A Noise-resilient Detection Method against Advanced Cache Timing Channel Attack

Recent researches show that computers which are physically shared by multiple users are vulnerable to microarchitecture-based information leakage. Among all microarchitecture components, cache provides the largest attack surface. Cache timing channels manipulate the cache access latency to leak information leaving no physical trace. To mitigate cache timing channels, various detection methods are proposed. However, with the knowledge of existing detection methods, an advanced adversary can intentionally inject noise to evade detection. For example, the detection based on correlation method which extracts the repetitive behavior of cache timing channels can be evaded by randomizing the gap between information transmitting and receiving activity. The classification based detection would be obfuscated if adversary imitate the behavior of benign applications. We propose a novel noise-resilient detection method which focuses on the dependency between behavior of two processes. For each process, we define a group of events and track the conditional probability of every event given the appearance of the events from another process. With this method, we are able to detect the existence of cache timing channels. Our detection method is hard to evade because the dependency of cache behavior is necessary for any communication through cache timing channels.

[1]  Milos Doroslovacki,et al.  Detecting Hardware Covert Timing Channels , 2016, IEEE Micro.

[2]  Milos Doroslovacki,et al.  Are Coherence Protocol States Vulnerable to Information Leakage? , 2018, 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[3]  Somayeh Sardashti,et al.  The gem5 simulator , 2011, CARN.

[4]  Josep Torrellas,et al.  ReplayConfusion: Detecting cache-based covert channel attacks using record and replay , 2016, 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[5]  Mathias Payer,et al.  HexPADS: A Platform to Detect "Stealth" Attacks , 2016, ESSoS.

[6]  Guru Venkataramani,et al.  DeFT: Design space exploration for on-the-fly detection of coherence misses , 2011, TACO.

[7]  Milos Doroslovacki,et al.  Prefetch-guard: Leveraging hardware prefetches to defend against cache timing channels , 2018, 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[8]  Zhenyu Wu,et al.  Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud , 2012, USENIX Security Symposium.

[9]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[10]  Ruby B. Lee,et al.  Covert and Side Channels Due to Processor Architecture , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[11]  Ruby B. Lee,et al.  Random Fill Cache Architecture , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.

[12]  Milos Doroslovacki,et al.  PrODACT: Prefetch-Obfuscator to Defend Against Cache Timing Channels , 2018, International Journal of Parallel Programming.

[13]  Milos Doroslovacki,et al.  Covert Timing Channels Exploiting Non-Uniform Memory Access based Architectures , 2017, ACM Great Lakes Symposium on VLSI.

[14]  Guru Venkataramani,et al.  CC-Hunter: Uncovering Covert Timing Channels on Shared Processor Hardware , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.

[15]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.