Back to search

IS-AUR-Samarb.progr. Norge Frankrike

Security-relevant analysis of execution traces

Awarded: NOK 77,000

In this project, we will jointly investigate how to harness novel, but now consumer-grade features of modern microprocessors for important problems in safety-critical systems and cybersecurity. Research results contribute to decreasing the defect rate in software, mitigate the effect of programming errors, and offer new means of intrusion detection. The two major brands of microprocessors (Arm and Intel) now offer hardware-supported tracing facilities. Program tracing is an important mechanism for developers in the context of gathering useful information for debugging, monitoring and performance analysis of a program executions. The project partners have ample experience in particular with the Arm-specific CoreSight technology, and we now want to leverage our knowledge also for the Intel Program Trace (IntelPT) facility. As the processor traces are highly compressed, developers need to provide substantial infrastructure and efficient techniques to process those high-volume traces. Based on the obtained traces, we investigate the use of a high-level specification language to capture abnormal program behaviour at runtime. We focus on analysing timing properties of the code being executed, and abnormal control-flow through a program, which usually indicates either a bug in the software, or an ongoing cyberattack that exploits such a bug. The ubiquity of this technology then enables us to offer detection and even mitigation for e.g. to end-users desktops, cloud-providers, or industrial control systems.

Funding scheme:

IS-AUR-Samarb.progr. Norge Frankrike