The self modifying code (SMC)-aware processor (SAP): a security look on architectural impact and support
| Autor: | Marco Antonio Alves Zanata, Marcus Botacin, André Grégio |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
021110 strategic
defence & security studies Hardware_MEMORYSTRUCTURES business.industry Computer science 0211 other engineering and technologies 02 engineering and technology computer.software_genre Pipeline (software) Self-modifying code Memory management unit Computational Theory and Mathematics Hardware and Architecture Cache invalidation 020204 information systems Embedded system 0202 electrical engineering electronic engineering information engineering Computer Science (miscellaneous) Malware Instrumentation (computer programming) business computer Software Cache coherence Block (data storage) |
| Zdroj: | Journal of Computer Virology and Hacking Techniques. 16:185-196 |
| ISSN: | 2263-8733 |
| DOI: | 10.1007/s11416-020-00348-w |
| Popis: | Self modifying code (SMC) are code snippets that modify themselves at runtime. Malware use SMC to hide payloads and achieve persistence. Software-based SMC detection solutions impose performance penalties for real-time monitoring and do not benefit from runtime architectural information (cache invalidation or pipeline flush, for instance). We revisit SMC impact on hardware internals and discuss the implementation of an SMC detector at distinct architectural points. We consider three detection approaches: (i) existing hardware counters; (ii) block invalidation by the cache coherence protocol; (iii) the use of Memory Management Unit (MMU) information to control SMC execution. We compare the identified instrumentation points to highlight their strong and weak points. We also compare them to previous SMC detectors’ implementations. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full text from SpringerLink