Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2020, Vol. 60 Issue (6): 449-455    DOI: 10.16511/j.cnki.qhdxxb.2020.26.008
  专题:可信计算与信息安全 本期目录 | 过刊浏览 | 高级检索 |
基于性能分析的Cache侧信道攻击循环定位
彭双和, 赵佳利, 韩静
北京交通大学 智能交通数据安全与隐私保护北京市重点实验室, 北京 100036
Loop pinpoints of Cache side channel attacks from a performance analysis
PENG Shuanghe, ZHAO Jiali, HAN Jing
Beijing Key Laboratory of Intelligent Traffic Data Security and Privacy Protection, Beijing Jiaotong University, Beijing 100036, China
全文: PDF(4150 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 为了有效地对Cache侧信道攻击进行检测并定位,该文提出了基于性能分析的Cache侧信道攻击循环定位方法,分为攻击检测和攻击循环定位2阶段进行。攻击检测阶段采用硬件性能计数器检测二进制程序是否为Cache侧信道攻击程序;攻击循环定位阶段主要进行攻击循环的定位,首先采样性能事件,然后获取二进制程序的循环和函数等内部结构,结合采样数据定位攻击循环。最后选取典型的Cache侧信道攻击程序和良性程序进行检测,结果表明:该方法能准确区分攻击程序和良性程序;通过对比定位结果和攻击源代码,该方法能精确定位攻击循环。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
彭双和
赵佳利
韩静
关键词 Cache侧信道攻击循环分析定位    
Abstract:Cache attacks are a new type of side channel attack which pose a great threat to current security protection. This paper presents a method to effectively detect and locate Cache side channel attacks based on performance analyses of Cache side channel attack loop positioning. The analyses are divided into attack detection and attack loop positioning. In the attack detection phase, the hardware performance counter is used to detect whether a binary program is a Cache side channel attack program. The attack loop positioning phase then locates the attack loop, samples the performance events, and then identifies the internal structure of the binary program loop and function with the findings combined with sampling data to locate the attack loop. Finally, several typical Cache side channel attacks and benign programs are analyzed to show that this method can accurately distinguish between attack programs and benign programs. Comparison of the positioning results with the attack source code shows that the method can accurately locate the attack loop.
Key wordsCache side channel attack    loop analysis    pinpoint
收稿日期: 2019-09-29      出版日期: 2020-04-27
基金资助:国家自然科学基金资助项目(61572066)
引用本文:   
彭双和, 赵佳利, 韩静. 基于性能分析的Cache侧信道攻击循环定位[J]. 清华大学学报(自然科学版), 2020, 60(6): 449-455.
PENG Shuanghe, ZHAO Jiali, HAN Jing. Loop pinpoints of Cache side channel attacks from a performance analysis. Journal of Tsinghua University(Science and Technology), 2020, 60(6): 449-455.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2020.26.008  或          http://jst.tsinghuajournals.com/CN/Y2020/V60/I6/449
  
  
  
  
  
  
  
[1] KOCHER P, HORN J, FOGH A, et al. Spectre attacks:Exploiting speculative execution[C]//2019 IEEE Symposium on Security and Privacy (SP). San Francisco, USA:IEEE, 2019:1-19.
[2] LIPP M, SCHWARZ M, GRUSS D, et al. Meltdown[J]. arXiv preprint arXiv, 2018:1801.01207.
[3] ISLAM S, MOGHIMI A, BRUHNS I, et al. SPOILER:Speculative load hazards boost rowhammer and cache attacks[J]. arXiv preprint arXiv, 2019:1903.00446.
[4] SEABORN M, DULLIEN T. Exploiting the DRAM rowhammer bug to gain kernel privileges[Z]. Google Project Zero, 2015.
[5] TSUNOO Y, SAITO T, SUZAKI T, et al. Cryptanalysis of DES implemented on computers with cache[C]//International Workshop on Cryptographic Hardware and Embedded Systems. Berlin, Germany:Springer, 2003:62-76.
[6] YAROM Y, FALKNER K. FLUSH+ RELOAD:A high resolution, low noise, L3 cache side-channel sttack[C]//23rd USENIX Security Symposium. San Diego, USA:USENIX, 2014:22-25.
