DocumentCode :
2923681
Title :
A dependability analysis of hardware-assisted polling integrity checking systems
Author :
Wang, Jiang ; Sun, Kun ; Stavrou, Angelos
Author_Institution :
Center for Secure Inf. Syst., George Mason Univ., Fairfax, VA, USA
fYear :
2012
fDate :
25-28 June 2012
Firstpage :
1
Lastpage :
12
Abstract :
Due to performance constraints, host intrusion detection defenses depend on event and polling-based tamper-proof mechanisms to detect security breaches. These defenses monitor the state of critical software components in an attempt to discover any deviations from a pristine or expected state. The rate and type of checks depend can be both periodic and event-based, for instance triggered by hardware events. In this paper, we demonstrate that all software and hardware-assisted defenses that analyze non-contiguous state to infer intrusions are fundamentally vulnerable to a new class of attacks, we call “evasion attacks”. We detail two categories of evasion attacks: directly-intercepting the defense triggering mechanism and indirectly inferring its periodicity. We show that evasion attacks are applicable to a wide-range of protection mechanisms and we analyze their applicability in recent state-of-the-art hardware-assisted protection mechanisms. Finally, we quantify the performance of implemented proof-of-concept prototypes for all of the attacks and suggest potential countermeasures.
Keywords :
data integrity; security of data; critical software components; defense triggering mechanism; defense triggering mechanism direct interception; dependability analysis; directly-intercepting; evasion attack vulnerability; event-based check rate; event-based check type; hardware event triggered instances; hardware-assisted polling integrity checking systems; hardware-assisted protection mechanisms; host intrusion detection defenses; indirectly periodicity inference; noncontiguous state analysis; performance constraints; periodic check rate; periodic check type; polling-based tamper-proof mechanisms; security breach detection; Detectors; Hardware; Operating systems; Program processors; Radiation detectors; Virtual machine monitors; Evasion Attacks; Hardware-assisted & software defenses; Integrity protection;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Dependable Systems and Networks (DSN), 2012 42nd Annual IEEE/IFIP International Conference on
Conference_Location :
Boston, MA
ISSN :
1530-0889
Print_ISBN :
978-1-4673-1624-8
Electronic_ISBN :
1530-0889
Type :
conf
DOI :
10.1109/DSN.2012.6263962
Filename :
6263962
Link To Document :
بازگشت