Countermeasures based on hardware performance counters in processors.
Principal Investigator: Chris Foreman
Hardware performance counters prevalent in modern processors can be leveraged to detect malicious code and activity. The benefits of HPCs are that they run on the processor hardware and thus, typically execute quickly with low overheads. They also execute at kernel priveledge and are difficult to spoof or modify by an attacker. Much information is collectable by HPCs, and this can be used to form heuristic-based, signature-based, and more advanced attack detection countermeasures.
Other PIs: Elisa Bertino
Students: Fang-Yu Rao
Keywords: attack, countermeasure, detection, hardware performance counter