These Are Not Your Grand Daddy's CPU Performance Counters - CPU Hardware Performance Counters For Security

Explore advanced CPU hardware performance counters and their applications in platform security through this Black Hat conference talk. Delve into the evolution of performance counters, examining their potential beyond traditional debugging and profiling. Discover how modern Intel x86/x64 compatible CPUs leverage these counters for enhanced security measures, including RowHammer defense and potential ROP mitigation. Learn about practical implementations, real-world exploit demonstrations, and performance impact assessments. Investigate topics such as Last Branch Recording, single-stepping on branching, and innovative security techniques previously impractical with software-only solutions. Gain insights into memory access, refresh rates, and rootkit detection methods, while considering the implications for hyperthreading. Uncover the surprising capabilities of contemporary CPU performance counters and their role in fortifying platform security.

Syllabus

Introduction
Overview
History
Events
Control Registers
PLC Information
Runtime Setting
PMI Interrupt Setup
Recording Events
Performance Impact
Incidents
Minimize the Performance Penalty
Rob
Bouncer
CrowdStrike
Memory Access
Refresh Rate
Memory Density
Inertial
The Gift
Increased Refresh Rate
Memory Refresh
CL Flash is not necessarily needed
Other ways to flush cache
No physical address
Detecting and mitigating
Using this method
Blind mitigation
Two kinds of rootkits
What is a rootkit
Practical implementation
Another Problem
Hyperthreading