Adding hardware protections to software ones in order to block the ever increasing onslaught of computer malware seems like a solid idea, and a group of researchers have just been given a $275,000 grant from the National Science Foundation to help them work on a possible solution: malware-detecting CPUs.
The group includes Dmitry Ponomarev, professor of computer science Binghamton University, Lei Yu, associate professor of computer science at the same, Nael Abu-Ghazaleh, a professor of computer science and engineering at University of California-Riverside, as well as graduate students that will work on the project at both universities.
This project, titled “Practical Hardware-Assisted Always-On Malware Detection,” will be trying out a new approach: they will modify a computer’s central processing unit (CPU) chip to feature logic checks for anomalies that can crop up while software is running.
“The modified microprocessor will have the ability to detect malware as programs execute by analyzing the execution statistics over a window of execution,” Ponomarev noted. “Since the hardware detector is not 100-percent accurate, the alarm will trigger the execution of a heavy-weight software detector to carefully inspect suspicious programs. The software detector will make the final decision. The hardware guides the operation of the software; without the hardware the software will be too slow to work on all programs all the time.”
Yu’s contribution will be the low complexity machine learning used by the modified CPU to sort malware from legitimate software, while Abu-Ghazaleh will help with the exploration of the trade-offs of design complexity, detection accuracy, performance and power consumption.
Ponomarev and Abu-Ghazaleh have recently discovered a design flaw in a component of Intel’s Haswell processor and have exploited it to bypass ASLR protection on Linux and virtualization systems.