ABSTRACT
Many security and forensic analyses rely on the ability to fetch memory snapshots from a target machine. To date, the security community has relied on virtualization, external hardware or trusted hardware to obtain such snapshots. These techniques either sacrifice snapshot consistency or degrade the performance of applications executing atop the target. We present SnipSnap, a new snapshot acquisition system based on on-package DRAM technologies that offers snapshot consistency without excessively hurting the performance of the target's applications. We realize SnipSnap and evaluate its benefits using careful hardware emulation and software simulation, and report our results.
- J. Ahn, S. Hong, S. Yoo, O. Mutlu, and K. Choi. 2015 a. A Scalable Processing-in-Memory Accelerator for Parallel Graph Processing International Symposium on Computer Architecture (ISCA). Google ScholarDigital Library
- J. Ahn, S. Yoo, O. Mutlu, and K. Choi. 2015 b. PIM-Enabled Instructions: A Low-Overhead, Locality-Aware Processing-in-Memory Architecture. In International Symposium on Computer Architecture (ISCA). Google ScholarDigital Library
- William Arbaugh. {n. d.}. Komoku https://www.cs.umd.edu/ waa/UMD/Home.html.Google Scholar
- A. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen. 2014. Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World. In ACM Conference on Computer and Communications Security (CCS). Google ScholarDigital Library
- A. Baliga, V. Ganapathy, and L. Iftode. 2011. Detecting Kernel-level Rootkits using Data Structure Invariants. IEEE Transactions on Dependable and Secure Computing, Vol. 8, 5 (2011). Google ScholarDigital Library
- C. Bienia, S. Kumar, J. P. Singh, and K. Li. 2008. The PARSEC benchmark suite: characterization and architectural implications Parallel Architectures and Compilation Techniques (PACT). Google ScholarDigital Library
- M. Bilzor. 2011. 3D execution monitor (3D-EM): Using 3D circuits to detect hardware malicious inclusions in general purpose processors 6th International Conference on Information Warfare and Security.Google Scholar
- M. Bilzor, T. Huffmire, C. Irvine, and T. Levin. 2011. Security Checkers: Detecting Processor Malicious Inclusions at Runtime IEEE International Symposium on Hardware-oriented Security and Trust.Google Scholar
- M. Bilzor, T. Huffmire, C. Irvine, and T. Levin. 2012. Evaluating Security Requirements in a General-purpose Processor by Combining Assertion Checkers with Code Coverage IEEE International Symposium on Hardware-oriented Security and Trust.Google Scholar
- B. Black, M. Annavaram, E. Brekelbaum, J. DeVale, L. Jiang, G. Loh, D. McCauley, P. Morrow, D. Nelson, D. Pantuso, P. Reed, J. Rupley, S. Shankar, J. P. Shen, and C. Webb. 2006. Die Stacking 3D Microarchitecture. In International Symposium on Microarchitecture (MICRO). Google ScholarDigital Library
- A. Bohra, I. Neamtiu, P. Gallard, F. Sultan, and L. Iftode. 2004. Remote Repair of Operating System State Using Backdoors International Conference on Autonomic Computing (ICAC). Google ScholarDigital Library
- M. Carbone, W. Cui, L. Lu, W. Lee, M. Peinado, and X. Jiang. 2009. Mapping Kernel Objects to Enable Systematic Integrity Checking ACM Conference on Computer and Communications Security (CCS). Google ScholarDigital Library
- Andrew Case and Golden G. Richard. 2017. Memory forensics: The path forward. Digital Investigation Vol. 20 (2017), 23--33. 1145/2451512.2451547 Google ScholarDigital Library
Index Terms
- Secure, Consistent, and High-Performance Memory Snapshotting
Recommendations
Designing secure systems on reconfigurable hardware
The extremely high cost of custom ASIC fabrication makes FPGAs an attractive alternative for deployment of custom hardware. Embedded systems based on reconfigurable hardware integrate many functions onto a single device. Since embedded designers often ...
Secure Extension of FPGA General Purpose Processors for Symmetric Key Cryptography with Partial Reconfiguration Capabilities
In data security systems, general purpose processors (GPPs) are often extended by a cryptographic accelerator. The article presents three ways of extending GPPs for symmetric key cryptography applications. Proposed extensions guarantee secure key ...
Towards a green and secure architecture for reconfigurable IoT end-devices
ICCPS '18: Proceedings of the 9th ACM/IEEE International Conference on Cyber-Physical SystemsWith the advent of the Internet of Things (IoT), objects are becoming smaller, smarter and increasingly connected. IoT devices are being deployed in massive numbers, and the success of this new Internet era is heavily dependent upon the trust and ...
Comments