Code integrity verification using cache memory monitoring

Information Security Journal: A Global Perspective Pub Date : 2021-03-24 DOI:10.1080/19393555.2021.1902592

R. Shrivastava, Varun Natu, C. Hota

{"title":"Code integrity verification using cache memory monitoring","authors":"R. Shrivastava, Varun Natu, C. Hota","doi":"10.1080/19393555.2021.1902592","DOIUrl":null,"url":null,"abstract":"ABSTRACT This paper addresses the challenges of building a secure software system to prevent Man-at-the-End attacks. Ensuring the security of systems is challenging due to unfavorable constraints faced by the end-point host system. Constraints such as hostile environments leave the host system at the peril of would-be attackers. In this paper, we verify program integrity through L3 cache by monitoring the security-sensitive code points and verify them in memory. This paper uses a cache-based monitoring program to verify code integrity. In particular, we show that side-channel information can be used to encode the invariant of the program execution state. These invariants can be periodically and externally monitored as a proxy for application integrity. This monitoring system uses a sliding window scheme that can detect the violation of these invariant with high reliability. The proposed solution is transparent to the attacker and utilizes a side-channel technique (Flush + Reload) along with a sliding window scheme to monitor security-sensitive code and detect MATE attacks to prevent malicious manipulation of software.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Security Journal: A Global Perspective","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/19393555.2021.1902592","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

ABSTRACT This paper addresses the challenges of building a secure software system to prevent Man-at-the-End attacks. Ensuring the security of systems is challenging due to unfavorable constraints faced by the end-point host system. Constraints such as hostile environments leave the host system at the peril of would-be attackers. In this paper, we verify program integrity through L3 cache by monitoring the security-sensitive code points and verify them in memory. This paper uses a cache-based monitoring program to verify code integrity. In particular, we show that side-channel information can be used to encode the invariant of the program execution state. These invariants can be periodically and externally monitored as a proxy for application integrity. This monitoring system uses a sliding window scheme that can detect the violation of these invariant with high reliability. The proposed solution is transparent to the attacker and utilizes a side-channel technique (Flush + Reload) along with a sliding window scheme to monitor security-sensitive code and detect MATE attacks to prevent malicious manipulation of software.

查看原文本刊更多论文

代码完整性验证使用缓存内存监控

本文讨论了构建安全软件系统以防止终端人攻击的挑战。由于终端主机系统所面临的不利约束，确保系统的安全性具有挑战性。诸如敌对环境之类的约束使主机系统处于潜在攻击者的危险之中。在本文中，我们通过监视安全敏感代码点并在内存中验证它们，通过L3缓存验证程序的完整性。本文使用基于缓存的监控程序来验证代码的完整性。特别地，我们展示了可以使用侧信道信息对程序执行状态的不变量进行编码。这些不变量可以作为应用程序完整性的代理进行定期和外部监视。该监测系统采用滑动窗口方案，能够检测出这些不变量的违反情况，可靠性高。提出的解决方案对攻击者是透明的，并利用侧信道技术(Flush + Reload)和滑动窗口方案来监视安全敏感代码和检测MATE攻击，以防止恶意操作软件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Security Journal: A Global Perspective

自引率

0.00%

发文量