Title :
Extrax: Security extension to extract cache resident information for snoop-based external monitors
Author :
Jinyong Lee ; Yongje Lee ; Hyungon Moon ; Ingoo Heo ; Yunheung Paek
Author_Institution :
Dept. of Electr. & Comput. Eng., Seoul Nat. Univ., Seoul, South Korea
Abstract :
Advent of rootkits has urged researchers to conduct much research on defending the integrity of OS kernels. Even though recently proposed snoop-based monitors have shown to provide higher performance and security level compared to conventional hypervisor-based monitors, we discovered that the use of write-back caches in a system would seriously undermine the effectiveness of snoop-based monitors. To address the problem, we propose a special hardware unit called Extrax which makes use of existing hardware logic, core debugging interface, to extract necessary information for security monitoring. Being implemented to refine the debug information for security purposes, Extrax assists snoop-based monitors to detect attacks that exploit write-back caches. Experimental results show that our system can detect more advanced attacks, which the state-of-the-art snoop-based hardware monitors cannot capture, with moderate area overhead and power consumption.
Keywords :
cache storage; operating system kernels; security of data; Extrax; OS kernels; cache resident information; core debugging interface; hardware logic; hardware unit; hypervisor-based monitors; snoop-based external monitors; write-back caches; Data structures; Hardware; Kernel; Monitoring; Program processors; Registers; Security;
Conference_Titel :
Design, Automation & Test in Europe Conference & Exhibition (DATE), 2015
Conference_Location :
Grenoble
Print_ISBN :
978-3-9815-3704-8
