{"title":"使用硬件侧通道的沙盒检测","authors":"Yehonatan Lusky, A. Mendelson","doi":"10.1109/ISQED51717.2021.9424260","DOIUrl":null,"url":null,"abstract":"A common way to detect malware attacks and avoid their destructive impact on a system is the use of virtual machines; A.K.A sandboxing. Attackers, on the other hand, strive to detect sandboxes when their software is running under such a virtual environment. Accordingly, they postpone launching any attack (Malware) as long as operating under such an execution environment. Thus, it is common among malware developers to utilize different sandbox detection techniques (sometimes referred to as Anti-VM or Anti-Virtualization techniques). In this paper, we present novel, side-channel-based techniques to detect sandboxes. We show that it is possible to detect even sandboxes that were properly configured and so far considered to be detection-proof. This paper proposes and implements the first attack which leverage side channels leakage between sibling logical cores to determine the execution environment.","PeriodicalId":123018,"journal":{"name":"2021 22nd International Symposium on Quality Electronic Design (ISQED)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Sandbox Detection Using Hardware Side Channels\",\"authors\":\"Yehonatan Lusky, A. Mendelson\",\"doi\":\"10.1109/ISQED51717.2021.9424260\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A common way to detect malware attacks and avoid their destructive impact on a system is the use of virtual machines; A.K.A sandboxing. Attackers, on the other hand, strive to detect sandboxes when their software is running under such a virtual environment. Accordingly, they postpone launching any attack (Malware) as long as operating under such an execution environment. Thus, it is common among malware developers to utilize different sandbox detection techniques (sometimes referred to as Anti-VM or Anti-Virtualization techniques). In this paper, we present novel, side-channel-based techniques to detect sandboxes. We show that it is possible to detect even sandboxes that were properly configured and so far considered to be detection-proof. This paper proposes and implements the first attack which leverage side channels leakage between sibling logical cores to determine the execution environment.\",\"PeriodicalId\":123018,\"journal\":{\"name\":\"2021 22nd International Symposium on Quality Electronic Design (ISQED)\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-04-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 22nd International Symposium on Quality Electronic Design (ISQED)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISQED51717.2021.9424260\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 22nd International Symposium on Quality Electronic Design (ISQED)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISQED51717.2021.9424260","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A common way to detect malware attacks and avoid their destructive impact on a system is the use of virtual machines; A.K.A sandboxing. Attackers, on the other hand, strive to detect sandboxes when their software is running under such a virtual environment. Accordingly, they postpone launching any attack (Malware) as long as operating under such an execution environment. Thus, it is common among malware developers to utilize different sandbox detection techniques (sometimes referred to as Anti-VM or Anti-Virtualization techniques). In this paper, we present novel, side-channel-based techniques to detect sandboxes. We show that it is possible to detect even sandboxes that were properly configured and so far considered to be detection-proof. This paper proposes and implements the first attack which leverage side channels leakage between sibling logical cores to determine the execution environment.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
