利用信任进行剖析:从受信任的执行环境监测系统

IF 0.9 4区 计算机科学 Q4 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Design Automation for Embedded Systems Pub Date : 2024-02-16 DOI:10.1007/s10617-024-09283-1
Christian Eichler, Jonas Röckl, Benedikt Jung, Ralph Schlenk, Tilo Müller, Timo Hönig
{"title":"利用信任进行剖析:从受信任的执行环境监测系统","authors":"Christian Eichler, Jonas Röckl, Benedikt Jung, Ralph Schlenk, Tilo Müller, Timo Hönig","doi":"10.1007/s10617-024-09283-1","DOIUrl":null,"url":null,"abstract":"<p>Large-scale attacks on IoT and edge computing devices pose a significant threat. As a prominent example, Mirai is an IoT botnet with 600,000 infected devices around the globe, capable of conducting effective and targeted DDoS attacks on (critical) infrastructure. Driven by the substantial impacts of attacks, manufacturers and system integrators propose Trusted Execution Environments (TEEs) that have gained significant importance recently. TEEs offer an execution environment to run small portions of code isolated from the rest of the system, even if the operating system is compromised. In this publication, we examine TEEs in the context of system monitoring and introduce the Trusted Monitor (TM), a novel anomaly detection system that runs within a TEE. The TM continuously profiles the system using hardware performance counters and utilizes an application-specific machine-learning model for anomaly detection. In our evaluation, we demonstrate that the TM accurately classifies 86% of 183 tested workloads, with an overhead of less than 2%. Notably, we show that a real-world kernel-level rootkit has observable effects on performance counters, allowing the TM to detect it. Major parts of the TM are implemented in the Rust programming language, eliminating common security-critical programming errors.</p>","PeriodicalId":50594,"journal":{"name":"Design Automation for Embedded Systems","volume":"8 1","pages":""},"PeriodicalIF":0.9000,"publicationDate":"2024-02-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Profiling with trust: system monitoring from trusted execution environments\",\"authors\":\"Christian Eichler, Jonas Röckl, Benedikt Jung, Ralph Schlenk, Tilo Müller, Timo Hönig\",\"doi\":\"10.1007/s10617-024-09283-1\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Large-scale attacks on IoT and edge computing devices pose a significant threat. As a prominent example, Mirai is an IoT botnet with 600,000 infected devices around the globe, capable of conducting effective and targeted DDoS attacks on (critical) infrastructure. Driven by the substantial impacts of attacks, manufacturers and system integrators propose Trusted Execution Environments (TEEs) that have gained significant importance recently. TEEs offer an execution environment to run small portions of code isolated from the rest of the system, even if the operating system is compromised. In this publication, we examine TEEs in the context of system monitoring and introduce the Trusted Monitor (TM), a novel anomaly detection system that runs within a TEE. The TM continuously profiles the system using hardware performance counters and utilizes an application-specific machine-learning model for anomaly detection. In our evaluation, we demonstrate that the TM accurately classifies 86% of 183 tested workloads, with an overhead of less than 2%. Notably, we show that a real-world kernel-level rootkit has observable effects on performance counters, allowing the TM to detect it. Major parts of the TM are implemented in the Rust programming language, eliminating common security-critical programming errors.</p>\",\"PeriodicalId\":50594,\"journal\":{\"name\":\"Design Automation for Embedded Systems\",\"volume\":\"8 1\",\"pages\":\"\"},\"PeriodicalIF\":0.9000,\"publicationDate\":\"2024-02-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Design Automation for Embedded Systems\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10617-024-09283-1\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Design Automation for Embedded Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10617-024-09283-1","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

摘要

对物联网和边缘计算设备的大规模攻击构成了重大威胁。一个突出的例子是,Mirai 是一个物联网僵尸网络,在全球拥有 600,000 台受感染设备,能够对(关键)基础设施进行有效和有针对性的 DDoS 攻击。在攻击的巨大影响下,制造商和系统集成商提出了可信执行环境(TEE),并在最近获得了极大的重视。TEE 提供了一种执行环境,即使操作系统受到攻击,也能运行与系统其他部分隔离的小部分代码。在这篇论文中,我们从系统监控的角度研究了 TEE,并介绍了在 TEE 中运行的新型异常检测系统--可信监控器(TM)。TM 使用硬件性能计数器对系统进行持续剖析,并利用特定于应用程序的机器学习模型进行异常检测。在评估中,我们证明 TM 能对 183 个测试工作负载中的 86% 进行准确分类,开销不到 2%。值得注意的是,我们证明了真实世界中的内核级 rootkit 对性能计数器有可观察到的影响,从而允许 TM 对其进行检测。TM 的主要部分是用 Rust 编程语言实现的,消除了常见的安全关键编程错误。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

摘要图片

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Profiling with trust: system monitoring from trusted execution environments

Large-scale attacks on IoT and edge computing devices pose a significant threat. As a prominent example, Mirai is an IoT botnet with 600,000 infected devices around the globe, capable of conducting effective and targeted DDoS attacks on (critical) infrastructure. Driven by the substantial impacts of attacks, manufacturers and system integrators propose Trusted Execution Environments (TEEs) that have gained significant importance recently. TEEs offer an execution environment to run small portions of code isolated from the rest of the system, even if the operating system is compromised. In this publication, we examine TEEs in the context of system monitoring and introduce the Trusted Monitor (TM), a novel anomaly detection system that runs within a TEE. The TM continuously profiles the system using hardware performance counters and utilizes an application-specific machine-learning model for anomaly detection. In our evaluation, we demonstrate that the TM accurately classifies 86% of 183 tested workloads, with an overhead of less than 2%. Notably, we show that a real-world kernel-level rootkit has observable effects on performance counters, allowing the TM to detect it. Major parts of the TM are implemented in the Rust programming language, eliminating common security-critical programming errors.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Design Automation for Embedded Systems
Design Automation for Embedded Systems 工程技术-计算机:软件工程
CiteScore
2.60
自引率
0.00%
发文量
10
审稿时长
>12 weeks
期刊介绍: Embedded (electronic) systems have become the electronic engines of modern consumer and industrial devices, from automobiles to satellites, from washing machines to high-definition TVs, and from cellular phones to complete base stations. These embedded systems encompass a variety of hardware and software components which implement a wide range of functions including digital, analog and RF parts. Although embedded systems have been designed for decades, the systematic design of such systems with well defined methodologies, automation tools and technologies has gained attention primarily in the last decade. Advances in silicon technology and increasingly demanding applications have significantly expanded the scope and complexity of embedded systems. These systems are only now becoming possible due to advances in methodologies, tools, architectures and design techniques. Design Automation for Embedded Systems is a multidisciplinary journal which addresses the systematic design of embedded systems, focusing primarily on tools, methodologies and architectures for embedded systems, including HW/SW co-design, simulation and modeling approaches, synthesis techniques, architectures and design exploration, among others. Design Automation for Embedded Systems offers a forum for scientist and engineers to report on their latest works on algorithms, tools, architectures, case studies and real design examples related to embedded systems hardware and software. Design Automation for Embedded Systems is an innovative journal which distinguishes itself by welcoming high-quality papers on the methodology, tools, architectures and design of electronic embedded systems, leading to a true multidisciplinary system design journal.
期刊最新文献
Model predictive-based DNN control model for automated steering deployed on FPGA using an automatic IP generator tool Design and analysis of an adaptive radiation resilient RRAM subsystem for processing systems in satellites Improving edge AI for industrial IoT applications with distributed learning using consensus Profiling with trust: system monitoring from trusted execution environments Novel adaptive quantization methodology for 8-bit floating-point DNN training
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1