Titolo della tesi: Beefing Up Security: Low-Overhead Resources for High-Performance Protection
In today's world, where technology is evolving at an unprecedented pace, it's increasingly important to protect computer systems and applications from attacks. Side-channel and control hijacking attacks are two of the most dangerous types of attacks that a system can face. The former can extract sensitive information from a system by analysing its physical properties, while the latter can take over a program's control flow and lead to unauthorised execution of malicious code. These attacks can have severe consequences, ranging from the exposure of confidential data to the compromise of the entire system.
It is critical to develop methods to prevent and mitigate side-channel and control hijacking attacks. However, any mitigation technique must balance the need for security with the need for efficient system performance. An overly intrusive or resource-intensive mitigation can lead to reduced system performance and can even make the system more vulnerable to attacks. This is also particularly important in high-performance computing environments, where system performance is essential, and any reduction in performance can have significant consequences.
The purpose of this thesis is to study the solutions that currently exist to defend against side-channel and control hijacking attacks and to improve upon them using hardware supports. Hardware supports are already available within the machine and are implemented at the firmware level, making them transparent and low-overhead. They were originally designed to monitor an application or system from a performance perspective, but they have interesting characteristics that make them suitable for detecting attacks in progress.
The adaptation of hardware supports for attack detection was made possible by identifying the specific behavior of each program during its execution through its performance. Each operation requires specific resources and uses different software and hardware components, leaving a specific \texttt{footprint} during its execution. Once the configuration of the program's footprint was established, it was possible to understand how to exploit the information produced by hardware supports to detect the execution of an attack.
The approach taken in this thesis is to develop a new hardware-based mitigation technique that utilises hardware supports to detect and prevent side-channel and control hijacking attacks. The proposed technique is efficient and effective, striking the right balance between security and system performance. The technique has been evaluated using a range of benchmarks and real-world applications, demonstrating its ability to detect and prevent attacks while imposing minimal overhead on system performance.
The results of this study show that hardware-based mitigation techniques can be highly effective in protecting computer systems and applications from side-channel and control hijacking attacks. The use of hardware supports to detect and prevent these attacks is a promising approach that can offer significant advantages over existing software-based mitigation techniques.