{"title":"Locality Based Cache Side-channel Attack Detection","authors":"Limin Wang, Lei Bu, Fu Song","doi":"10.29007/vbqt","DOIUrl":null,"url":null,"abstract":"Cryptographic algorithms are fundamental to security. However, it has been shown that secret information could be effectively extracted through monitoring and analyzing the cache side-channel information (i.e., hit and miss) of cryptographic implementations. To mitigate such attacks, a large number of detection-based defenses have been proposed. To the best of our knowledge, almost all of them are achieved by collecting and analyzing hardware performance counter (HPC) data. But these low-level HPC data usually lacks semantic information and is easy to be interfered, which makes it difficult to determine the attack type by analyzing the HPC information only.Actually, the behavior of a cache attack is localized. In certain attack-related steps, the data accesses of cache memory blocks are intensive, while such behavior can be distributed sparsely among different attack steps. Based on this observation, in this paper, we pro- pose the locality-based cache side-channel attack detection method, which combines the low-level HPC running data with the high-level control flow graph (CFG) of the program to achieve locality-guided attack pattern extraction. Then we can use GNN graph clas- sification technology to learn such attack pattern and detect malicious attack programs. The experiments with a corpus of 1200 benchmarks show that our approach can achieve 99.44% accuracy and 99.47% F1-Score with a low performance overhead.","PeriodicalId":93549,"journal":{"name":"EPiC series in computing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"EPiC series in computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.29007/vbqt","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Cryptographic algorithms are fundamental to security. However, it has been shown that secret information could be effectively extracted through monitoring and analyzing the cache side-channel information (i.e., hit and miss) of cryptographic implementations. To mitigate such attacks, a large number of detection-based defenses have been proposed. To the best of our knowledge, almost all of them are achieved by collecting and analyzing hardware performance counter (HPC) data. But these low-level HPC data usually lacks semantic information and is easy to be interfered, which makes it difficult to determine the attack type by analyzing the HPC information only.Actually, the behavior of a cache attack is localized. In certain attack-related steps, the data accesses of cache memory blocks are intensive, while such behavior can be distributed sparsely among different attack steps. Based on this observation, in this paper, we pro- pose the locality-based cache side-channel attack detection method, which combines the low-level HPC running data with the high-level control flow graph (CFG) of the program to achieve locality-guided attack pattern extraction. Then we can use GNN graph clas- sification technology to learn such attack pattern and detect malicious attack programs. The experiments with a corpus of 1200 benchmarks show that our approach can achieve 99.44% accuracy and 99.47% F1-Score with a low performance overhead.