Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Set To Work On Malware-Detecting CPUs (helpnetsecurity.com)

Posted by BeauHD on from the hardware-meets-software dept.

Orome1 quotes a report from Help Net Security: Adding hardware protections to software ones in order to block the ever increasing onslaught of computer malware seems like a solid idea, and a group of researchers have just been given a $275,000 grant from the National Science Foundation to help them work on a possible solution: malware-detecting CPUs. This project, titled "Practical Hardware-Assisted Always-On Malware Detection," will be trying out a new approach: they will modify a computer's CPU chip to feature logic checks for anomalies that can crop up while software is running. "The modified microprocessor will have the ability to detect malware as programs execute by analyzing the execution statistics over a window of execution," Ponomarev noted. "Since the hardware detector is not 100-percent accurate, the alarm will trigger the execution of a heavy-weight software detector to carefully inspect suspicious programs. The software detector will make the final decision. The hardware guides the operation of the software; without the hardware the software will be too slow to work on all programs all the time."

20 of 40 comments (clear)

  1. made in China by turkeydance · · Score: 1

    outstanding product safety record

    1. Re:made in China by ELCouz · · Score: 1

      outstanding product security record... FTFY

  2. Neat, oh wait what by Anonymous Coward · · Score: 1

    The software will make the final decision... oh so you mean just like it already does, got it.

  3. Re:Radical idea! by AmiMoJo · · Score: 1

    You can't make a useful OS completely secure. How would you defend against things like the RowHammer attack? Only run interpreted code in a VM maybe, but it would be slow. That's where this malware detecting CPU comes in.

    Anyway, since no one and no software is perfect, the best way to secure a system is in layers. Every extra one helps.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. No Way by spaceman375 · · Score: 1

    In no way is this a good idea. No software is perfect, doubly so for security software. That includes the microcode this hardware is based on. Go ahead, implement it in hardware, which by definition cannot be upgraded or patched. Soon enough someone will find a vulnerability, and then an exploit, and there's nothing you can do to mitigate it beyond just buying newer hardware.

    --
    On the one hand you take life too seriously, and on the other, you do not take playful existence seriously enough. Seth
    1. Re:No Way by Chrontius · · Score: 1

      In that case, you could just put the software on a socketed card like a TPM module.

  5. Not the first by campuscodi · · Score: 3, Interesting

    Since 2014 I've been reading about hardware-based detection. I'm starting to think this is just panacea... like those cloud-based antivirus engines that never picked up anything. Here's a bunch of research on the topic: http://www.ieee-security.org/T... http://caslab.eng.yale.edu/wor... http://www.cs.binghamton.edu/~... http://www.cs.binghamton.edu/~...

    1. Re:Not the first by ausekilis · · Score: 1

      Intel tried to do something like this with their acquisition of McAffee.. Only to spin-off (sell) the company a few years later.

      Anybody know enough to explain how this is different?

  6. Re:Radical idea! by Mikkeles · · Score: 2

    Not a panacea (hardware issues, e.g., row-hammer, can still cause problems), but proof carrying code would be a great step forward.

    --
    Great minds think alike; fools seldom differ.
  7. fool's errand by Gravis+Zero · · Score: 4, Insightful

    The second you make hardware look for a pattern, they will design malware to violate that pattern and go undetected. This is a fool's errand.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:fool's errand by Some+nick+or+other · · Score: 1

      1. Make a program that asks the CPU if it's malware.
      2. Have the program do malwary stuff if the CPU says it's not malware, and do benign stuff otherwise.
      3. Profit! (Or laugh.)

  8. Re:Radical idea! by Yvan256 · · Score: 1

    Anyway, since no one and no software is perfect, the best way to secure a system is in layers.

    What do you mean? Cake layers or onion layers?

  9. Now this is good by sonamchauhan · · Score: 1

    This is the sort of stuff Intel should have developed with their McAfee acquisition.

    Companies seem to think innovation starts and ends with 'identifying potential synergies', 'acquisition', then "....profit!!!".

    For instance, eBay + Skype. They could have done something snazzy -- say, eBay seller webminars with combining web video+VoIP (downstream), and landline/mobile audio (conversation/questions sent upstream asynchronously. So the landline carries part of the audio spectrum). Instead, they just went 'BAU'.

    The Microsoft + Skype business fit isn't that bad - but not that good either -- versions everywhere, with MS office plugins that offer nothing different from the market.

  10. Back to a cartridge system by AHuxley · · Score: 1

    Some form of cartridge system with a flap on the top. Externally flash chip and the user has a read only chip with new definitions and behavioural analysis.
    Fast, protected and total over view of all the hardware and software of the computer, network and OS.
    Display checksums of every upgradable part of the hardware and software.

    --
    Domestic spying is now "Benign Information Gathering"
    1. Re:Back to a cartridge system by Gavagai80 · · Score: 1

      I presume websites will be replaced with mail order catalogs from which appropriate site cartridges will arrive in 4-6 weeks?

      --
      This space intentionally left blank
  11. Re:Radical idea! by AHuxley · · Score: 1

    AC the security services would just go deeper. Alter the storage control chip or other hardware chips, well away from any deep software OS scan by AV.
    Every boot would load up gov malware that the OS and AV would give a free pass to. Recall the US keystroke logging software.
    https://en.wikipedia.org/wiki/... efforts.

    --
    Domestic spying is now "Benign Information Gathering"
  12. Re:Hope it's not going to be like SElinux by _merlin · · Score: 1

    In the early days of SElinux on Fedora I got alerts all the time, but it's never been a problem on RHEL7. They seem to have fixed the misbehaving tools and problematic policies some time in between. (I still think SElinix is a horrible hack - adding a layer to fake role-based privileges with massive black/whitelists. It all comes back to POSIX permissions being far too couarse-grained for what they're forced to protect.)

  13. Kill it with fire by Anonymous Coward · · Score: 1

    This idea has everything to do with vendor lock-in & DRM; don't let it get outta the gate.

  14. No it doesn't by darkHanzz · · Score: 1

    Adding hardware protections to software ones in order to block the ever increasing onslaught of computer malware seems like a solid idea
    No it doesn't. Fix the real problem

  15. Re:Do They Detect WIndows? by Alain+Williams · · Score: 1

    So are you asserting that Microsoft will never get Windows to run on this CPU ?