Towards a Better Indicator for Cache Timing Channels

Recent studies highlighting the vulnerability of computer architecture to information leakage attacks have been a cause of significant concern. Among the various classes of microarchitectural attacks, cache timing channels are especially worrisome since they have the potential to compromise users' private data at high bit rates. Prior works have demonstrated the use of cache miss patterns to detect these attacks. We find that cache miss traces can be easily spoofed and thus they may not be able to identify smarter adversaries. In this work, we show that \emph{cache occupancy}, which records the number of cache blocks owned by a specific process, can be leveraged as a stronger indicator for the presence of cache timing channels. We observe that the modulation of cache access latency in timing channels can be recognized through analyzing pairwise cache occupancy patterns. Our experimental results show that cache occupancy patterns cannot be easily obfuscated even by advanced adversaries that successfully evade cache miss-based detection

Real time Detection of Spectre and Meltdown Attacks Using Machine Learning

Recently discovered Spectre and meltdown attacks affects almost all processors by leaking confidential information to other processes through side-channel attacks. These vulnerabilities expose design flaws in the architecture of modern CPUs. To fix these design flaws, it is necessary to make changes in the hardware of modern processors which is a non-trivial task. Software mitigation techniques for these vulnerabilities cause significant performance degradation. In order to mitigate against Spectre and Meltdown attacks while retaining the performance benefits of modern processors, in this paper, we present a real-time detection mechanism for Spectre and Meltdown attacks by identifying the misuse of speculative execution and side-channel attacks. We use hardware performance counters and software events to monitor activity related to speculative execution, branch prediction, and cache interference. We use various machine learning models to analyze these events. These events produce a very distinctive pattern while the system is under attack; machine learning models are able to detect Meltdown and Spectre attacks under realistic load conditions with an accuracy of over 99%