A Hardware-Enhanced AntiVirus ENgine

AntiVirus solutions (AVs) are the main infection defense barrier for most computer systems ans users. However, AVs are performance-intensive applications due to their constant system monitoring, which causes the
systems to slowdown. An effective alternative for accelerating AVs operation is to move AVs from software to hardware, thus eliminating their imposed performance overhead. Hardware-assisted AVs, in turn, present other drawbacks, such as malicious definitions updates, which are essential for AVs proper working.

In this research project, we investigate and develop a hardware-assisted AV that eliminates the overhead of constant system monitoring imposed by software-based AVs whereas still allowing updates to be deployed by software. HEAVEN (Hardware-Enhanced AntiVirus ENgine) is our Proof-of-Concept (PoC) solution and will be made available soon.

HEAVEN contributes by proposing the following hardware-software components:

  • A modified CPU cache able to detect code writes.
  • A modified MMU able to detect code writes.
  • A modified CPU pipeline to detect code writes.
  • A modified memory controller able to detect suspicious patterns.
  • A modified CPU branch predictor able to predict suspicious code execution.
  • Hardware Performance Counters (HPCs) extensions to detect misbehaving applications.
  • A precise interrupt mechanism able to notify a software-AV when a hardware event is deemed suspicious.
  • An updatable data structure able to match malware in hardware without impacting CPU critical path.

If you are interested in researching in this topic, join us!