SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security

Explore the challenges, pitfalls, and perils of using Hardware Performance Counters (HPCs) for security applications in this IEEE Symposium on Security & Privacy conference talk. Delve into a year-long study examining best practices for accurate event measurement, challenges in various settings, and methods for consistent data collection across architectures. Analyze the application of HPCs in 56 papers across different domains, with a focus on 41 security-related works. Investigate how overlooking HPC intricacies can undermine exploit prevention and malware detection effectiveness. Learn about potential adversarial manipulation of HPCs to bypass security defenses. Gain insights into programmable counters, sampling mode, data mishandling, skid, and non-determinism issues. Conclude with a case study on rope detection and perspectives on the importance of addressing these challenges in HPC-based security applications.

Introduction
Hardware performance counters
Application domains
Security domain
Security applications
Dataonly attacks
Challenges
Literature Survey
Security Papers
Common Failures
Programmable Counters
Sampling Mode
Performance Counter Data Mishandling
Performance Counter Data Fix
Skid
Nondeterminism
Why do these issues matter
Perspective
Case Study
Rope Detection
Conclusion
Questions
Eviction Set Talk