Investigating Black-Box Function Recognition Using Hardware Performance Counters

04/25/2022
by   Carlton Shepherd, et al.
0

This paper presents new methods and results for learning information about black-box program functions using hardware performance counters (HPC), where an investigator can only invoke and measure function calls. Important use cases include analysing compiled libraries, e.g. static and dynamic link libraries, and trusted execution environment (TEE) applications. We develop a generic machine learning-based approach to classify a comprehensive set of hardware events, e.g. branch mis-predictions and instruction retirements, to recognise standard benchmarking and cryptographic library functions. This includes various signing, verification and hash functions, and ciphers in numerous modes of operation. Three major architectures are evaluated using off-the-shelf Intel/X86-64, ARM, and RISC-V CPUs. Following this, we develop and evaluate two use cases. Firstly, we show that several known CVE-numbered OpenSSL vulnerabilities can be detected using HPC differences between patched and unpatched library versions. Secondly, we demonstrate that standardised cryptographic functions executing in ARM TrustZone TEE applications can be recognised using non-secure world HPC measurements. High accuracy was achieved in all cases (86.22-99.83 compilation assumptions. Lastly, we discuss mitigations, outstanding challenges, and directions for future research.

READ FULL TEXT

page 5

page 7

page 8

page 15

page 16

research
06/24/2019

On The Performance of ARM TrustZone

The TrustZone technology, available in the vast majority of recent ARM p...
research
10/29/2018

Splitability Annotations: Optimizing Black-Box Function Composition in Existing Libraries

Data movement is a major bottleneck in parallel data-intensive applicati...
research
01/23/2023

On the (Im)plausibility of Public-Key Quantum Money from Collision-Resistant Hash Functions

Public-key quantum money is a cryptographic proposal for using highly en...
research
03/17/2022

Benchmarking a Proof-of-Concept Performance Portable SYCL-based Fast Fourier Transformation Library

In this paper, we present an early version of a SYCL-based FFT library, ...
research
04/08/2019

Evaluating the Arm Ecosystem for High Performance Computing

In recent years, Arm-based processors have arrived on the HPC scene, off...
research
11/06/2020

Explaining Differences in Classes of Discrete Sequences

While there are many machine learning methods to classify and cluster se...
research
08/04/2021

Two-Chains: High Performance Framework for Function Injection and Execution

Some important problems, such as semantic graph analysis, require large-...

Please sign up or login with your details

Forgot password? Click here to reset