in semantic (control flow) and sub-semantic (microarchitectural) behaviors. We developed a real-time application-specific malware detection system which is implemented in tightly coupled FPGA to monitor the Control Flow Integrity (CFI) of running programs on CPU. It runs in parallel with the CPU being monitored and provides real-time feedback to the system in case of control flow violation. The experiment result shows that the solution is scalable for large applications in embedded systems. The impact of malicious attacks targeting hardware vulnerabilities can be catastrophic and widespread and no software patch can completely fix the problem. We propose to detect such attacks by monitoring microarchitectural features deviations. This is done by collecting related data from existing hardware performance counters. We take Rowhammer (exploits DRAM disturbance error vulnerability) and Spectre (exploits speculative execution and side channel vulnerabilities) attacks to demonstrate the feasibility and effectiveness to detect such attacks using microarchitectural features. An online detection method is adopted to detect malicious behaviors during the attack at early stage rather than offline detection after the damage is done. The experimental results show promising detection accuracy. However, the attacker may attempt to evade detection by reshaping the microarchitectural profile of Spectre to mimic benign programs. Future malware detector needs could be evasion resilient by randomly switching between multiple detectors using different features and sampling periods.

ISBN: 9798662423886Subjects--Topical Terms:

212944
Computer engineering.
Subjects--Index Terms:

Computer architecture

Securing Computer Systems Through Cyber Attack Detection at the Hardware Level.
LDR:03374nmm a2200325 4500 001 616365
005 20220513114318.5
008 220920s2020 ||||||||||||||||| ||eng d
020 $a 9798662423886
035 $a (MiAaPQ)AAI27743499
035 $a AAI27743499
040 $a MiAaPQ $c MiAaPQ
100 1 $a Li, Congmiao. $3 915518
245 1 0 $a Securing Computer Systems Through Cyber Attack Detection at the Hardware Level.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2020
300 $a 88 p.
500 $a Source: Dissertations Abstracts International, Volume: 82-01, Section: B.
500 $a Advisor: Gaudiot, Jean-Luc.
502 $a Thesis (Ph.D.)--University of California, Irvine, 2020.
506 $a This item must not be sold to any third party vendors.
520 $a Over the past decades, the major objectives of computer design have been to improve performance and to reduce cost, energy consumption, and size, while security has remained a secondary concern. Meanwhile, malicious attacks have rapidly grown as the number of Internet-connected devices, ranging from personal smart embedded systems to large cloud servers, have been increasing. Traditional antivirus software cannot keep up with the increasing incidence of these attacks, especially for exploits targeting hardware design vulnerabilities. In this research, we propose to add additional layer of malware detection mechanism at the hardware level to improve overall system security by monitoring anomalies in semantic (control flow) and sub-semantic (microarchitectural) behaviors. We developed a real-time application-specific malware detection system which is implemented in tightly coupled FPGA to monitor the Control Flow Integrity (CFI) of running programs on CPU. It runs in parallel with the CPU being monitored and provides real-time feedback to the system in case of control flow violation. The experiment result shows that the solution is scalable for large applications in embedded systems. The impact of malicious attacks targeting hardware vulnerabilities can be catastrophic and widespread and no software patch can completely fix the problem. We propose to detect such attacks by monitoring microarchitectural features deviations. This is done by collecting related data from existing hardware performance counters. We take Rowhammer (exploits DRAM disturbance error vulnerability) and Spectre (exploits speculative execution and side channel vulnerabilities) attacks to demonstrate the feasibility and effectiveness to detect such attacks using microarchitectural features. An online detection method is adopted to detect malicious behaviors during the attack at early stage rather than offline detection after the damage is done. The experimental results show promising detection accuracy. However, the attacker may attempt to evade detection by reshaping the microarchitectural profile of Spectre to mimic benign programs. Future malware detector needs could be evasion resilient by randomly switching between multiple detectors using different features and sampling periods.
590 $a School code: 0030.
650 4 $a Computer engineering. $3 212944
653 $a Computer architecture
653 $a Cyber security
653 $a Cyber attack detection
690 $a 0464
710 2 $a University of California, Irvine. $b Electrical and Computer Engineering - Ph.D.. $3 766083
773 0 $t Dissertations Abstracts International $g 82-01B.
790 $a 0030
791 $a Ph.D.
792 $a 2020
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=27743499