CPU Security Benchmark

Zhu, Jianping; Song, Wei; Zhu, Ziyuan; Ying, Jiameng; Li, Boya; Tu, Bibo; Shi, Gang; Hou, Rui; Meng, Dan

doi:10.1145/3267494.3267499

Cited by 8 publications

(9 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By summarizing literatures of CPU vulnerabilities, the CPU vulnerabilities can be categorized into two types: (1) vulnerabilities that implemented in the CPU design architecture (Memory Sinkhole [7] in 2015, Meltdown [10], Spectre [11] and TLBleed [12] in 2018); (2) vulnerabilities that executed in the CPU instruction set (FDIV [5] in 1994, F00F [6] in 1997 and ''RosenBridge'' [8] in 2018). The former vulnerabilities are caused by logical defects in the CPU design architecture [1]. This type of vulnerabilities requires researchers to have a deep knowledge of CPU architecture and implementation, and it is difficult to automate and formalization [11].…”

Section: ) History Of Cpu Vulnerabilities and Backdoorsmentioning

confidence: 99%

“…The instruction set is an interface provided by the CPU to the software and operating system layers, which can be directly called and operated [4]. Therefore, many mature technologies in software security can be applied to CPU instruction set analysis [1]. And this paper also adopts the Undocumented Instruction Search to find suspicious instructions of potential CPU vulnerabilities.…”

Section: ) History Of Cpu Vulnerabilities and Backdoorsmentioning

confidence: 99%

“…Compared with the software vulnerability discovery, the research of CPU security is still lack and fragmented [1]. In 2015, Hicks et al [32] summarized the past processor bugs and proposed a lightweight runtime mechanism for protecting software from security-critical processor bugs.…”

Section: ) Researches For Security Test Of Software and Cpumentioning

confidence: 99%

“…In the existing published researches, attention directly concentrated on undocumented instruction is limited [1]. In 2009, DUFLOT L. [35] proved that undocumented instructions pose a threat to the computer system security by embedding the code into the virtual machine to simulate the CPU undocumented backdoor, but it did not give a way to solve such problems.…”

Section: ) Researches For Security Test Of Software and Cpumentioning

confidence: 99%

“…With the rapid development of electronics economy (for example, e-wallets, encrypted virtual currency and mobile payments), information technology has been strongly related to the economy and business [1]. And at the same time, the risk of the computer information system attack is increasing due to the economic benefits [2].…”

mentioning

confidence: 99%

See 4 more Smart Citations

UISFuzz: An Efficient Fuzzing Method for CPU Undocumented Instruction Searching

Wei

et al. 2019

IEEE Access

View full text Add to dashboard Cite

With the rapid development of network security and the frequent appearance of CPU vulnerabilities, CPU security have gradually raised great attention and become a crucial issue in the computer field. Undocumented instructions, as one of the important threats to system security, is an important entry for CPU security research. Using fuzzing technology can automatically test the CPU instruction set and discover potential undocumented instructions, but the existing methods are of slow search speed and low accuracy. Therefore, this paper designs an efficient fuzzing method (UISFuzz) for undocumented instruction searching. This method has the following merits: (1) the instruction search speed is greatly improved by an automatic instruction format recognition, as the low efficient part of the known instruction format is skipped and therefore the instruction search space is much narrowed; (2) the false positive rate is reduced by a recheck mechanism based on the expert knowledge database to filter the wrongly found instructions; (3) the overhead of the method is decreased by optimizing the result analysis program, and the scope of the system is expanded, where more processors with lower performance are compatible. Typical CPU experimental results show that, the UISFuzz can successfully find undocumented instructions in the CPUs and simultaneously improve the time efficiency by 5 times compared with existing tools. INDEX TERMS Undocumented instructions, fuzz, CPU, instruction analysis. I. INTRODUCTION

show abstract

Section: ) History Of Cpu Vulnerabilities and Backdoorsmentioning

confidence: 99%

Section: ) History Of Cpu Vulnerabilities and Backdoorsmentioning

confidence: 99%

Section: ) Researches For Security Test Of Software and Cpumentioning

confidence: 99%

Section: ) Researches For Security Test Of Software and Cpumentioning

confidence: 99%

mentioning

confidence: 99%

See 3 more Smart Citations

UISFuzz: An Efficient Fuzzing Method for CPU Undocumented Instruction Searching

Wei

et al. 2019

IEEE Access

View full text Add to dashboard Cite

show abstract

A High Efficiency and Accuracy Method for x86 Undocumented Instruction Detection and Classification

Cui

Chen

et al. 2021

Innovative Mobile and Internet Services in Ubiquitous Computing

View full text Add to dashboard Cite

An Optimal Seed Scheduling Strategy Algorithm Applied to Cyberspace Mimic Defense

Chen¹,

Qin

et al. 2021

IEEE Access

View full text Add to dashboard Cite

Cyberspace mimic defense (CMD) is an active defense theory that has emerged in recent years. By dynamically constructing and scheduling multiple executors, the CMD can not only effectively defend against security threats caused by unknown cyberspace weaknesses, but also improve the present situation of information asymmetry between attack and defense in cyberspace. However, as one of the key technologies of the CMD, the scheduling strategy algorithm still needs to be improved in real-time security, reliability, and universality, which has restricted the development and large-scale deployment of the CMD. To solve this problem, we propose an optimal seed scheduling strategy algorithm (OSSSA) in this paper. After using continuous-time Markov processes to mathematically analyze the model of the mimic defense system in cyberspace, we introduce the key factors and their evaluation methods that affecting the CMD defense performance in the OSSSA, then propose a reliable working mechanism of the OSSSA. Furthermore, we present an evaluation method that can effectively evaluate the defense performance of the scheduling algorithms. Experimental results from software simulations and real experiments both show that the OSSSA has better real-time defense performance than the current mainstream scheduling strategy algorithms, and can adapt to different practical application scenarios, which is helpful to the further development of the CMD.

show abstract

CPU Security Benchmark

Cited by 8 publications

References 9 publications

UISFuzz: An Efficient Fuzzing Method for CPU Undocumented Instruction Searching

UISFuzz: An Efficient Fuzzing Method for CPU Undocumented Instruction Searching

A High Efficiency and Accuracy Method for x86 Undocumented Instruction Detection and Classification

An Optimal Seed Scheduling Strategy Algorithm Applied to Cyberspace Mimic Defense

Contact Info

Product

Resources

About