Using Hardware Performance Counters to Ensure Information Security of Critical Systems

The article discusses the possibility of using hardware performance counters, commonly used in the creating of system execution profiles, to identify potential security threats to critically important systems and complexes. The authors have ported an open Performance Application Programming Interface (PAPI), which is used to manage hardware counters.

1. F. Liu, Y. Yarom, Q. Ge, G. Heiser, R.B. Lee. Last-Level Cache Side-Channel Attacks are Practical, Security Privacy. In Proceedings of the 2015 IEEE Symposium on Security and Privacy, San Jose, CA, USA, 17–21 May 2015.

2. PAPI User's Guide, http://icl.cs.utk.edu/papi/

3. Vishnyakov A.V., Nurmukhametov A.R., Kurmangaleev S.F., Gaisaryan S.S. Method for analysis of code-reuse attacks. Proceedings of the Institute for System Programming of the RAS (Proceedings of ISP RAS). 2018;30(5):31-54. (In Russ.)

4. Oliver Moradov. Code Injection in Brief: Types, Examples, and Mitigation, 2022, https://bright-sec.com/blog/code-injection/

5. Pablo Pessoa do Nascimento, Paulo Pereira, Jr Marco Mialaret, Isac Ferreira, Paulo Maciel. A methodology for selecting hardware performance counters for supporting non-intrusive diagnostic of flood DDoS attacks on web servers, Computers & Security, Volume 110, 2021, https://www.sciencedirect.com/science/article/pii/S0167404821002583

6. Mastik: A Micro-Architectural Side-Channel Toolkit, https://github.com/0xADE1A1DE/Mastik

7. S. Das, J. Werner, M. Antonakakis, M. Polychronakis, F. Monrose. SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security. 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2019, pp. 20-38.