Let's Prevent Spectre Attacks in the Docker Containers Too

2022 International Conference on Frontiers of Information Technology (FIT) Pub Date : 2022-12-01 DOI:10.1109/FIT57066.2022.00052

Humdah Shakir Khan, Farooque Hassan Kumbhar, J. Shamsi

{"title":"Let's Prevent Spectre Attacks in the Docker Containers Too","authors":"Humdah Shakir Khan, Farooque Hassan Kumbhar, J. Shamsi","doi":"10.1109/FIT57066.2022.00052","DOIUrl":null,"url":null,"abstract":"The Spectre attacks in modern processors have been inherently conveyed in the major Docker clients. The speculative execution mechanism in a processor can be maliciously used to access unauthorized content of other users, where the processor is the same for all the tenants. Instructions and code that completed execution and remained in the micro-architecture as cache could be accessed by the attacker through cache-side channel attacks. In this paper, we propose an automated solution to detect susceptible code snippets in the binary program and implement a patch to avoid further attacks. The proposed methodology extracts control flow, address analysis and taint analysis to detect the conditional branches that maliciously access memory speculatively. We have used the Kocher tests, which are a set of susceptible code patterns to generate malicious snippets. In a nutshell, the proposed system implements fences around suspicious conditional branches that stop speculative execution in the processor. Moreover, our evaluation also considers runtime overhead, analysis time, and effectiveness.","PeriodicalId":102958,"journal":{"name":"2022 International Conference on Frontiers of Information Technology (FIT)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Conference on Frontiers of Information Technology (FIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FIT57066.2022.00052","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The Spectre attacks in modern processors have been inherently conveyed in the major Docker clients. The speculative execution mechanism in a processor can be maliciously used to access unauthorized content of other users, where the processor is the same for all the tenants. Instructions and code that completed execution and remained in the micro-architecture as cache could be accessed by the attacker through cache-side channel attacks. In this paper, we propose an automated solution to detect susceptible code snippets in the binary program and implement a patch to avoid further attacks. The proposed methodology extracts control flow, address analysis and taint analysis to detect the conditional branches that maliciously access memory speculatively. We have used the Kocher tests, which are a set of susceptible code patterns to generate malicious snippets. In a nutshell, the proposed system implements fences around suspicious conditional branches that stop speculative execution in the processor. Moreover, our evaluation also considers runtime overhead, analysis time, and effectiveness.

查看原文本刊更多论文

让我们防止幽灵攻击在Docker容器

现代处理器中的Spectre攻击已经在主要的Docker客户端中固有地传递。处理器中的推测执行机制可以被恶意地用于访问其他用户的未经授权的内容，其中处理器对于所有租户都是相同的。完成执行并保留在微体系结构中作为缓存的指令和代码可以被攻击者通过缓存端通道攻击访问。在本文中，我们提出了一种自动化的解决方案来检测二进制程序中的易受影响的代码片段，并实现补丁以避免进一步的攻击。该方法通过提取控制流、地址分析和污染分析来检测恶意访问内存的条件分支。我们使用了Kocher测试，它是一组易受影响的代码模式来生成恶意代码片段。简而言之，建议的系统实现了围绕可疑条件分支的围栏，以阻止处理器中的推测执行。此外，我们的评估还考虑了运行时开销、分析时间和有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 International Conference on Frontiers of Information Technology (FIT)

自引率

0.00%

发文量