What is it about?
Our research introduces Interstellar, a hardware-based security monitoring system designed to protect computer systems from attacks that even target privileged software, like operating systems and trusted execution environments (TEEs). Unlike existing solutions, Interstellar operates independently of software privileges, making it resilient to attacks that exploit vulnerabilities in privileged software. Interstellar uses dedicated hardware near a CPU core to monitor every instruction the processor executes, identifying and preventing attacks before they can compromise the system. By leveraging finite state machines (FSMs) and isolated hardware, Interstellar can efficiently detect threats such as unauthorized memory access, return-oriented programming (ROP) attacks, and microarchitectural side-channel attacks without affecting system performance. We implemented Interstellar on a RISC-V Rocket Chip and evaluated it using three benchmark applications. Our results show that Interstellar introduces minimal performance overhead (about 0.1%), making it a practical solution for enhancing system security without a trade-off with performance.
Featured Image
Photo by Adi Goldstein on Unsplash
Why is it important?
Interstellar offers a hardware-based solution to defend against attacks on privileged software, which existing software-based monitors should rely on. This work is timely as modern computing environments increasingly rely on Trusted Execution Environments, which are vulnerable to advanced attacks like ROP and microarchitectural side-channel exploits. By isolating the monitoring hardware and operating independently from privileged software, Interstellar offers a unique and robust defense mechanism that enhances security without performance overhead on the entire system.
Perspectives
From my perspective, Interstellar represents a significant step forward in making hardware-level security practical and efficient. One of the key motivations behind this work was the realization that software-based security solutions often become the target of the very attacks they aim to prevent. Designing a system that operates alongside the CPU but remains isolated from software vulnerabilities was challenging yet rewarding. I believe that Interstellar's ability to detect and block attacks in real-time without causing performance overhead could pave the way for more secure and attack-resilient computing platforms, ultimately contributing to safer computing environments across various sectors.
YongHo Song
Korea Advanced Institute of Science and Technology
Read the Original
This page is a summary of: Interstellar: Fully Partitioned and Efficient Security Monitoring Hardware Near a Processor Core for Protecting Systems against Attacks on Privileged Software, December 2024, ACM (Association for Computing Machinery),
DOI: 10.1145/3658644.3690247.
You can read the full text:
Resources
Interstellar_YongHoSong
This is the “Interstellar” presentation file by YongHo Song, delivered at the ACM Conference on Computer and Communications Security (CCS).
Interstellar : Open Access Version on ACM DL
This resource is the open-access version of the Interstellar paper presented by YongHo Song at the ACM Conference on Computer and Communications Security (CCS).
Contributors
The following have contributed to this page
