Real-time Detection of Cache Side-channel Attack Using Non-cache Hardware Events
2021 International Conference on Information Networking (ICOIN)(2021)
摘要
Cache side-channel attack is a class of attacks to retrieve sensitive information from a system by exploiting shared resource in CPUs. As the attacks are delivered to wide range of environments from mobile systems to cloud recently, many detection strategies have been proposed. Since the conventional cache side-channel are likely to incur tremendous number of cache events, most of the previous detection mechanisms were designed to carefully monitor cache events. However, recently proposed attacks tend to incur less cache events during the attack. PRIME+ABORT attack, for example, leverages the Intel TSX instead of accessing cache to measure access time. Because of the characteristic, cache event based detection mechanisms may hardly distinguish the attack. In this paper, we conduct an in-depth analysis of the PRIME+ABORT attack to identify the other useful hardware events for detection rather than cache events. Based on our finding, we present a novel mechanism called PRIME+ABORT Detector to detect the PRIME+ABORT attack and demonstrate that the detection mechanism can achieve 99.5% success rates with 0.3% performance overhead.
更多查看译文
关键词
Real-time attack detection,Cache side-channel attack,PRIME plus ABORT
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要