RT-Sniper: A Low-Overhead Defense Mechanism Pinpointing Cache Side-Channel Attacks

RT-Sniper: A Low-Overhead Defense Mechanism Pinpointing Cache Side-Channel Attacks

Since cache side-channel attacks have been serious security threats to multi-tenant systems, there have been several studies to protect systems against the attacks. However, the prior studies have limitations in determining only the existence of the attack and/or occupying too many computing resourc...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Minkyu Song, Junyeon Lee, Taeweon Suh, Gunjae Koo
Formato: article
Lenguaje:EN
Publicado: MDPI AG 2021
Materias:
malware detection
cache side-channel attacks
security
overhead
Electronics
TK7800-8360
Acceso en línea:https://doaj.org/article/dff2245456c54f99a22288648a9d4940
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:dff2245456c54f99a22288648a9d4940
record_format dspace
spelling oai:doaj.org-article:dff2245456c54f99a22288648a9d49402021-11-25T17:24:19ZRT-Sniper: A Low-Overhead Defense Mechanism Pinpointing Cache Side-Channel Attacks10.3390/electronics102227482079-9292https://doaj.org/article/dff2245456c54f99a22288648a9d49402021-11-01T00:00:00Zhttps://www.mdpi.com/2079-9292/10/22/2748https://doaj.org/toc/2079-9292Since cache side-channel attacks have been serious security threats to multi-tenant systems, there have been several studies to protect systems against the attacks. However, the prior studies have limitations in determining only the existence of the attack and/or occupying too many computing resources in runtime. We propose a low-overhead pinpointing solution, called RT-Sniper, to overcome such limitations. RT-Sniper employs a two-level filtering mechanism to minimize performance overhead. It first monitors hardware events per core and isolates a suspected core to run a malicious process. Then among the processes running on the selected core, RT-Sniper pinpoints a malicious process through a per-process monitoring approach. With the core-level filtering, RT-Sniper has an advantage in overhead compared to the previous works. We evaluate RT-Sniper against Flush+Reload and Prime+Probe attacks running SPEC2017, LMBench, and PARSEC benchmarks on multi-core systems. Our evaluation demonstrates that the performance overhead by RT-Sniper is negligible (0.3% for single-threaded applications and 2.05% for multi-threaded applications). Compared to the previous defense solutions against cache side-channel attacks, RT-Sniper exhibits better detection performance with lower performance overhead.Minkyu SongJunyeon LeeTaeweon SuhGunjae KooMDPI AGarticlemalware detectioncache side-channel attackssecurityoverheadElectronicsTK7800-8360ENElectronics, Vol 10, Iss 2748, p 2748 (2021)
institution DOAJ
collection DOAJ
language EN
topic malware detection
cache side-channel attacks
security
overhead
Electronics
TK7800-8360
spellingShingle malware detection
cache side-channel attacks
security
overhead
Electronics
TK7800-8360
Minkyu Song
Junyeon Lee
Taeweon Suh
Gunjae Koo
RT-Sniper: A Low-Overhead Defense Mechanism Pinpointing Cache Side-Channel Attacks
description Since cache side-channel attacks have been serious security threats to multi-tenant systems, there have been several studies to protect systems against the attacks. However, the prior studies have limitations in determining only the existence of the attack and/or occupying too many computing resources in runtime. We propose a low-overhead pinpointing solution, called RT-Sniper, to overcome such limitations. RT-Sniper employs a two-level filtering mechanism to minimize performance overhead. It first monitors hardware events per core and isolates a suspected core to run a malicious process. Then among the processes running on the selected core, RT-Sniper pinpoints a malicious process through a per-process monitoring approach. With the core-level filtering, RT-Sniper has an advantage in overhead compared to the previous works. We evaluate RT-Sniper against Flush+Reload and Prime+Probe attacks running SPEC2017, LMBench, and PARSEC benchmarks on multi-core systems. Our evaluation demonstrates that the performance overhead by RT-Sniper is negligible (0.3% for single-threaded applications and 2.05% for multi-threaded applications). Compared to the previous defense solutions against cache side-channel attacks, RT-Sniper exhibits better detection performance with lower performance overhead.
format article
author Minkyu Song
Junyeon Lee
Taeweon Suh
Gunjae Koo
author_facet Minkyu Song
Junyeon Lee
Taeweon Suh
Gunjae Koo
author_sort Minkyu Song
title RT-Sniper: A Low-Overhead Defense Mechanism Pinpointing Cache Side-Channel Attacks
title_short RT-Sniper: A Low-Overhead Defense Mechanism Pinpointing Cache Side-Channel Attacks
title_full RT-Sniper: A Low-Overhead Defense Mechanism Pinpointing Cache Side-Channel Attacks
title_fullStr RT-Sniper: A Low-Overhead Defense Mechanism Pinpointing Cache Side-Channel Attacks
title_full_unstemmed RT-Sniper: A Low-Overhead Defense Mechanism Pinpointing Cache Side-Channel Attacks
title_sort rt-sniper: a low-overhead defense mechanism pinpointing cache side-channel attacks
publisher MDPI AG
publishDate 2021
url https://doaj.org/article/dff2245456c54f99a22288648a9d4940
work_keys_str_mv AT minkyusong rtsniperalowoverheaddefensemechanismpinpointingcachesidechannelattacks
AT junyeonlee rtsniperalowoverheaddefensemechanismpinpointingcachesidechannelattacks
AT taeweonsuh rtsniperalowoverheaddefensemechanismpinpointingcachesidechannelattacks
AT gunjaekoo rtsniperalowoverheaddefensemechanismpinpointingcachesidechannelattacks
_version_ 1718412441339035648

Ejemplares similares