Hardware performance counters for system reliability monitoring

Leng, Elena Woo Lai; Zwoliński, Mark; Halak, Basel

doi:10.1109/ivsw.2017.8031548

Cited by 14 publications

(2 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Numerous performance analysis and profiler tools can analyze fine-grained monitoring data through PMU hardware at process level or function level. With the prevalence of PMU technique among mainstream processor manufacturers [14], function-level performance monitoring has been changed from clock-interrupt-based cyclic sampling to PMU-events based sampling [15]. Obviously current defective PMU virtualization impede virtual machines from fine-grained profiler and anomaly detection.…”

Section: Background and Related Workmentioning

confidence: 99%

SysOptic: A Fine-Grained Monitoring System for Virtual Machines Based on PMU

Yang

Sun

et al. 2019

2019 IEEE International Conference on Service-Oriented System Engineering (SOSE)

View full text Add to dashboard Cite

Modern cloud datacenters indicate the frequent existence of complex failure manifestation. Failures have become the norm, and not the exception. This is a key challenge since assumptions that underpin designing reliable systems are monitoring systems status and detecting anomaly at runtime. Performance Monitoring Unit on CPU (PMU) can obtain fine-grained monitoring data by adopting interrupt sampling method based on hardware events. However, profilers in virtual machines fail to receive PMU relevant information directly due to the limited capacity of PMU virtualization. In this paper, we present a fine-grained monitoring system SysOptic based on PMU virtualization. First, we propose a method to expose PMU information PMU and ensure the visibility of such information at virtual machine level. Second, to maximize the PMU reusability, SysOptic supports the PMU sharing and simultaneous monitoring among multiple virtual machines. Furthermore, we also describe how to synchronize interrupts on physical machines to virtual machines by using injecting interrupts. Experimental results show that with the aid of SysOptic, profiler tools in virtual machines manage to perceive the existence of PMU and collect the monitoring data. The additional overhead incurred by SysOptic is at most 9.8%.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

SysOptic: A Fine-Grained Monitoring System for Virtual Machines Based on PMU

Yang

Sun

et al. 2019

2019 IEEE International Conference on Service-Oriented System Engineering (SOSE)

View full text Add to dashboard Cite

show abstract

“…One limitation, however, is that these HPC registers are limited due to which only a very small number of events can be monitored concurrently. HPCs have been used in recent research work [23], [24] for dynamic profiling and intrusion detection.…”

Section: Hardware Performance Counters (Hpcs)mentioning

confidence: 99%

NIGHTs-WATCH

Mushtaq

Akram

Bhatti

et al. 2018

Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy

View full text Add to dashboard Cite

This paper presents a novel run-time detection mechanism, called NIGHTs-WATCH, for access-driven cache-based Side-Channel Attacks (SCAs). It comprises of multiple machine learning models, which use real-time data from hardware performance counters for detection. We perform experiments with two state-of-the-art SCAs (Flush+Reload and Flush+Flush) to demonstrate the detection capability and effectiveness of NIGHTs-WATCH. we provide experimental evaluation using realistic system load conditions and analyze results on detection accuracy, speed, system-wide performance overhead and confusion matrix for used models. Our results show detection accuracy of 99.51%, 99.50% and 99.44% for F+R attack in case of no load, average load and full conditions, respectively, with performance overhead of < 2% at the highest detection speed, i.e., within 1% completion of a single RSA encryption round. In case of Flush+Flush, our results show 99.97%, 98.74% and 95.20% detection accuracy for no load, average load and full conditions, respectively, with performance overhead of < 2% at the highest detection speed, i.e., within 12.5% completion of 400 AES encryption rounds needed to complete the attack. NIGHTs-WATCH shows considerably high detection efficiency under variable system load conditions.

show abstract

Hardware Performance Counters (HPCs) for Anomaly Detection

Woo

2020

Hardware Supply Chain Security

View full text Add to dashboard Cite

Hardware performance counters for system reliability monitoring

Cited by 14 publications

References 21 publications

SysOptic: A Fine-Grained Monitoring System for Virtual Machines Based on PMU

SysOptic: A Fine-Grained Monitoring System for Virtual Machines Based on PMU

NIGHTs-WATCH

Hardware Performance Counters (HPCs) for Anomaly Detection

Contact Info

Product

Resources

About