[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ Skip to main content
Springer Nature Link
Log in

The Kingsguard OS-level mitigation against cache side-channel attacks using runtime detection

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

Most of the mitigation techniques against access-driven cache side-channel attacks (CSCAs) are not very effective. This is mainly because most mitigation techniques usually protect against any given specific vulnerability of the system and do not take a system-wide approach. Moreover, they either completely remove or greatly reduce the performance benefits. Therefore, to find a security vs performance trade-off, we argue in favor of need-based protection in this paper, which will allow the operating system to apply mitigation only after successful detection of CSCAs. Thus, detection can serve as a first line of defense against such attacks. In this work, we propose a novel OS-level runtime detection-based mitigation mechanism, called the Kingsguard, against CSCAs in general-purpose operating systems. The proposed mechanism enhances the security and privacy capabilities of Linux as a proof of concept, and it can be widely used in commodity systems without any hardware modifications. We provide experimental validation by mitigating three state-of-the-art CSCAs on two different cryptosystems running under Linux. We have also provided results by analyzing the effect of the combination of multiple attacks running concurrently under variable system noise. Our results show that the Kingsguard can detect and mitigate known CSCAs with an accuracy of more than 99% and 95%, respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (United Kingdom)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Performance application programming interface. In: http://icl.cs.utk.edu/papi/http://icl.cs.utk.edu/papi/ (2018)

  2. Aciiçmez O (2007) Yet another microarchitectural attack: exploiting I-cache. In: Proceedings of the 2007 ACM workshop on computer security architecture, CSAW ’07. ACM, New York, pp 11–18. https://doi.org/10.1145/1314466.1314469

  3. Akram A, Mushtaq M, Bhatti M, Lapotre V, Gogniat G (2020) Meet the Sherlock Holmes’ of side channel leakage: a survey of cache sca detection techniques. IEEE Access 8:70,836–70,860

    Article  Google Scholar 

  4. Alam M, Bhattacharya S, Mukhopadhyay D, Bhattacharya S (2017) Performance counters to rescue: a machine learning based safeguard against micro-architectural side-channel-attacks. Cryptology ePrint Archive Report 2017/564

  5. Allaf Z, Adda M, Gegov A (2017) A comparison study on flush+reload and prime+probe attacks on aes using machine learning approachess. UK Workshop on Computational Intelligence pp 203—-213

  6. Askarov A, Zhang D, Myers AC (2010) Predictive black-box mitigation of timing channels. In: Proceedings of the 17th ACM conference on computer and communications security, CCS ’10. ACM, New York, pp 297–307. https://doi.org/10.1145/1866307.1866341

  7. Bazm MM, Sautereau T, Lacoste M, Sudholt M, Menaud JM (2018) Cache-based side-channel attacks detection through intel cache monitoring technology and hardware performance counters. In: 2018 Third international conference on fog and mobile edge computing (FMEC). IEEE, pp 7–12

  8. Berard D https://github.com/polymorf/misc-cache-attacks/

  9. Briongos S, Irazoqui G, Malagón P, Eisenbarth T (2018) Cacheshield: detecting cache attacks through self-observation. In: Proceedings of the eighth ACM conference on data and application security and privacy. ACM, pp 224–235

  10. Chiappetta M, Savas E, Yilmaz C (2016) Real time detection of cache-based side-channel attacks using hardware performance counters. Appl Soft Comput 49(C):1162–1174. https://doi.org/10.1016/j.asoc.2016.09.014

    Article  Google Scholar 

  11. Das S, Werner J, Antonakakis M, Polychronakis M, Monrose F (2019) Sok: the challenges, pitfalls, and perils of using hardware performance counters for security. In: 2019 IEEE Symposium on security and privacy (SP). IEEE, pp 20–38

