Tamper-resistant Monitoring for Securing Multi-core Environments

Complex software is not only difficult to secure but is also prone to exploitable software bugs. Hence, an intrusion detection system if deployed in user space is susceptible to security compromises. Thus, this ‘watcher’ of other software processes needs to be ‘watched.’ In this paper, we investigate a tamper-resistant solution to the classic problem of ‘Who watches the watcher?’ In our previous work, we investigated this problem in a unicore environment. In this paper, we design a real-time, lightweight, watchdog framework to monitor an intrusion detection system in a multi-core environment. It leverages the principles of graph theory to implement a cyclic monitoring topology. Since our framework monitors intrusion detection systems, the attack surface it has to deal with is considerably reduced. The proposed framework is implemented and evaluated using AMD SimNow simulator. We show that the framework incurs a negligible memory overhead of only 0.8% while sustaining strong, tamper-resistance properties.