{"title":"Hardware-based workload forensics: Process reconstruction via TLB monitoring","authors":"Liwei Zhou, Y. Makris","doi":"10.1109/HST.2016.7495577","DOIUrl":null,"url":null,"abstract":"We introduce a hardware-based methodology for performing workload execution forensics in microprocessors. More specifically, we discuss the on-chip instrumentation required for capturing the operational profile of the Translation Lookaside Buffer (TLB), as well as an off-line machine learning approach which uses this information to identify the executed processes and reconstruct the workload. Unlike workload forensics methods implemented at the operating system (OS) and/or hypervisor level, whose data logging and monitoring mechanisms may be compromised through software attacks, this approach is implemented directly in hardware and is, therefore, immune to such attacks. The proposed method is demonstrated on an experimentation platform which consists of a 32-bit x86 architecture running Linux operating system, implemented in the Simics simulation environment. Experimental results using the Mibench workload benchmark suite reveal an overall workload identification accuracy of 96.97% at an estimated logging rate of only 5.17 KB/sec.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"231 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2016.7495577","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 11
Abstract
We introduce a hardware-based methodology for performing workload execution forensics in microprocessors. More specifically, we discuss the on-chip instrumentation required for capturing the operational profile of the Translation Lookaside Buffer (TLB), as well as an off-line machine learning approach which uses this information to identify the executed processes and reconstruct the workload. Unlike workload forensics methods implemented at the operating system (OS) and/or hypervisor level, whose data logging and monitoring mechanisms may be compromised through software attacks, this approach is implemented directly in hardware and is, therefore, immune to such attacks. The proposed method is demonstrated on an experimentation platform which consists of a 32-bit x86 architecture running Linux operating system, implemented in the Simics simulation environment. Experimental results using the Mibench workload benchmark suite reveal an overall workload identification accuracy of 96.97% at an estimated logging rate of only 5.17 KB/sec.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
