Skip to content

sarthak-kaps/Security-Aware-Linux-Scheduler

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
Extras
Extras
 
 
Images
Images
 
 
MIBENCH
MIBENCH
 
 
Meltdown
Meltdown
 
 
Presentation
Presentation
 
 
covert
covert
 
 
meltdown
meltdown
 
 
mibench
mibench
 
 
normal
normal
 
 
rowhammer
rowhammer
 
 
training
training
 
 
CS3500_Project_Report.pdf
CS3500_Project_Report.pdf
 
 
README.md
README.md
 
 
core.c
core.c
 
 
data_collecter
data_collecter
 
 
data_collecter.cpp
data_collecter.cpp
 
 
fair.c
fair.c
 
 
gendata.ipynb
gendata.ipynb
 
 
init.bash
init.bash
 
 
makefile
makefile
 
 

Repository files navigation

Security Aware Linux Scheduler

This is an ideation/implementation of a security aware linux scheduler.
The kernel i.e. the core operating system takes actions against a class of side channel attacks (like the rowhammer attack).
The scheduler reduces the length of the timeslice given to the execution of the attacking process by reducing its priority, thereby reducing the system exposure to the malware.
The idea is that once the attacking process gets less time to execute on the system, the damage can be reduced and there will be enough time for user notification or for an antivirus to kick in.

The project was conducted on Linux Kernel 4.19.160 and Intel Core i7 9th generation processor.

For a detailed view of the project kindly refer to the report CS3500_project_report.pdf.

Details And Directory Structure

The main problem is to identify which process is an attacking process. In particular we are interested in attacking processes that do side channel attacks.
In this project we explored the usage of Hardware Performance Counters (HPCs) to gather information of processes and use this to classify a process as attacking or not.
Hardware performance counters are registers in the system that can store occurences of various microarchitectural events like -

  • cache hits
  • cache misses
  • TLB hits
  • TLB misses
  • page faults

And many more ...

The key idea is that attacking processes have a distinct footprint with respect to these HPCs. We collected HPCs for multiple attacking and non-attacking processes. The HPCs collected for these processes can be treated as their features.
The collection of HPCs was done using perf tools - https://github.com/brendangregg/perf-tools.
We then used a simple machine learning algorithm to learn a classifier which separated the attacking processes against the non-attacking ones on select features.

Non Attacking Processes

For non attacking processes we referred to multiple programs from the MIBENCH collection - https://github.com/ekut-es/mibench. The results after running perf tools on the processes is present in the folder MIBENCH.

Attacking Processes

For attacking processes we referred to -

The folder training contains the training data and the training script.

The file data_collector.cpp contains the driver program that uses perf-tools to collect HPC values for various events for the attacking and non-attacking processes.

The file gendata.ipynb does data analysis and generates data for training.

About

Security Aware Linux Scheduler

Topics

linux security linux-kernel malware-analysis malware-detection

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages