Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.6.1255

Real-Time Detection of Cache Side-Channel Attacks Using Non-Cache Hardware Events  

Kim, Hodong (Korea University)
Hur, Junbeom (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.6, 2020 , pp. 1255-1261 More about this Journal
Abstract
Cache side-channel attack is a class of attacks to retrieve sensitive information from a system by exploiting shared cache resources in CPUs. As the attacks are delivered to wide range of environments from mobile systems to cloud systems recently, many detection strategies have been proposed. Since the conventional cache side-channel attacks are likely to incur tremendous number of cache events, most of the previous detection mechanisms were designed to carefully monitor mostly cache events. However, recently proposed attacks tend to incur less cache events during the attack. PRIME+ABORT attack, for example, leverages the Intel TSX instead of accessing cache to measure access time. Because of the characteristic, attack detection mechanisms based on cache events may hardly detect the attack. In this paper, we conduct an in-depth analysis of the PRIME+ABORT attack to identify the other useful hardware events for detection rather than cache events. Based on our finding, we present a novel mechanism called PRIME+ABORT Detector to detect the PRIME+ABORT attack and demonstrate that the detection mechanism can achieve 99.5% success rates with 0.3% performance overhead.
Keywords
Real-time attack detection; Cache side-channel attack; PRIME+ABORT;
Citations & Related Records
연도 인용수 순위
  • Reference
1 F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee, "Last-level cache side-channel attacks are practical," Proceedings of the 2015 IEEE Symposium on Security and Privacy, pp. 605-622, May 2015
2 Y. Yarom and K. Falkner, "Flush+reload: a high resolution, low noise, l3 cache side-channel attack," Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14), pp. 719-732, Aug. 2014.
3 D. Gruss, C. Maurice, K. Wagner, and S. Mangard, "Flush+flush: a fast and stealthy cache attack," Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 279-299. Sep. 2016.
4 C. Disselkoen, D. Kohlbrenner, L. Porter, and D. Tullsen, "Prime+abort: A timer-free high-precision l3 cache attack using intel tsx," Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), pp. 51-67, Aug. 2017.
5 G. Irazoqui, M. S. Inci, T. Eisenbarth, and B. Sunar, "Wait a minute! a fast, cross-vm attack on aes." in International Workshop on Recent Advances in Intrusion Detection, pp. 299-319, Sep. 2014
6 D. Wang, A. Neupane, Z. Qian, N. B. Abu-Ghazaleh, S. V. Krishnamurthy, E. J. Colbert, and P. Yu, "Unveiling your keystrokes: A cachebased side-channel attack on graphics libraries." Proceedings of the The Network and Distributed System Security Symposium 2019 (NDSS, 2019), Feb. 2019.
7 Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, "Cross-tenant sidechannel attacks in paas clouds," in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 990-1003, Nov. 2014.
8 Intel, Intel 64 and IA-32 Architectures Performance Monitoring Events, 2017
9 Intel, Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3B: System Programming Guide, Part 2, 2016