ABSTRACT
Recently, malicious mining using CPUs has become a trend - mining which the task is not detected by the users is even more of a threat. In this paper, we focused on discovering a new IA-32\footnoteIt stands for Intel Architecture-32bit. It is the 32-bit version of the x86 instruction set architecture which supports 32-bit computing. vulnerability and found an undetectable task using hardware task switching method. The created task is undetectable by the operating system and thus hidden from the system user. Although hardware task switching methods are replaced by more convenient software switching methods in the recent years, they still exist on modern computer systems. By manually manipulating hardware task switching, which is directly managed by the CPU, we show that it is possible to create a hidden scheduler aside from the ones created by the operating system. We demonstrate using a simple CPU consumption example that these hidden tasks have potential to evolve into more sophisticated malicious attacks that can go unnoticed by users.
- Z. Bazrafshan, H.Hashemi, S. M. H. Fard, and A.Hamzeh . 2013. A survey on heuristic malware detectiontechniques The 5th Conference on Informationand Knowledge Technology. 113--120.Google Scholar
- J. Butler. 2004. DKOM (Direct Kernel Object Manipulation). (2004). deftempurl%http://www.blackhat.com/presentations/win-usa-04/ bh-win-04-butler.pdf. tempurlGoogle Scholar
- J. M. De Goyeneche andE. A. F. De Sousa . 1999. Loadable kernel modules. IEEE Software Vol. 16, 1 (Jan . 1999), bibinfopages65--71. Google ScholarDigital Library
- Jamie Butler Sherri Sparks. 2005. SHADOW WALKER Raising The Bar For Rootkit Detection. (2005). deftempurl%http://www.blackhat.com/presentations/bh-jp-05/bh-jp-05-sparks-butler.pdf. tempurlGoogle Scholar
- John Harrison Spencer Smith. 2012. Rootkits. (2012). deftempurl%https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/rootkits-12-en.pdf. tempurlGoogle Scholar
- F. Zhou, M. Goel,P. Desnoyers, and R. Sundaram. 2011. Scheduler Vulnerabilities and Coordinated Attacksin Cloud Computing 2011 IEEE 10thInternational Symposium on Network Computing and Applications. bibinfopages123--130. Google ScholarDigital Library
Index Terms
- POSTER: Undetectable Task Bypassing OS Scheduler via Hardware Task Switching
Recommendations
POSTER: Pagoda: A Runtime System to Maximize GPU Utilization in Data Parallel Tasks with Limited Parallelism
PACT '16: Proceedings of the 2016 International Conference on Parallel Architectures and CompilationMassively multithreaded GPUs achieve high throughput by running thousands of threads in parallel. To fully utilize the hardware, contemporary workloads spawn work to the GPU in bulk by launching large tasks, where each task is a kernel that contains ...
Electronic poster: a massively parallel lattice Monte Carlo algorithm in CUDA for thermal conduction simulations
SC '11 Companion: Proceedings of the 2011 companion on High Performance Computing Networking, Storage and Analysis CompanionWe present a highly parallel CUDA kernel based on the Lattice Monte Carlo (LMC) method for transient thermal conduction, which achieves a peak acceleration of more than 100x over a single-threaded Fortran version. A number of memory and branching ...
Poster: Leveraging PEPPHER Technology for Performance Portable Supercomputing
SCC '12: Proceedings of the 2012 SC Companion: High Performance Computing, Networking Storage and AnalysisPEPPHER is a 3-year EU FP7 project that develops a novel approach and framework to enhance performance portability and programmability of heterogeneous multi-core systems. Its primary target is single-node heterogeneous systems, where several CPU cores ...
Comments