  12. France L, Mushtaq M, Bruguier F, Novo D, Benoit P (2021) Vulnerability assessment of the Rowhammer attack using machine learning and the gem5 simulator-work in progress. In: Proceedings of the 2021 ACM workshop on secure and trustworthy cyber-physical systems, pp 104–109

  13. Ge Q, Yarom Y, Cock D, Heiser G (2016) A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. J Cryptogr Eng, 1–27. https://doi.org/10.1007/s13389-016-0141-6

  14. Gruss D https://github.com/iaik/flush_flush

  15. Gruss D, Maurice C, Wagner K, Mangard S (2016) Flush+Flush: a fast and stealthy cache attack. In: Proceedings of the 13th international conference on detection of intrusions and malware, and vulnerability assessment - volume 9721, DIMVA 2016. Springer, New York, pp 279–299

  16. Gülmezoğlu B, İnci MS, Irazoqui G, Eisenbarth T, Sunar B (2015) A faster and more realistic flush+reload attack on aes. In: Revised selected papers of the 6th international workshop on constructive side-channel analysis and secure design - volume 9064, COSADE 2015. Springer, New York, pp 111–126. https://doi.org/10.1007/978-3-319-21476-4_8

  17. He KK (2005) Kernel Korner. why and how to use netlink socket https://www.linuxjournal.com/article/7356

  18. Irazoqui G, Inci MS, Eisenbarth T, Sunar B (2014) Wait a minute! A fast, Cross-VM attack on AES. In: International workshop on recent advances in intrusion detection. Springer, pp 299–319

  19. Kocher P, Genkin D, Gruss D, Haas W, Hamburg M, Lipp M, Mangard S, Prescher T, Schwarz M, Yarom Y (2018) Spectre attacks: exploiting speculative execution. CoRR abs/1801:01203

  20. Kulah Y, Dincer B, Yilmaz C, Savas E (2018) Spydetector: an approach for detecting side-channel attacks at runtime

  21. Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Mangard S, Kocher P, Genkin D, Yarom Y, Hamburg M (2018)

  22. Liu F, Yarom Y, Ge Q, Heiser G, Lee RB (2015) Last-level cache side-channel attacks are practical. In: Proceedings of the 2015 IEEE symposium on security and privacy, SP ’15. IEEE Computer Society, Washington, pp 605–622. https://doi.org/10.1109/SP.2015.43

  23. Liu L, Wang A, Zang W, Yu M, Xiao M, Chen S (2018) Shuffler: mitigate cross-VM side-channel attacks via hypervisor scheduling. In: International conference on security and privacy in communication systems. Springer, pp 491–511

  24. Mushtaq M (2019) Software-based detection and mitigation of microarchitectural attacks on Intel’s x86 architecture. Theses, Université de Bretagne Sud. https://hal-univ-ubs.archives-ouvertes.fr/tel-03105715

  25. Mushtaq M, Akram A, Bhatti M, Rao NBR, Lapotre V, Gogniat G (2018) Run-time detection of Prime+ Probe side-channel attack on AES encryption algorithm. In: Global Information infrastructure and networking symposium

  26. Mushtaq M, Akram A, Bhatti M, Chaudhry M, Lapotre V, Gogniat G (2018) Nights-watch: a cache-based side-channel intrusion detector using hardware performance counters. In: Proceedings of the 7th International workshop on hardware and architectural support for security and privacy. ACM, p 1

  27. Mushtaq M, Akram A, Bhatti M, Chaudhry M, Yousaf M, Farooq U, Lapotre V, Gogniat G (2018) Machine learning for security: the case of side-channel attack detection at run-time. In: 25th IEEE International conference on electronics circuits and systems. Bordeaux

  28. Mushtaq M, Bricq J, Bhatti M, Akram A, Lapotre V, Gogniat G, Benoit P (2020) Whisper: a tool for run-time detection of side-channel attacks. IEEE Access 8:83,871–83,900. https://doi.org/10.1109/ACCESS.2020.2988370