[7] OSVIK D A, SHAMIR A, TROMER E. Cache attacks and countermeasures:The case of AES[C]//Cryptographers' Track at the RSA Conference. Berlin, Germany:Springer, 2006:1-20.
[8] GRUSS D, MAURICE C, WAGNER K, et al. Flush+Flush:A fast and stealthy cache attack[C]//International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Cham, Germany:Springer, 2016:279-299.
[9] LI Z, ZOU D Q, XU S H, et al. VulPecker:An automated vulnerability detection system based on code similarity analysis[C]//Proceedings of the 32nd Annual Conference on Computer Security Applications. Los Angeles, USA:ACM, 2016:201-213.
[10] JOVANOVIC N, KRUEGEL C, KIRDA E. Pixy:A static analysis tool for detecting web application vulnerabilities[C]//2006 IEEE Symposium on Security and Privacy (S&P'06). Berkeley, USA:IEEE, 2006:263-263.
[11] NEWSOME J, SONG D X. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software[C]//NDSS Symposium 2005, San Diego, USA:NDSS. 2005:3-4.
[12] CASTRO M, COSTA M, HARRIS T. Securing software by enforcing data-flow integrity[C]//Proceedings of the 7th Symposium on Operating Systems Design and Implementation. Berkeley, USA:USENIX Association, 2006:147-160.
[13] CHEN Y, KHANDAKER M, WANG Z. Pinpointing vulnerabilities[C]//Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. New York, USA:ACM, 2017:334-345.
[14] XU G Q, YAN D C, ROUNTEV A. Static detection of loop-invariant data structures[C]//European Conference on Object-Oriented Programming. Berlin, Germany:Springer, 2012:738-763.
[15] MOSELEY T, GRUNWALD D, CONNORS D A, et al. Loopprof:Dynamic techniques for loop detection and profiling[C/OL].[2019-05-20]. https://www.researchgate.net/profile/Daniel_Connors/publication/249981892_LoopProf_Dynamic_Techniques_for_Loop_Detection_and_Profiling/links/547eb6da0cf2d2200ede9d06.pdf.
[16] SATO Y, SUZUKI K I, NAKAMURA T. Run-time detection mechanism of nested call-loop structure to monitor the actual execution of codes[C]//2009 Software Technologies for Future Dependable Distributed Systems. Tokyo, Japan:IEEE, 2009:184-188.
[17] SATO Y, INOGUCHI Y, NAKAMURA T. On-the-fly detection of precise loop nests across procedures on a dynamic binary translation system[C]//Proceedings of the 8th ACM International Conference on Computing Frontiers. Ischia, Italy:ACM, 2011:25-26.
[18] SATO Y, INOGUCHI Y, NAKAMURA T. Whole program data dependence profiling to unveil parallel regions in the dynamic execution[C]//2012 IEEE International Symposium on Workload Characterization (IISWC). La Jolla, USA:IEEE, 2012:69-80.
[19] SATO Y, INOGUCHI Y, NAKAMURA T. Identifying program loop nesting structures during execution of machine code[J]. IEICE Transactions on Information and Systems, 2014, 97(9):2371-2385.
[20] AMMONS G, BALL T, LARUS J R. Exploiting hardware performance counters with flow and context sensitive profiling[J]. ACM SIGPLAN Notices, 1997, 32(5):85-96.
[21] ZHANG Y Q, JUELS A, OPREA A, et al. HomeAlone:Co-residency detection in the cloud via side-channel analysis[C]//2011 IEEE Symposium on Security and Privacy. Berkeley, USA:IEEE, 2011:313-328.
[22] PAYER M. HexPADS:A platform to detect "stealth" attacks[C]//International Symposium on Engineering Secure Software and Systems. Cham, Germany:Springer, 2016:138-154.
[23] CHIAPPETTA M, SAVAS E, YILMAZ C. Real time detection of cache-based side-channel attacks using hardware performance counters[J]. Applied Soft Computing, 2016, 49:1162-1174.
[24] BAZM M M, SAUTEREAU T, LACOSTE M, et al. Cache-based side-channel attacks detection through intel cache monitoring technology and hardware performance counters[C]//2018 Third International Conference on Fog and Mobile Edge Computing (FMEC). Barcelona, Spain:IEEE, 2018:7-12.
