{"title":"基于非缓存硬件事件的缓存侧信道攻击实时检测","authors":"Hodong Kim, Changhee Hahn, Junbeom Hur","doi":"10.1109/ICOIN50884.2021.9333883","DOIUrl":null,"url":null,"abstract":"Cache side-channel attack is a class of attacks to retrieve sensitive information from a system by exploiting shared resource in CPUs. As the attacks are delivered to wide range of environments from mobile systems to cloud recently, many detection strategies have been proposed. Since the conventional cache side-channel are likely to incur tremendous number of cache events, most of the previous detection mechanisms were designed to carefully monitor cache events. However, recently proposed attacks tend to incur less cache events during the attack. PRIME+ABORT attack, for example, leverages the Intel TSX instead of accessing cache to measure access time. Because of the characteristic, cache event based detection mechanisms may hardly distinguish the attack. In this paper, we conduct an in-depth analysis of the PRIME+ABORT attack to identify the other useful hardware events for detection rather than cache events. Based on our finding, we present a novel mechanism called PRIME+ABORT Detector to detect the PRIME+ABORT attack and demonstrate that the detection mechanism can achieve 99.5% success rates with 0.3% performance overhead.","PeriodicalId":6741,"journal":{"name":"2021 International Conference on Information Networking (ICOIN)","volume":"14 1","pages":"28-31"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Real-time Detection of Cache Side-channel Attack Using Non-cache Hardware Events\",\"authors\":\"Hodong Kim, Changhee Hahn, Junbeom Hur\",\"doi\":\"10.1109/ICOIN50884.2021.9333883\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cache side-channel attack is a class of attacks to retrieve sensitive information from a system by exploiting shared resource in CPUs. As the attacks are delivered to wide range of environments from mobile systems to cloud recently, many detection strategies have been proposed. Since the conventional cache side-channel are likely to incur tremendous number of cache events, most of the previous detection mechanisms were designed to carefully monitor cache events. However, recently proposed attacks tend to incur less cache events during the attack. PRIME+ABORT attack, for example, leverages the Intel TSX instead of accessing cache to measure access time. Because of the characteristic, cache event based detection mechanisms may hardly distinguish the attack. In this paper, we conduct an in-depth analysis of the PRIME+ABORT attack to identify the other useful hardware events for detection rather than cache events. Based on our finding, we present a novel mechanism called PRIME+ABORT Detector to detect the PRIME+ABORT attack and demonstrate that the detection mechanism can achieve 99.5% success rates with 0.3% performance overhead.\",\"PeriodicalId\":6741,\"journal\":{\"name\":\"2021 International Conference on Information Networking (ICOIN)\",\"volume\":\"14 1\",\"pages\":\"28-31\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-01-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Information Networking (ICOIN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICOIN50884.2021.9333883\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Information Networking (ICOIN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOIN50884.2021.9333883","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Real-time Detection of Cache Side-channel Attack Using Non-cache Hardware Events
Cache side-channel attack is a class of attacks to retrieve sensitive information from a system by exploiting shared resource in CPUs. As the attacks are delivered to wide range of environments from mobile systems to cloud recently, many detection strategies have been proposed. Since the conventional cache side-channel are likely to incur tremendous number of cache events, most of the previous detection mechanisms were designed to carefully monitor cache events. However, recently proposed attacks tend to incur less cache events during the attack. PRIME+ABORT attack, for example, leverages the Intel TSX instead of accessing cache to measure access time. Because of the characteristic, cache event based detection mechanisms may hardly distinguish the attack. In this paper, we conduct an in-depth analysis of the PRIME+ABORT attack to identify the other useful hardware events for detection rather than cache events. Based on our finding, we present a novel mechanism called PRIME+ABORT Detector to detect the PRIME+ABORT attack and demonstrate that the detection mechanism can achieve 99.5% success rates with 0.3% performance overhead.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
