Securing IoT/IIoT from Software Attacks Targeting Hardware Vulnerabilities

The microarchitecture of modern systems become more and more complicated. This increasing complexity gives rise to a new class of attacks which uses software code and targets hardware vulnerabilities of the system microarchitectures. Software attacks targeting hardware vulnerabilities (SATHVs) gain popularity. In particular, cache side channel attacks, Spectre, and Rowhammer are serious threats. They take advantage of microarchitectural vulnerabilities to extract secret information or harm the system. As these attacks target the system's hardware, they can avoid traditional software antivirus protections. However, they modify the normal operation of the system's hardware. Hardware Performance Counters (HPCs) are special registers that allow counting specific hardware events. These registers can help us monitor system's execution at hardware level and detect this set of attacks. Many solutions in the literature use HPCs to detect SATHVs. Although, these solutions target detecting only a limited set of the available SATHVs. If security designers do not consider all the possibilities, attackers can bypass existing protections using SATHV variants. In this article, we investigate how the side effect selection proposed in the literature, could or could not help us detect the studied attacks in our testing platform. Our threat model includes Cache side channel and Rowhammer attacks. We also discuss the limitations of software monitoring and how hardware approaches can resolve them.