TY - GEN
T1 - Real-time Detection of Cache Side-channel Attack Using Non-cache Hardware Events
AU - Kim, Hodong
AU - Hahn, Changhee
AU - Hur, Junbeom
N1 - Funding Information:
This work was supported by Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government(MSIT) (No.2019-0-00533, Research on CPU vulnerability detection and validation) (No.2019-0-01697, Development of Automated Vulnerability Discovery Technologies for Blockchain Platform Security). This research was also supported by the MSIT(Ministry of Science and ICT), Korea, under the ICT Creative Consilience program(IITP-2020-0-01819) supervised by the IITP(Institute for Information & communications Technology Planning & Evaluation).
Publisher Copyright:
© 2021 IEEE.
PY - 2021/1/13
Y1 - 2021/1/13
N2 - Cache side-channel attack is a class of attacks to retrieve sensitive information from a system by exploiting shared resource in CPUs. As the attacks are delivered to wide range of environments from mobile systems to cloud recently, many detection strategies have been proposed. Since the conventional cache side-channel are likely to incur tremendous number of cache events, most of the previous detection mechanisms were designed to carefully monitor cache events. However, recently proposed attacks tend to incur less cache events during the attack. PRIME+ABORT attack, for example, leverages the Intel TSX instead of accessing cache to measure access time. Because of the characteristic, cache event based detection mechanisms may hardly distinguish the attack. In this paper, we conduct an in-depth analysis of the PRIME+ABORT attack to identify the other useful hardware events for detection rather than cache events. Based on our finding, we present a novel mechanism called PRIME+ABORT Detector to detect the PRIME+ABORT attack and demonstrate that the detection mechanism can achieve 99.5% success rates with 0.3% performance overhead.
AB - Cache side-channel attack is a class of attacks to retrieve sensitive information from a system by exploiting shared resource in CPUs. As the attacks are delivered to wide range of environments from mobile systems to cloud recently, many detection strategies have been proposed. Since the conventional cache side-channel are likely to incur tremendous number of cache events, most of the previous detection mechanisms were designed to carefully monitor cache events. However, recently proposed attacks tend to incur less cache events during the attack. PRIME+ABORT attack, for example, leverages the Intel TSX instead of accessing cache to measure access time. Because of the characteristic, cache event based detection mechanisms may hardly distinguish the attack. In this paper, we conduct an in-depth analysis of the PRIME+ABORT attack to identify the other useful hardware events for detection rather than cache events. Based on our finding, we present a novel mechanism called PRIME+ABORT Detector to detect the PRIME+ABORT attack and demonstrate that the detection mechanism can achieve 99.5% success rates with 0.3% performance overhead.
KW - Cache side-channel attack
KW - PRIME+ABORT
KW - Real-time attack detection
UR - http://www.scopus.com/inward/record.url?scp=85100812338&partnerID=8YFLogxK
U2 - 10.1109/ICOIN50884.2021.9333883
DO - 10.1109/ICOIN50884.2021.9333883
M3 - Conference contribution
AN - SCOPUS:85100812338
T3 - International Conference on Information Networking
SP - 28
EP - 31
BT - 35th International Conference on Information Networking, ICOIN 2021
PB - IEEE Computer Society
T2 - 35th International Conference on Information Networking, ICOIN 2021
Y2 - 13 January 2021 through 16 January 2021
ER -