Locality Based Cache Side-channel Attack Detection

Limin Wang, Lei Bu, Fu Song
{"title":"Locality Based Cache Side-channel Attack Detection","authors":"Limin Wang, Lei Bu, Fu Song","doi":"10.29007/vbqt","DOIUrl":null,"url":null,"abstract":"Cryptographic algorithms are fundamental to security. However, it has been shown that secret information could be effectively extracted through monitoring and analyzing the cache side-channel information (i.e., hit and miss) of cryptographic implementations. To mitigate such attacks, a large number of detection-based defenses have been proposed. To the best of our knowledge, almost all of them are achieved by collecting and analyzing hardware performance counter (HPC) data. But these low-level HPC data usually lacks semantic information and is easy to be interfered, which makes it difficult to determine the attack type by analyzing the HPC information only.Actually, the behavior of a cache attack is localized. In certain attack-related steps, the data accesses of cache memory blocks are intensive, while such behavior can be distributed sparsely among different attack steps. Based on this observation, in this paper, we pro- pose the locality-based cache side-channel attack detection method, which combines the low-level HPC running data with the high-level control flow graph (CFG) of the program to achieve locality-guided attack pattern extraction. Then we can use GNN graph clas- sification technology to learn such attack pattern and detect malicious attack programs. The experiments with a corpus of 1200 benchmarks show that our approach can achieve 99.44% accuracy and 99.47% F1-Score with a low performance overhead.","PeriodicalId":93549,"journal":{"name":"EPiC series in computing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"EPiC series in computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.29007/vbqt","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

Cryptographic algorithms are fundamental to security. However, it has been shown that secret information could be effectively extracted through monitoring and analyzing the cache side-channel information (i.e., hit and miss) of cryptographic implementations. To mitigate such attacks, a large number of detection-based defenses have been proposed. To the best of our knowledge, almost all of them are achieved by collecting and analyzing hardware performance counter (HPC) data. But these low-level HPC data usually lacks semantic information and is easy to be interfered, which makes it difficult to determine the attack type by analyzing the HPC information only.Actually, the behavior of a cache attack is localized. In certain attack-related steps, the data accesses of cache memory blocks are intensive, while such behavior can be distributed sparsely among different attack steps. Based on this observation, in this paper, we pro- pose the locality-based cache side-channel attack detection method, which combines the low-level HPC running data with the high-level control flow graph (CFG) of the program to achieve locality-guided attack pattern extraction. Then we can use GNN graph clas- sification technology to learn such attack pattern and detect malicious attack programs. The experiments with a corpus of 1200 benchmarks show that our approach can achieve 99.44% accuracy and 99.47% F1-Score with a low performance overhead.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于局部性的缓存侧通道攻击检测
密码算法是安全的基础。然而,研究表明,通过监控和分析加密实现的缓存侧信道信息(即命中和未命中),可以有效地提取秘密信息。为了减轻这种攻击,已经提出了大量基于检测的防御措施。据我们所知,几乎所有这些都是通过收集和分析硬件性能计数器(HPC)数据来实现的。但是这些低级的高性能计算数据通常缺乏语义信息,容易被干扰,这使得仅通过分析高性能计算信息来确定攻击类型变得困难。实际上,缓存攻击的行为是局部的。在某些与攻击相关的步骤中,缓存块的数据访问是密集的,而这种行为可以稀疏地分布在不同的攻击步骤中。基于此,本文提出了基于位置的缓存侧信道攻击检测方法,该方法将低级HPC运行数据与程序的高级控制流图(CFG)相结合,实现位置引导的攻击模式提取。然后利用GNN图分类技术学习这种攻击模式,检测出恶意攻击程序。在1200个基准语料库上的实验表明,我们的方法在较低的性能开销下可以达到99.44%的准确率和99.47%的F1-Score。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
1.60
自引率
0.00%
发文量
0
期刊最新文献
ARCH-COMP23 Category Report: Hybrid Systems Theorem Proving ARCH-COMP23 Category Report: Continuous and Hybrid Systems with Linear Continuous Dynamics ARCH-COMP23 Category Report: Continuous and Hybrid Systems with Nonlinear Dynamics ARCH-COMP23 Repeatability Evaluation Report ARCH-COMP23 Category Report: Artificial Intelligence and Neural Network Control Systems (AINNCS) for Continuous and Hybrid Systems Plants
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1