Exploiting Hardware Performance Counters
@article{Uhsadel2008ExploitingHP,
title={Exploiting Hardware Performance Counters},
author={Leif Uhsadel and Andy Georges and Ingrid M. R. Verbauwhede},
journal={2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography},
year={2008},
pages={59-67},
url={https://api.semanticscholar.org/CorpusID:1897883}
}This work introduces the usage of hardware performance counters (HPCs) as a new method that allows very precise access to known side channels and also allows access to many new side channels, and first implementation results, which confirm that HPCs can be used to profile relatively short sequences of instructions with high precision.
82 Citations
Application Profiling Using Register-Instruction Hardware Performance Counters
- 2023
Computer Science, Engineering
The development of Register-Instruction Hardware Performance Counters (RIHPCs), a bespoke set of special-purpose registers designed to characterize applications, and thus detect Kleptographic attacks, with low granularity and low performance overhead is proposed.
SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security
- 2019
Computer Science, Engineering
A year-long effort to study the best practices for obtaining accurate measurement of events using performance counters, understand the challenges and pitfalls of using HPCs in various settings, and explore ways to obtain consistent and accurate measurements across different settings and architectures, and empirically evaluated how failure to accommodate for various subtleties in the use of HPS can undermine the effectiveness of security applications.
Are hardware performance counters a cost effective way for integrity checking of programs
- 2011
Computer Science, Engineering
The preliminary results confirm that HPC very efficiently detect program modifications with very low cost.
Hardware Performance Counters: Ready-Made vs Tailor-Made
- 2021
Computer Science
It is demonstrated how ready-made hardware performance counters, due to their coarse-grain nature (low sampling rate and bundling of similar events, e.g., number of instructions instead of number of add instructions), are insufficient to this end.
Unpredictable Random Number Generator Based on the Performance Data Helper Interface
- 2012
Computer Science
This paper proposes an unpredictable random number generator based on the variations in the HPC values provided by the Performance Data Helper (PDH) interface on Windows operating systems and analyzes the randomness quality and throughput of the generator in order to determine its suitability for integration in cryptographic applications.
Utilizing Performance Counters for Compromising Public Key Ciphers
- 2018
Computer Science
An iterative attack that targets the key bits of 1,024-bit RSA and 256-bit ECC and proposes an improved version of the attack that requires fewer branch misprediction traces from the HPCs to recover the secret.
HPCMalHunter: Behavioral malware detection using hardware performance counters and singular value decomposition
- 2014
Computer Science
HPCMalHunter, a novel approach for real-time behavioral malware detection that uses HPCs to collect a set of event vectors from the beginning of a program's execution and uses the singular value decomposition (SVD) to reduce these event vectors and generate a behavioral vector for the program.
PMU-Spill: A New Side Channel for Transient Execution Attacks
- 2023
Computer Science, Engineering
This study discovers that current PMU implementations are capable of recording some events that are triggered in transient executions, which is a hardware vulnerability, and proposes the PMU-Spill attack, a new kind of side channel attack that enables attackers to maliciously leak secret data in transient executions.
Information leakage on shared hardware : evolutions in recent hardware and applications to virtualization. (Fuites d'information dans les processeurs récents et applications à la virtualisation)
- 2015
Computer Science, Engineering
This thesis explores the recent processor microarchitectures and their consequences in terms of information leakage in virtualized environments, and reverse engineering of the complex addressing function of the last-level cache of Intel processors renders the class of cache attacks highly practical.
Øzone: Efficient execution with zero timing leakage for modern microarchitectures
- 2017
Computer Science
Ozone is developed, the first zero timing leakage execution resource for a modern microarchitecture, and evaluated using a number of security sensitive kernels that have previously been targets of timing side-channel attacks, and shows that Ozone eliminates timing leakage with minimal performance overhead.
17 References
Using hpm-sampling to drive dynamic compilation
- 2007
Computer Science
HPM-sampling is described and comprehensively evaluated, a simple but effective profiling scheme for finding optimization candidates using hardware performance monitors (HPMs) that addresses the aforementioned limitations of existing online profiling schemes.
Cryptographic Side-Channels from Low-Power Cache Memory
- 2007
Computer Science, Engineering
This work introduces a new attack within this class which targets the use of low power cache memories, showing that they permit attack where a more considered design strategy would not.
Yet another MicroArchitectural Attack:: exploiting I-Cache
- 2007
Computer Science
This paper introduces Instruction Cache (I-Cache) as yet another source of microarchitectural attacks and presents the experimental results which clearly prove the practicality and danger of I-Cache Attacks.
Predicting Secret Keys Via Branch Prediction
- 2006
Computer Science
A new software side-channel attack enabled by the branch prediction capability common to all modern high-performance CPUs, which allows an unprivileged process to attack other processes running in parallel on the same processor, despite sophisticated partitioning methods such as memory protection, sandboxing or even virtualization.
Cache-Collision Timing Attacks Against AES
- 2006
Computer Science
The most powerful attack has been shown under optimal conditions to reliably recover a full 128-bit AES key with 213 timing samples, an improvement of almost four orders of magnitude over the best previously published attacks of this type.
On the power of simple branch prediction analysis
- 2007
Computer Science
The successful extraction of almost all secret key bits by the SBPA attack against an openSSL RSA implementation proves that the often recommended blinding or so called randomization techniques to protect RSA against side-channel attacks are, in the context of SBPA attacks, totally useless.
Side-Channel Attack Pitfalls
- 2007
Computer Science
The side-channel attack pitfalls, which help create or facilitate the observation of the information leakage, are introduced, discusses mitigation strategies and identifies opportunities for future research.
Trace-Driven Cache Attacks on AES
- 2006
Computer Science
This paper presents efficient trace-driven cache attacks on a widely used implementation of the AES cryptosystem and develops an accurate mathematical model that is used in the cost analysis of the attacks.
Trace-Driven Cache Attacks on AES (Short Paper)
- 2006
Computer Science
This paper presents an efficient trace-driven cache attack on a widely used implementation of the AES cryptosystem, and develops an accurate mathematical model that is used in the cost analysis of the attack.