• Title/Summary/Keyword: Meltdown Attack

Search Result 3, Processing Time 0.015 seconds

Detecting Meltdown and Spectre Malware through Binary Pattern Analysis (바이너리 패턴 분석을 이용한 멜트다운, 스펙터 악성코드 탐지 방법)

  • Kim, Moon-sun;Lee, Man-hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.6
    • /
    • pp.1365-1373
    • /
    • 2019
  • Meltdown and Spectre are vulnerabilities that exploit out-of-order execution and speculative execution techniques to read memory regions that are not accessible with user privileges. OS patches were released to prevent this attack, but older systems without appropriate patches are still vulnerable. Currently, there are some research to detect Meltdown and Spectre attacks, but most of them proposed dynamic analysis methods. Therefore, this paper proposes a binary signature that can be used to detect Meltdown and Spectre malware without executing them. For this, we collected 13 malicious codes from GitHub and performed binary pattern analysis. Based on this, we proposed a static detection method for Meltdown and Spectre malware. Our results showed that the method identified all the 19 attack files with 0.94% false positive rate when applied to 2,317 normal files.

Meltdown Threat Dynamic Detection Mechanism using Decision-Tree based Machine Learning Method (의사결정트리 기반 머신러닝 기법을 적용한 멜트다운 취약점 동적 탐지 메커니즘)

  • Lee, Jae-Kyu;Lee, Hyung-Woo
    • Journal of Convergence for Information Technology
    • /
    • v.8 no.6
    • /
    • pp.209-215
    • /
    • 2018
  • In this paper, we propose a method to detect and block Meltdown malicious code which is increasing rapidly using dynamic sandbox tool. Although some patches are available for the vulnerability of Meltdown attack, patches are not applied intentionally due to the performance degradation of the system. Therefore, we propose a method to overcome the limitation of existing signature detection method by using machine learning method for infrastructures without active patches. First, to understand the principle of meltdown, we analyze operating system driving methods such as virtual memory, memory privilege check, pipelining and guessing execution, and CPU cache. And then, we extracted data by using Linux strace tool for detecting Meltdown malware. Finally, we implemented a decision tree based dynamic detection mechanism to identify the meltdown malicious code efficiently.

Extracting Neural Networks via Meltdown (멜트다운 취약점을 이용한 인공신경망 추출공격)

  • Jeong, Hoyong;Ryu, Dohyun;Hur, Junbeom
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1031-1041
    • /
    • 2020
  • Cloud computing technology plays an important role in the deep learning industry as deep learning services are deployed frequently on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multi-tenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep-learning service with 92.875% accuracy and 1.325kB/s extraction speed.