    Article  Google Scholar 

  29. Osvik DA, Shamir A, Tromer E (2006) Cache attacks and countermeasures: the case of AES. Springer, Berlin, pp 1–20. https://doi.org/10.1007/11605805_1

    MATH  Google Scholar 

  30. Peng Sh, Zhou Qf, Zhao Jl (2017) Detection of cache-based side channel attack based on performance counters. DEStech Trans on Computer Science and Engg

  31. Sabbagh M, Fei Y, Wahl T, Ding AA (2018) SCADET: a side-channel attack detection tool for tracking Prime+ Probe. In: ICCAD

  32. Stefan D, Buiras P, Yang EZ, Levy A, Terei D, Russo A, Mazières D (2013) Eliminating cache-based timing attacks with instruction-based scheduling. In: European symposium on research in computer security. Springer, pp 718–735

  33. Tromer E, Osvik DA, Shamir A (2010) Efficient Cache Attacks on AES, and Countermeasures. J Cryptol 23(1):37–71. https://doi.org/10.1007/s00145-009-9049-y

    Article  MathSciNet  MATH  Google Scholar 

  34. Vattikonda BC, Das S, Shacham H (2011) Eliminating fine grained timers in Xen. In: Proceedings of the 3rd ACM workshop on cloud computing security workshop, cCSW ’11. ACM, New York, pp 41–46. https://doi.org/10.1145/2046660.2046671

  35. Yarom Y, Benger N Recovering OpenSSL ECDSA Nonces using the FLUSH+RELOAD cache side-channel attack

  36. Yarom Y, Falkner K (2014) FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: Proceedings of the 23rd USENIX conference on security symposium, SEC’14. USENIX Association, Berkeley, pp 719–732. http://dl.acm.org/citation.cfm?id=2671225.2671271

  37. Yarom Y, Genkin D, Heninger N (2016) CacheBleed: a timing attack on OpenSSL constant time RSA. Springer, Berlin, pp 346–367. https://doi.org/10.1007/978-3-662-53140-2_17

    Google Scholar 

  38. Zhang R, Su X, Wang J, Wang C, Liu W, Lau RWH (2015) On mitigating the risk of cross-vm covert channels in a public cloud. IEEE Trans Parallel Distrib Syst 26(8):2327–2339. https://doi.org/10.1109/TPDS.2014.2346504

    Article  Google Scholar 

  39. Zhang T, Zhang Y, Lee RB (2016) Cloudradar: a real-time side-channel attack detection system in clouds. In: International symposium on research in attacks, intrusions, and defenses. Springer, pp 118–140

  40. Zhang Y, Juels A, Reiter MK, Ristenpart T (2012) Cross-vm side channels and their use to extract private keys. In: Proceedings of the 2012 ACM conference on computer and communications security, CCS ’12

  41. Zhang Y, Reiter MK (2013) Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In: Proceedings of the 2013 ACM SIGSAC conference on computer & communications security, CCS ’13, pp 827– 838

Download references

Author information

Authors and Affiliations

  1. LTCI, Télécom Paris, Institute Polytechnique de Paris, Palaiseau, France

    Maria Mushtaq

  2. Information Technology University, Lahore, Pakistan

    Muhammad Muneeb Yousaf & Muhammad Khurram Bhatti

  3. Lab-STICC, Universite Bretagne Sud, Lorient, France

    Vianney Lapotre & Guy Gogniat

Authors
  1. Maria Mushtaq
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Muneeb Yousaf
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muhammad Khurram Bhatti
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vianney Lapotre
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guy Gogniat
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maria Mushtaq.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mushtaq, M., Yousaf, M.M., Bhatti, M.K. et al. The Kingsguard OS-level mitigation against cache side-channel attacks using runtime detection. Ann. Telecommun. 77, 731–747 (2022). https://doi.org/10.1007/s12243-021-00906-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-021-00906-3

Keywords

Search

Navigation