PREDATOR: A Cache Side-Channel Attack Detector Based on Precise Event Monitoring

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Recent work has demonstrated the security risk associated with micro-architecture side-channels. The cache timing side-channel is a particularly popular target due to its availability and high leakage bandwidth. Existing proposals for defending cache side-channel attacks either degrade cache performance and/or limit cache sharing, hence, should only be invoked when the system is under attack. A lightweight monitoring mechanism that detects malicious micro-architecture manipulation in realistic environments is essential for the judicious deployment of these defense mechanisms.In this paper, we propose PREDATOR, a cache side-channel attack detector that identifies cache events caused by an attacker. To detect side-channel attacks in noisy environments, we take advantage of the observation that, unlike non-specific noises, an active attacker alters victim's micro-architectural states on security critical accesses and thus causes the victim extra cache events on those accesses. PREDATOR uses precise performance counters to collect detailed victim's access information and analyzes location-based deviations. PREDATOR is capable of detecting five different attacks with high accuracy and limited performance overhead in complex noisy execution environments. PREDATOR remains effective even when the attacker slows the attack rate by 256 times. Furthermore, PREDATOR is able to accurately report details about the attack such as the instruction that accesses the attacked data. In the case of GnuPG RSA [20], PREDATOR can pinpoint the square/multiply operations in the Modulo-Reduce algorithm; and in the case of OpenSSL AES [45], it can identify the accesses to the Te-Table.

Original languageEnglish (US)
Title of host publicationProceedings - 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages25-36
Number of pages12
ISBN (Electronic)9781665485265
DOIs
StatePublished - 2022
Event2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022 - Storrs, United States
Duration: Sep 26 2022Sep 27 2022

Publication series

NameProceedings - 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022

Conference

Conference2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022
Country/TerritoryUnited States
CityStorrs
Period9/26/229/27/22

Bibliographical note

Funding Information:
We are very grateful to Professor Huiyang Zhou and the anonymous reviewers for their valuable suggestions and comments. This research was supported in part by NSF under Grants CNS-1514444 and CNS-2106771.

Publisher Copyright:
© 2022 IEEE.

Fingerprint

Dive into the research topics of 'PREDATOR: A Cache Side-Channel Attack Detector Based on Precise Event Monitoring'. Together they form a unique fingerprint.

Cite this