Browse > Article
http://dx.doi.org/10.3745/KTCCS.2019.8.6.151

Real-Time Detection on FLUSH+RELOAD Attack Using Performance Counter Monitor  

Cho, Jonghyeon (광운대학교 컴퓨터공학과)
Kim, Taehyun (광운대학교 컴퓨터공학과)
Shin, Youngjoo (광운대학교 컴퓨터정보공학부)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.8, no.6, 2019 , pp. 151-158 More about this Journal
Abstract
FLUSH+RELOAD attack exposes the most serious security threat among cache side channel attacks due to its high resolution and low noise. This attack is exploited by a variety of malicious programs that attempt to leak sensitive information. In order to prevent such information leakage, it is necessary to detect FLUSH+RELOAD attack in real time. In this paper, we propose a novel run-time detection technique for FLUSH+RELOAD attack by utilizing PCM (Performance Counter Monitor) of processors. For this, we conducted four kinds of experiments to observe the variation of each counter value of PCM during the execution of the attack. As a result, we found that it is possible to detect the attack by exploiting three kinds of important factors. Then, we constructed a detection algorithm based on the experimental results. Our algorithm utilizes machine learning techniques including a logistic regression and ANN(Artificial Neural Network) to learn from different execution environments. Evaluation shows that the algorithm successfully detects all kinds of attacks with relatively low false rate.
Keywords
Cache-Side Channel Attack; FLUSH+RELOAD Attack; Performance Counter Monitor; Attack Detection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Yarom Yuval and Katrina E. Falkner, "Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack," USENIX Security, 2014.
2 B. Gulmezoglu, M. Inci, G. Irazoki, T. Eisenbarth, and B. Sunar, "Cross-VM Cache Attacks on AES," IEEE Trans. Multi-Scale Comput. Syst., Vol.2, No.3, pp.211-222, 2016.   DOI
3 Daniel Gruss, Raphael Spreitzer, and Stefan Mangard, "Cache Template Attacks : Automating Attacks on Inclusive Last-Level Cache," USENIX Security Symposium 2015.
4 Daniel Gruss, Raphael Spreitzer, and Stefan Mangard, "Flush+Flush : A Fast and Stealthy Cache Attack," DIMVA 2016 Detection of Instruction and Malware, and Vulnerability Assessment.
5 Manuel Weber, Michael Schwarz, Lukas Giner, and Daniel Gruss, "Hello from the Other Side : SSH over Robust Cache Covert Channels in the Cloud." Network and Distributed System Security Symposium 2017 (NDSS'17).
6 Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar, "Systematic Reverse Engineering of Cache Slice Selection in Intel Processors," 2015 Euromicro Conference on Digital System Design (DSD).
7 Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B Lee, "Last-Level Cache Side-Channel Attacks are Practical," 2015 IEEE Symposium on Security and Privacy.
8 Intel Performance Counter Monitor [Online] https://docs.it4i.cz/software/debuggers/intel-performance-counter-monitor/-Intel Performance Counter Monitor.
9 Machine Learning and Deep Learning for Everyone [Online], https://hunkim.github.io/ml/.
10 What is Artificial Neural Network? [Online], http://blog.lgcns.com/1359.
11 Y. Yarom, "Mastik: A Micro-Architectural Side-Channel Toolkit," [Online] https://cs.adelaide.edu.au/-yval/Mastik/.
12 Irazoqui, Gorka, et al. "Wait a minute! A fast, Cross-VM attack on AES," Research in Attacks, Intrusions and Defenses. Springer International Publishing, pp.299-319, 2014.