可信监视器:基于tee的系统监视

2022 XII Brazilian Symposium on Computing Systems Engineering (SBESC) Pub Date : 2022-11-21 DOI:10.1109/SBESC56799.2022.9964869

Benedikt Jung, Christian Eichler, Jonas Röckl, R. Schlenk, Timo Hönig, Tilo Müller

{"title":"可信监视器:基于tee的系统监视","authors":"Benedikt Jung, Christian Eichler, Jonas Röckl, R. Schlenk, Timo Hönig, Tilo Müller","doi":"10.1109/SBESC56799.2022.9964869","DOIUrl":null,"url":null,"abstract":"As trusted computing becomes increasingly important, Trusted Execution Environments (TEEs) see more widespread use. A particular high demand for security arises in the context of embedded systems in critical infrastructures. We present a novel intrusion detection system called the Trusted Monitor (TM) that protects its integrity even in the presence of a system-level attacker by running inside the ARM TrustZone TEE. The TM constantly monitors the system using hardware performance counters and detects intrusions based on the classification by an application-specific machine learning model. Our evaluation shows that the TM correctly classifies 86% of 183 evaluated workloads, while the performance overhead stays below 2%. In particular, we show that a real-world kernel-level rootkit observably influences the hardware performance counters and, thus, can be detected.","PeriodicalId":130479,"journal":{"name":"2022 XII Brazilian Symposium on Computing Systems Engineering (SBESC)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Trusted Monitor: TEE-Based System Monitoring\",\"authors\":\"Benedikt Jung, Christian Eichler, Jonas Röckl, R. Schlenk, Timo Hönig, Tilo Müller\",\"doi\":\"10.1109/SBESC56799.2022.9964869\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As trusted computing becomes increasingly important, Trusted Execution Environments (TEEs) see more widespread use. A particular high demand for security arises in the context of embedded systems in critical infrastructures. We present a novel intrusion detection system called the Trusted Monitor (TM) that protects its integrity even in the presence of a system-level attacker by running inside the ARM TrustZone TEE. The TM constantly monitors the system using hardware performance counters and detects intrusions based on the classification by an application-specific machine learning model. Our evaluation shows that the TM correctly classifies 86% of 183 evaluated workloads, while the performance overhead stays below 2%. In particular, we show that a real-world kernel-level rootkit observably influences the hardware performance counters and, thus, can be detected.\",\"PeriodicalId\":130479,\"journal\":{\"name\":\"2022 XII Brazilian Symposium on Computing Systems Engineering (SBESC)\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-11-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 XII Brazilian Symposium on Computing Systems Engineering (SBESC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SBESC56799.2022.9964869\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 XII Brazilian Symposium on Computing Systems Engineering (SBESC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SBESC56799.2022.9964869","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

随着可信计算变得越来越重要，可信执行环境(tee)得到了更广泛的应用。在关键基础设施中的嵌入式系统环境中，对安全性的要求特别高。我们提出了一种称为可信监视器(TM)的新型入侵检测系统，即使在系统级攻击者存在的情况下，它也可以通过在ARM TrustZone TEE内运行来保护其完整性。TM使用硬件性能计数器持续监控系统，并通过特定于应用程序的机器学习模型基于分类检测入侵。我们的评估表明，TM对183个评估工作负载中的86%进行了正确分类，而性能开销保持在2%以下。特别是，我们展示了一个真实的内核级rootkit可以明显地影响硬件性能计数器，因此可以被检测到。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Trusted Monitor: TEE-Based System Monitoring

As trusted computing becomes increasingly important, Trusted Execution Environments (TEEs) see more widespread use. A particular high demand for security arises in the context of embedded systems in critical infrastructures. We present a novel intrusion detection system called the Trusted Monitor (TM) that protects its integrity even in the presence of a system-level attacker by running inside the ARM TrustZone TEE. The TM constantly monitors the system using hardware performance counters and detects intrusions based on the classification by an application-specific machine learning model. Our evaluation shows that the TM correctly classifies 86% of 183 evaluated workloads, while the performance overhead stays below 2%. In particular, we show that a real-world kernel-level rootkit observably influences the hardware performance counters and, thus, can be detected.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 XII Brazilian Symposium on Computing Systems Engineering (SBESC)

自引率

0.00%

发文量

期刊最新文献

Distributed Learning using Consensus on Edge AI Integrating Autonomous Vehicle Simulation Tools using SmartData Trusted Monitor: TEE-Based System Monitoring Possible risks with EVT-based timing analysis: an experimental study on a multi-core platform Data-driven Anomaly Detection of Engine Knock based on Automotive ECU