diff --git a/executer/kernel/mcctrl/control.c b/executer/kernel/mcctrl/control.c
index e1895cdb..1ebb2597 100644
--- a/executer/kernel/mcctrl/control.c
+++ b/executer/kernel/mcctrl/control.c
@@ -3240,9 +3240,46 @@ out:
 	return rc;
 }
 
+static int __mcctrl_control_perm(unsigned int request)
+{
+	int ret = 0;
+	kuid_t euid;
+
+	/* black list */
+	switch (request) {
+	case IHK_OS_AUX_PERF_NUM:
+	case IHK_OS_AUX_PERF_SET:
+	case IHK_OS_AUX_PERF_GET:
+	case IHK_OS_AUX_PERF_ENABLE:
+	case IHK_OS_AUX_PERF_DISABLE:
+	case IHK_OS_AUX_PERF_DESTROY:
+		euid = current_euid();
+		pr_debug("%s: request=0x%x, euid=%u\n",
+			 __func__, request, euid.val);
+		if (euid.val) {
+			ret = -EPERM;
+		}
+		break;
+	default:
+		break;
+	}
+	pr_debug("%s: request=0x%x, ret=%d\n", __func__, request, ret);
+
+	return ret;
+}
+
 long __mcctrl_control(ihk_os_t os, unsigned int req, unsigned long arg,
                       struct file *file)
 {
+	int ret;
+
+	ret = __mcctrl_control_perm(req);
+	if (ret) {
+		pr_err("%s: error: permission denied, req: %x\n",
+		       __func__, req);
+		return ret;
+	}
+
 	switch (req) {
 	case MCEXEC_UP_PREPARE_IMAGE:
 		return mcexec_prepare_image(os,