TY - JOUR
T1 - Rt-sniper
T2 - A low-overhead defense mechanism pinpointing cache side-channel attacks
AU - Song, Minkyu
AU - Lee, Junyeon
AU - Suh, Taeweon
AU - Koo, Gunjae
N1 - Funding Information:
Funding: This work was supported by the Institute of Information and Communications Technology Planning and Evaluation grant funded by the Korea government (MSIT) (No.2019-0-00533, Research on CPU Vulnerability Detection and Validation / No.2019-0-01343, Regional Strategic Industry Convergence Security Core Talent Training Business / IITP-2021-2020-0-01819, ICT Creative Consilience Program)
Publisher Copyright:
© 2021 by the authors. Licensee MDPI, Basel, Switzerland.
PY - 2021/11/1
Y1 - 2021/11/1
N2 - Since cache side-channel attacks have been serious security threats to multi-tenant systems, there have been several studies to protect systems against the attacks. However, the prior studies have limitations in determining only the existence of the attack and/or occupying too many computing resources in runtime. We propose a low-overhead pinpointing solution, called RT-Sniper, to overcome such limitations. RT-Sniper employs a two-level filtering mechanism to minimize performance overhead. It first monitors hardware events per core and isolates a suspected core to run a malicious process. Then among the processes running on the selected core, RT-Sniper pinpoints a malicious process through a per-process monitoring approach. With the core-level filtering, RT-Sniper has an advantage in overhead compared to the previous works. We evaluate RT-Sniper against Flush+Reload and Prime+Probe attacks running SPEC2017, LMBench, and PARSEC benchmarks on multi-core systems. Our evaluation demonstrates that the performance overhead by RT-Sniper is negligible (0.3% for single-threaded applications and 2.05% for multi-threaded applications). Compared to the previous defense solutions against cache side-channel attacks, RT-Sniper exhibits better detection performance with lower performance overhead.
AB - Since cache side-channel attacks have been serious security threats to multi-tenant systems, there have been several studies to protect systems against the attacks. However, the prior studies have limitations in determining only the existence of the attack and/or occupying too many computing resources in runtime. We propose a low-overhead pinpointing solution, called RT-Sniper, to overcome such limitations. RT-Sniper employs a two-level filtering mechanism to minimize performance overhead. It first monitors hardware events per core and isolates a suspected core to run a malicious process. Then among the processes running on the selected core, RT-Sniper pinpoints a malicious process through a per-process monitoring approach. With the core-level filtering, RT-Sniper has an advantage in overhead compared to the previous works. We evaluate RT-Sniper against Flush+Reload and Prime+Probe attacks running SPEC2017, LMBench, and PARSEC benchmarks on multi-core systems. Our evaluation demonstrates that the performance overhead by RT-Sniper is negligible (0.3% for single-threaded applications and 2.05% for multi-threaded applications). Compared to the previous defense solutions against cache side-channel attacks, RT-Sniper exhibits better detection performance with lower performance overhead.
KW - Cache side-channel attacks
KW - Malware detection
KW - Overhead
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85118697674&partnerID=8YFLogxK
U2 - 10.3390/electronics10222748
DO - 10.3390/electronics10222748
M3 - Article
AN - SCOPUS:85118697674
SN - 2079-9292
VL - 10
JO - Electronics (Switzerland)
JF - Electronics (Switzerland)
IS - 22
M1 - 2748
ER -