Rt-sniper: A low-overhead defense mechanism pinpointing cache side-channel attacks

Minkyu Song; Junyeon Lee; Taeweon Suh; Gunjae Koo

doi:10.3390/electronics10222748

Rt-sniper: A low-overhead defense mechanism pinpointing cache side-channel attacks

Minkyu Song, Junyeon Lee, Taeweon Suh, Gunjae Koo

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

Since cache side-channel attacks have been serious security threats to multi-tenant systems, there have been several studies to protect systems against the attacks. However, the prior studies have limitations in determining only the existence of the attack and/or occupying too many computing resources in runtime. We propose a low-overhead pinpointing solution, called RT-Sniper, to overcome such limitations. RT-Sniper employs a two-level filtering mechanism to minimize performance overhead. It first monitors hardware events per core and isolates a suspected core to run a malicious process. Then among the processes running on the selected core, RT-Sniper pinpoints a malicious process through a per-process monitoring approach. With the core-level filtering, RT-Sniper has an advantage in overhead compared to the previous works. We evaluate RT-Sniper against Flush+Reload and Prime+Probe attacks running SPEC2017, LMBench, and PARSEC benchmarks on multi-core systems. Our evaluation demonstrates that the performance overhead by RT-Sniper is negligible (0.3% for single-threaded applications and 2.05% for multi-threaded applications). Compared to the previous defense solutions against cache side-channel attacks, RT-Sniper exhibits better detection performance with lower performance overhead.

Original language	English
Article number	2748
Journal	Electronics (Switzerland)
Volume	10
Issue number	22
DOIs	https://doi.org/10.3390/electronics10222748
Publication status	Published - 2021 Nov 1

Bibliographical note

Funding Information:
Funding: This work was supported by the Institute of Information and Communications Technology Planning and Evaluation grant funded by the Korea government (MSIT) (No.2019-0-00533, Research on CPU Vulnerability Detection and Validation / No.2019-0-01343, Regional Strategic Industry Convergence Security Core Talent Training Business / IITP-2021-2020-0-01819, ICT Creative Consilience Program)

Publisher Copyright:
© 2021 by the authors. Licensee MDPI, Basel, Switzerland.

Keywords

Cache side-channel attacks
Malware detection
Overhead
Security

ASJC Scopus subject areas

Control and Systems Engineering
Signal Processing
Hardware and Architecture
Computer Networks and Communications
Electrical and Electronic Engineering

Access to Document

10.3390/electronics10222748

Cite this

@article{0e03e87c61994d2ea95255170f98a838,

title = "Rt-sniper: A low-overhead defense mechanism pinpointing cache side-channel attacks",

abstract = "Since cache side-channel attacks have been serious security threats to multi-tenant systems, there have been several studies to protect systems against the attacks. However, the prior studies have limitations in determining only the existence of the attack and/or occupying too many computing resources in runtime. We propose a low-overhead pinpointing solution, called RT-Sniper, to overcome such limitations. RT-Sniper employs a two-level filtering mechanism to minimize performance overhead. It first monitors hardware events per core and isolates a suspected core to run a malicious process. Then among the processes running on the selected core, RT-Sniper pinpoints a malicious process through a per-process monitoring approach. With the core-level filtering, RT-Sniper has an advantage in overhead compared to the previous works. We evaluate RT-Sniper against Flush+Reload and Prime+Probe attacks running SPEC2017, LMBench, and PARSEC benchmarks on multi-core systems. Our evaluation demonstrates that the performance overhead by RT-Sniper is negligible (0.3% for single-threaded applications and 2.05% for multi-threaded applications). Compared to the previous defense solutions against cache side-channel attacks, RT-Sniper exhibits better detection performance with lower performance overhead.",

keywords = "Cache side-channel attacks, Malware detection, Overhead, Security",

author = "Minkyu Song and Junyeon Lee and Taeweon Suh and Gunjae Koo",

note = "Funding Information: Funding: This work was supported by the Institute of Information and Communications Technology Planning and Evaluation grant funded by the Korea government (MSIT) (No.2019-0-00533, Research on CPU Vulnerability Detection and Validation / No.2019-0-01343, Regional Strategic Industry Convergence Security Core Talent Training Business / IITP-2021-2020-0-01819, ICT Creative Consilience Program) Publisher Copyright: {\textcopyright} 2021 by the authors. Licensee MDPI, Basel, Switzerland.",

