Browse > Article
http://dx.doi.org/10.3745/KTCCS.2020.9.5.101

JMP+RAND: Mitigating Memory Sharing-Based Side-Channel Attack by Embedding Random Values in Binaries  

Kim, Taehun (광운대학교 컴퓨터정보공학부)
Shin, Youngjoo (광운대학교 컴퓨터정보공학부)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.9, no.5, 2020 , pp. 101-106 More about this Journal
Abstract
Since computer became available, much effort has been made to achieve information security. Even though memory protection defense mechanisms were studied the most among of them, the problems of existing memory protection defense mechanisms were found due to improved performance of computer and new defense mechanisms were needed due to the advent of the side-channel attacks. In this paper, we propose JMP+RAND that embedding random values of 5 to 8 bytes per page to defend against memory sharing based side-channel attacks and bridging the gap of existing memory protection defense mechanism. Unlike the defense mechanism of the existing side-channel attacks, JMP+RAND uses static binary rewriting and continuous jmp instruction and random values to defend against the side-channel attacks in advance. We numerically calculated the time it takes for a memory sharing-based side-channel attack to binary adopted JMP+RAND technique and verified that the attacks are impossible in a realistic time. Modern architectures have very low overhead for JMP+RAND because of the very fast and accurate branching of jmp instruction using branch prediction. Since random value can be embedded only in specific programs using JMP+RAND, it is expected to be highly efficient when used with memory deduplication technique, especially in a cloud computing environment.
Keywords
Memory Sharing-based Side-channel Attack; Binary Rewriting; Memory Sharing; Cloud Computing; Countermeasure;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Kernel Address Space Layout Randomization [Online], https://lwn.net/Articles/569635/
2 Yarom Yuval, and Katrina E. Falkner, Flush+ Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack. USENIX Security, 2014.
3 D. Gruss, C. Maurice, K. Wagner, and S. Mangard, "Flush+ Flush: A Fast and Stealthy Cache Attack," in DIMVA, 2016.
4 D. Gruss, D. Bidner, and S. Mangard, "Practical Memory Deduplication Attacks in Sandboxed Javascript," In: Pernul G., Y A Ryan P., Weippl E. (eds) Computer Security ESORICS 2015.
5 Kyniyasu Suzaki, Kengo lijima, Toshiki Yagi, and Cyrille Artho. Memory Deduplication as a Threat to the Guset OS, EUROSYS11, 2011.
6 K. Suzaki, K. Iijima, Y. Toshiki, and C. Artho, “Implementation of a Memory Disclosure Attack on Memory Deduplication of Virtual Machines,” IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences, Vol. 96, No. 1, pp. 215-224, 2013.
7 Antonio Barresi, Kaveh Razavi, Mathias Payer, and Thomas R. Gross. "CAIN: Silently Breaking ASLR in the Cloud," 9th USENIX WOOT'15.
8 Taehyun Kim, Taehun Kim, and Youngjoo Shin, "Breaking KASLR by using Memory Deduplication in Virtualized Environments," CISC-W'19.
9 M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg, "Meltdown: Reading Kernel Memory from User Space," in USENIX Security Symposium (to appear), 2018.
10 P. Kocher, J. Horn, A. Fogh, D. Genkin, G. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom, "Spectre attacks: Exploiting speculative execution," In S&P, 2019.
11 Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, and Daniel Gruss. 2019. "ZombieLoad: Cross-PrivilegeBoundary Data Sampling," arXiv:1905.05726, 2019.
12 B. Gulmezoglu, A. Moghimi, T. Eisenbarth, and B. Sunar, "FortuneTeller: Predicting Microarchitectural Attacks via Unsupervised Deep Learning, Cryptography and Security," 8 Jul. 2019.
13 M. Chiappetta, E. Savas, and C. Yilmaz, "Real time detection of cache-based side-channel attacks using hardware performance counters," Cryptology ePrint Archive, 2015.
14 M. Mushtaq, A. Akram, K. B. Muhammad. N. B. R. Rao, V. Lapotre, and G. Gogniat, "Run-time Detection of Prime+ Probe Side-Channel Attack on AES Encryption Algorithm," 2018 Global Information Infrastructure and Networking Symposium, 23-25 Oct. 2018.
15 Shuai Wang, Pei Wang, and Dinghao Wu. "Reassembleable disassembling. USENIX Security," 2015.
16 Shuai Wang, Pei Wang, and Dinghao Wu. "UROBOROS: Instrumenting stripped binaries with static reassembling," IEEE 23rd SANER, 2016.
17 Erick Bauman, Zhiqiang Lin, and Kevin W. Hamlen. Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics, NDSS, 2019.
18 Guanhua Wang, Sudipta Chattopadhyay, Ivan Gotovchits, Tulika Mitra and Abhik Roychoudhury, "oo7: Low-overhead Defense against Spectre Attacks via Program Analysis," IEEE Transactions on Software Engineering, 2020.   DOI
19 G. Irazoqui, M. S. Inci, T. Eisenbarth, and B. Sunar, "Wait a minute! a fast, cross-VM attack on AES," in RAID, Gothenburg, SE, pp. 299-319. Sep. 2014.