Researchers from North Carolina State University and the University of Texas at Austin have developed a new technique that can enable the detection of hardware-level malware or hacks by tracking power fluctuations in embedded systems.
New Way To Fight Spectre Malware
The researchers argued that micro-architectural attacks on embedded systems, such as those that take advantage of Spectre-like CPU flaws, could be detected by watching how the power fluctuates within the system and other irregular power usage anomalies.
Hardware-level attacks are typically very difficult to detect because they can easily bypass operating system-level protections or anti-malware solutions. These attacks take advantage of vulnerabilities that exist underneath the operating system into which the anti-malware solutions have no visibility.
Previous research has also shown that software mitigation against Spectre-like attacks is a dead-end because the speculative execution attacks take advantage of the micro-architectural design of the CPUs themselves. Therefore, the ultimate solution to prevent any such attacks in the future would be to redesign micro-architectures in a way that speculative execution attacks would no longer be possible.
In the meantime, North Carolina University and the University of Texas researchers have found a way to detect some of these micro-architectural attacks. The new technique can detect micro-architectural attacks because it also works at the hardware level.
Attacks Could Eventually Mimic Power Usage Patterns
However, even this solution can eventually be bypassed by more sophisticated attackers that can learn how to make their attacks “mimic” normal power usage patterns. The researchers claimed that even with this limitation, their technique could drastically impact the effectiveness of the malware:
"We found that the effort required to mimic normal power consumption and evade detection forced malware to slow down its data transfer rate by between 86 and 97 percent. In short, our approach can still reduce the effects of malware, even in those few instances where the malware is not detected.”
The researchers will present their paper, called "Using Power-Anomalies to Detect Evasive Micro-Architectural Attacks in Embedded Systems," at the IEEE International Symposium on Hardware Oriented Security and Trust (HOST), which will be held on May 6-10 in Tysons Corner, Va.