year = "2021",

month = nov,

day = "1",

doi = "10.3390/electronics10222748",

language = "English",

volume = "10",

journal = "Electronics (Switzerland)",

issn = "2079-9292",

publisher = "Multidisciplinary Digital Publishing Institute (MDPI)",

number = "22",

}

TY - JOUR

T1 - Rt-sniper

T2 - A low-overhead defense mechanism pinpointing cache side-channel attacks

AU - Song, Minkyu

AU - Lee, Junyeon

AU - Suh, Taeweon

AU - Koo, Gunjae

N1 - Funding Information: Funding: This work was supported by the Institute of Information and Communications Technology Planning and Evaluation grant funded by the Korea government (MSIT) (No.2019-0-00533, Research on CPU Vulnerability Detection and Validation / No.2019-0-01343, Regional Strategic Industry Convergence Security Core Talent Training Business / IITP-2021-2020-0-01819, ICT Creative Consilience Program) Publisher Copyright: © 2021 by the authors. Licensee MDPI, Basel, Switzerland.

PY - 2021/11/1

Y1 - 2021/11/1

N2 - Since cache side-channel attacks have been serious security threats to multi-tenant systems, there have been several studies to protect systems against the attacks. However, the prior studies have limitations in determining only the existence of the attack and/or occupying too many computing resources in runtime. We propose a low-overhead pinpointing solution, called RT-Sniper, to overcome such limitations. RT-Sniper employs a two-level filtering mechanism to minimize performance overhead. It first monitors hardware events per core and isolates a suspected core to run a malicious process. Then among the processes running on the selected core, RT-Sniper pinpoints a malicious process through a per-process monitoring approach. With the core-level filtering, RT-Sniper has an advantage in overhead compared to the previous works. We evaluate RT-Sniper against Flush+Reload and Prime+Probe attacks running SPEC2017, LMBench, and PARSEC benchmarks on multi-core systems. Our evaluation demonstrates that the performance overhead by RT-Sniper is negligible (0.3% for single-threaded applications and 2.05% for multi-threaded applications). Compared to the previous defense solutions against cache side-channel attacks, RT-Sniper exhibits better detection performance with lower performance overhead.

AB - Since cache side-channel attacks have been serious security threats to multi-tenant systems, there have been several studies to protect systems against the attacks. However, the prior studies have limitations in determining only the existence of the attack and/or occupying too many computing resources in runtime. We propose a low-overhead pinpointing solution, called RT-Sniper, to overcome such limitations. RT-Sniper employs a two-level filtering mechanism to minimize performance overhead. It first monitors hardware events per core and isolates a suspected core to run a malicious process. Then among the processes running on the selected core, RT-Sniper pinpoints a malicious process through a per-process monitoring approach. With the core-level filtering, RT-Sniper has an advantage in overhead compared to the previous works. We evaluate RT-Sniper against Flush+Reload and Prime+Probe attacks running SPEC2017, LMBench, and PARSEC benchmarks on multi-core systems. Our evaluation demonstrates that the performance overhead by RT-Sniper is negligible (0.3% for single-threaded applications and 2.05% for multi-threaded applications). Compared to the previous defense solutions against cache side-channel attacks, RT-Sniper exhibits better detection performance with lower performance overhead.

KW - Cache side-channel attacks

KW - Malware detection

KW - Overhead

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85118697674&partnerID=8YFLogxK

U2 - 10.3390/electronics10222748

DO - 10.3390/electronics10222748

M3 - Article

AN - SCOPUS:85118697674

SN - 2079-9292

VL - 10

JO - Electronics (Switzerland)

JF - Electronics (Switzerland)

IS - 22

M1 - 2748

ER -

Rt-sniper: A low-overhead defense mechanism pinpointing cache side-channel attacks

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this