Proceedings 2019 Network and Distributed System Security Symposium 2019
DOI: 10.14722/ndss.2019.23409
|View full text |Cite
|
Sign up to set email alerts
|

ExSpectre: Hiding Malware in Speculative Execution

Abstract: ExSpectre provides a new technique to malware authors, allowing them to hide program functionality in code that appears to not execute at runtime by leveraging Spectre as a feature [20]. This technique defeats existing static and dynamic analysis, making it especially difficult for malware analysts to determine what a binary will do.

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
21
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
4
2
2

Relationship

0
8

Authors

Journals

citations
Cited by 23 publications
(21 citation statements)
references
References 29 publications
0
21
0
Order By: Relevance
“…We obtained invaluable insights from past work about side-channel analysis as an approach to detect malware [9,10,14,17,21,30,52,54,57]. Namely, in an IoT context where devices perform welldefined, repetitive tasks that should exhibit little variation from one run to another, measurements of network communications between apps and nearby devices may serve as a good proxy for computing activity (i.e., behavior).…”
Section: Malware Detectionmentioning
confidence: 99%
“…We obtained invaluable insights from past work about side-channel analysis as an approach to detect malware [9,10,14,17,21,30,52,54,57]. Namely, in an IoT context where devices perform welldefined, repetitive tasks that should exhibit little variation from one run to another, measurements of network communications between apps and nearby devices may serve as a good proxy for computing activity (i.e., behavior).…”
Section: Malware Detectionmentioning
confidence: 99%
“…Almost all modern CPUs have been affected. ese two vulnerabilities and follow-up studies [17] rely on cache side-channels to help complete the attack. In recent years, Intel deployed SGX technology in their CPUs to help users to build a minimal trusted computing base.…”
Section: Side-channel Attacksmentioning
confidence: 99%
“…Attackers pass the result of the previous malicious behavior through it. ExSpectre [17] is a typical example of using a side channel to deliver the results of malicious code execution. As shown in Figure 3, the attacker first trains the branch predictor through trigger codes.…”
Section: Reats Of the Attacksmentioning
confidence: 99%
See 1 more Smart Citation
“…They demonstrated their approach by leaking keystrokes and by executing arbitrary code speculatively. These bugs have been shown to be remotely exploitable [86] and researchers have tried to hide malware in the "speculative world" [87,88]. The list of works exploiting speculative execution is still growing [89,90,91,92,93].…”
Section: Transient Execution Attacksmentioning
confidence: 99%