Real-time Detection of Cache Side-channel Attack Using Non-cache Hardware Events

Hodong Kim, Changhee Hahn, Junbeom Hur

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Cache side-channel attack is a class of attacks to retrieve sensitive information from a system by exploiting shared resource in CPUs. As the attacks are delivered to wide range of environments from mobile systems to cloud recently, many detection strategies have been proposed. Since the conventional cache side-channel are likely to incur tremendous number of cache events, most of the previous detection mechanisms were designed to carefully monitor cache events. However, recently proposed attacks tend to incur less cache events during the attack. PRIME+ABORT attack, for example, leverages the Intel TSX instead of accessing cache to measure access time. Because of the characteristic, cache event based detection mechanisms may hardly distinguish the attack. In this paper, we conduct an in-depth analysis of the PRIME+ABORT attack to identify the other useful hardware events for detection rather than cache events. Based on our finding, we present a novel mechanism called PRIME+ABORT Detector to detect the PRIME+ABORT attack and demonstrate that the detection mechanism can achieve 99.5% success rates with 0.3% performance overhead.

Original languageEnglish
Title of host publication35th International Conference on Information Networking, ICOIN 2021
PublisherIEEE Computer Society
Pages28-31
Number of pages4
ISBN (Electronic)9781728191003
DOIs
Publication statusPublished - 2021 Jan 13
Event35th International Conference on Information Networking, ICOIN 2021 - Jeju Island, Korea, Republic of
Duration: 2021 Jan 132021 Jan 16

Publication series

NameInternational Conference on Information Networking
Volume2021-January
ISSN (Print)1976-7684

Conference

Conference35th International Conference on Information Networking, ICOIN 2021
CountryKorea, Republic of
CityJeju Island
Period21/1/1321/1/16

Keywords

  • Cache side-channel attack
  • PRIME+ABORT
  • Real-time attack detection

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Fingerprint Dive into the research topics of 'Real-time Detection of Cache Side-channel Attack Using Non-cache Hardware Events'. Together they form a unique fingerprint.

Cite this