Abstract
Recent work has demonstrated the security risk associated with micro-architecture side-channels. The cache timing side-channel is a particularly popular target due to its availability and high leakage bandwidth. Existing proposals for defending cache side-channel attacks either degrade cache performance and/or limit cache sharing, hence, should only be invoked when the system is under attack. A lightweight monitoring mechanism that detects malicious micro-architecture manipulation in realistic environments is essential for the judicious deployment of these defense mechanisms.In this paper, we propose PREDATOR, a cache side-channel attack detector that identifies cache events caused by an attacker. To detect side-channel attacks in noisy environments, we take advantage of the observation that, unlike non-specific noises, an active attacker alters victim's micro-architectural states on security critical accesses and thus causes the victim extra cache events on those accesses. PREDATOR uses precise performance counters to collect detailed victim's access information and analyzes location-based deviations. PREDATOR is capable of detecting five different attacks with high accuracy and limited performance overhead in complex noisy execution environments. PREDATOR remains effective even when the attacker slows the attack rate by 256 times. Furthermore, PREDATOR is able to accurately report details about the attack such as the instruction that accesses the attacked data. In the case of GnuPG RSA [20], PREDATOR can pinpoint the square/multiply operations in the Modulo-Reduce algorithm; and in the case of OpenSSL AES [45], it can identify the accesses to the Te-Table.
Original language | English (US) |
---|---|
Title of host publication | Proceedings - 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 25-36 |
Number of pages | 12 |
ISBN (Electronic) | 9781665485265 |
DOIs | |
State | Published - 2022 |
Event | 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022 - Storrs, United States Duration: Sep 26 2022 → Sep 27 2022 |
Publication series
Name | Proceedings - 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022 |
---|
Conference
Conference | 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022 |
---|---|
Country/Territory | United States |
City | Storrs |
Period | 9/26/22 → 9/27/22 |
Bibliographical note
Funding Information:We are very grateful to Professor Huiyang Zhou and the anonymous reviewers for their valuable suggestions and comments. This research was supported in part by NSF under Grants CNS-1514444 and CNS-2106771.
Publisher Copyright:
© 2022 IEEE.