Poster: A microarchitectural signals analysis platform to craft Hardware Security Counters
DOI:
https://doi.org/10.46586/uasc.2025.203Abstract
Detecting malicious software or hardware behavior during the operation of a computer system requires observables from one or more abstraction layers of the system. However, this abstraction tends to limit the ability to detect behavioral deviations, especially for attack classes that exploit vulnerabilities very close to the target hardware. Conversely, too low a level of abstraction tends to significantly increase the complexity of the system model, and therefore poses a number of difficulties for the extraction and selection of relevant observables for a given class of attack.
In particular, processor performance counters have been used as an indirect means of observing microarchitecture behavior and detecting software attempting to exploit hardware vulnerabilities. In order to improve the various detection methods, we propose the construction of hardware metrics designed from the outset for security, by studying the correlation between signals from the microarchitecture and the various classes of attack in the literature, targeting both usual and industrial systems. By extension, this work aims to detect attacks originating from hardware Trojans, the latter having the effect of changing the behavior of a given microarchitecture.
