Profiling with trust: system monitoring from trusted execution environments-Reference-Cited by-同舟云学术

Profiling with trust: system monitoring from trusted execution environments

Published:2024-02-16 Issue:1 Volume:28 Page:23-44
ISSN:0929-5585
Container-title:Design Automation for Embedded Systems
language:en
Short-container-title:Des Autom Embed Syst

Author:

Eichler Christian,Röckl Jonas,Jung Benedikt,Schlenk Ralph,Müller Tilo,Hönig Timo

Abstract

AbstractLarge-scale attacks on IoT and edge computing devices pose a significant threat. As a prominent example, Mirai is an IoT botnet with 600,000 infected devices around the globe, capable of conducting effective and targeted DDoS attacks on (critical) infrastructure. Driven by the substantial impacts of attacks, manufacturers and system integrators propose Trusted Execution Environments (TEEs) that have gained significant importance recently. TEEs offer an execution environment to run small portions of code isolated from the rest of the system, even if the operating system is compromised. In this publication, we examine TEEs in the context of system monitoring and introduce the Trusted Monitor (TM), a novel anomaly detection system that runs within a TEE. The TM continuously profiles the system using hardware performance counters and utilizes an application-specific machine-learning model for anomaly detection. In our evaluation, we demonstrate that the TM accurately classifies 86% of 183 tested workloads, with an overhead of less than 2%. Notably, we show that a real-world kernel-level rootkit has observable effects on performance counters, allowing the TM to detect it. Major parts of the TM are implemented in the Rust programming language, eliminating common security-critical programming errors.

Funder

Bundesministerium für Bildung und Forschung

Deutsche Forschungsgemeinschaft

Ruhr-Universität Bochum

Publisher

Springer Science and Business Media LLC

Link

https://link.springer.com/content/pdf/10.1007/s10617-024-09283-1.pdf

Reference78 articles.

1. Cisco (2020) Annual internet report. https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html. Accessed 16 June 2021

2. Transforma Insights (2022) Number of IoT connected devices worldwide 2019–2021, with forecasts to 2030. https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/. Accessed 16 June 2023

3. McAfee Labs threats report (2021). https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-apr-2021.pdf. Accessed 17 June 2021

4. CVE-2021-3156 (2021). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156. Accessed 16 June 2021

5. Antonakakis M et al (2017) Understanding the Mirai botnet. In: Proceedings of the 26th USENIX security symposium (USENIX Security ’17), pp 1093–1110. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Lightweight Smart Agent for Detecting Attacks in Distributed Machine Learning;2024 Wave Electronics and its Application in Information and Telecommunication Systems (WECONF);2024-06-03