10.1145/3464306">
 

Classifying Co-Resident Computer Programs Using Information Revealed by Resource Contention

Document Type

Article

Publication Date

6-2023

Abstract

Modern computer architectures are complex, containing numerous components that can unintentionally reveal system operating properties. Defensive security professionals seek to minimize this kind of exposure while adversaries can leverage the data to attain an advantage. This paper presents a novel covert interrogator program technique using light-weight sensor programs to target integer, floating point, and memory units within a computer’s architecture to collect data which can be used to match a running program to a known set of programs with up to 100% accuracy under simultaneous multithreading conditions. This technique is applicable to a broad spectrum of architectural components, does not rely on specific vulnerabilities, nor requires elevated privileges. Furthermore, this research demonstrates the technique in a system with operating system containers intended to provide isolation guarantees which limit a user’s ability to observe the activity of other users. In essence, this research exploits observable noise that is present whenever a program executes on a modern computer. This paper presents interrogator program design considerations, a machine learning approach to identify models with high classification accuracy, and measures the effectiveness of the approach under a variety of program execution scenarios.

Comments

The "Link to Full Text" on this page loads the PDF of the open access article (the published version of record), as hosted at the ACM Digital Library website.

This paper is authored by employees of the United States Government and is in the public domain. Non-exclusive copying or redistribution is allowed, provided that the article citation is given and the authors and agency are clearly identified as its source.

An accepted manuscript version was posted here before the article was formally published in an issue. The article was published online February 7, 2022.

Source Publication

Digital Threats: Research and Practice

Share

COinS