Hardware-based Malware Detection in Modern Microprocessors: Formal and Statistical Methods in System-level Security Assurance
Previous studies in workload forensics have relied on retrospective assessments using comprehensive process execution profiles, hindering the ability to take prompt action against ongoing cyber threats. In this dissertation, we put forth a hardware-centric approach for real-time workload forensics, enabling the identification of processes during their execution. We present a universal framework that formalizes real-time forensic analysis and malware detection procedures, incorporating hardware-level feature extraction and machine learning- based data analysis. To showcase the effectiveness of our proposed framework, we explore hardware-based workload forensics and hardware-based Spectre attack detection. Our experimental findings indicate that our system can successfully identify Spectre attacks across thirteen intentionally vulnerable victim code patterns. Beyond machine learning techniques, we also utilize formal analysis to ensure the secure execution of machine-level binaries on specific hardware configurations. This method offers a more extensive coverage of the state space compared to verification techniques dependent on testbenches, potentially encompassing the entire state space.