2 research outputs found
Towards a Better Indicator for Cache Timing Channels
Recent studies highlighting the vulnerability of computer architecture to
information leakage attacks have been a cause of significant concern. Among the
various classes of microarchitectural attacks, cache timing channels are
especially worrisome since they have the potential to compromise users' private
data at high bit rates. Prior works have demonstrated the use of cache miss
patterns to detect these attacks. We find that cache miss traces can be easily
spoofed and thus they may not be able to identify smarter adversaries. In this
work, we show that \emph{cache occupancy}, which records the number of cache
blocks owned by a specific process, can be leveraged as a stronger indicator
for the presence of cache timing channels. We observe that the modulation of
cache access latency in timing channels can be recognized through analyzing
pairwise cache occupancy patterns. Our experimental results show that cache
occupancy patterns cannot be easily obfuscated even by advanced adversaries
that successfully evade cache miss-based detection
Real time Detection of Spectre and Meltdown Attacks Using Machine Learning
Recently discovered Spectre and meltdown attacks affects almost all
processors by leaking confidential information to other processes through
side-channel attacks. These vulnerabilities expose design flaws in the
architecture of modern CPUs. To fix these design flaws, it is necessary to make
changes in the hardware of modern processors which is a non-trivial task.
Software mitigation techniques for these vulnerabilities cause significant
performance degradation. In order to mitigate against Spectre and Meltdown
attacks while retaining the performance benefits of modern processors, in this
paper, we present a real-time detection mechanism for Spectre and Meltdown
attacks by identifying the misuse of speculative execution and side-channel
attacks. We use hardware performance counters and software events to monitor
activity related to speculative execution, branch prediction, and cache
interference. We use various machine learning models to analyze these events.
These events produce a very distinctive pattern while the system is under
attack; machine learning models are able to detect Meltdown and Spectre attacks
under realistic load conditions with an accuracy of over 99%