Abstract: Architectural Support for Efficient Malware Prevention and Detection
Computer systems are becoming increasingly more vulnerable to sophisticated attacks that often lead to deployment and proliferation of malware. In this talk, we will describe hardware-supported techniques that attack the malware problem on two fronts. First, we propose techniques to close avenues for possible malware deployment, thus preventing the malware from being installed on the system in the first place. We achieve this by eliminating the capability to perform a code reuse attack as a starting phase of malware deployment process. Second, we also consider a problem of detecting already installed malware, and describe the concept of malware-aware processors (MAP). In MAP, we augment the processor pipeline with a malware detection unit that detects malware dynamically as the program executes, based on the statistics collected from hardware performance counters. We demonstrate that our proposed solutions are effective and provide security with low performance impact, low design complexity, and minimal modifications to the system hardware and software.
Dmitry Ponomarev is a Professor in the Department of Computer Science at SUNY Binghamton. He received his PhD from the same department in 2003 and his MS in Computer Systems Engineering from Moscow Institute of Electronics and Mathematics, Moscow, Russia, in 1996. His research interests are in the areas of computer architecture, cybersecurity, energy-efficient design and high-performance computing. He has published over 80 papers in leading conferences and journals and his work has been funded by NSF, US Air Force Office of Scientific Research and Intel. He is a Senior member of IEEE and a member of ACM.