[25] MUSHTAQ M, AKRAM A, BHATTI M K, et al. Run-time detection of prime+ probe side-channel attack on AES encryption algorithm[C]//2018 Global Information Infrastructure and Networking Symposium (GIIS). Thessaloniki, Greece:IEEE, 2018:1-5.
[26] DE MELO A C. Performance counters on Linux[C]//Presentation at the Linux Plumbers Conference. Lisbon, Portugal, 2009.
[27] WEAVER V M. Linux perf_event features and overhead[C]//The 2nd International Workshop on Performance Analysis of Workload Optimized Systems. Austin, USA:FastPath, 2013:13.
[28] ERANIAN S. Perfmon2:A flexible performance monitoring interface for Linux[C]//Proceedings of the 2006 Ottawa Linux Symposium. Ottawa, Canada Hewlett-Packard Development Company, 2006:269-288.
[29] DE MELO A C. The new linux'perf'tools[C]//Slides from Linux Kongress. Nuremberg, Germany, 2010.
[30] LUK C K, COHN R, MUTH R, et al. Pin:Building customized program analysis tools with dynamic instrumentation[J]. ACM SIGPLAN Notices, 2005, 40(6):190-200.
[31] INTEL. Pin 3.6 User Guide[R/OL].[2019-5-20]. https://software.intel.com/sites/landingpage/pintool/docs/97554/Pin/html/.
[32] SPRADLING C D. SPEC CPU2006 benchmark tools[J]. ACM SIGARCH Computer Architecture News, 2007, 35(1):130-134.KOCHER P, HORN J, FOGH A, et al. Spectre attacks:Exploiting speculative execution[C]//2019 IEEE Symposium on Security and Privacy (SP). IEEE, 2019:1-19.
[1] 宋宇波, 杨光, 陈立全, 胡爱群. 基于无痕嵌入的二维码不可见劫持攻击[J]. 清华大学学报(自然科学版), 2022, 62(5): 825-831.
[2] 王冠宁, 陈涛, 米文忠, 梁晓良, 王汝栋. 基于凸壳理论的监控摄像头部分遮挡场景下火焰定位方法[J]. 清华大学学报(自然科学版), 2022, 62(2): 277-284.
[3] 张海燕, 胡宏亮, 王钰, 姜化京, 甘恒谦, 胡浩, 黄仕杰. FAST无线电干扰智能监测技术[J]. 清华大学学报(自然科学版), 2022, 62(11): 1780-1788.
[4] 王冠宁, 陈涛, 米文忠, 康彦武, 邓亮. 监控完全遮挡场景下火灾调查方法[J]. 清华大学学报(自然科学版), 2021, 61(2): 128-134.
[5] 宋宇波, 吴天琦, 胡爱群, 高尚. 基于跨域资源访问的浏览器用户追踪[J]. 清华大学学报(自然科学版), 2021, 61(11): 1254-1259.
[6] 骆歆远, 陈欣, 寿黎但, 陈珂, 吴妍静. 面向室内空间的语义轨迹提取框架[J]. 清华大学学报(自然科学版), 2019, 59(3): 186-193.
[7] 黎奇, 白征东, 黎琼, 吴斐, 陈波波, 辛浩浩, 程宇航. 定位测姿系统室外三维动态检定场的几何设计[J]. 清华大学学报(自然科学版), 2019, 59(11): 895-901.
[8] 王虹入, 王中秋, 漆随平, 胡桐, 邹靖, 曹自力. 误差均衡立体五基元超短基线水声定位[J]. 清华大学学报(自然科学版), 2018, 58(6): 553-557.
[9] 王文峰, 陈曦, 王海洋, 彭伟, 钱静, 郑宏伟. 基于局部压缩感知的行为识别[J]. 清华大学学报(自然科学版), 2018, 58(6): 581-586.
[10] 李波, 姜长青, 张锋, 李路明, 马羽. 基于伪影模板的术后电极定位方法[J]. 清华大学学报(自然科学版), 2017, 57(9): 952-957.
[11] 李春文, 邢智鹏, 陆思聪. 面向人员定位应用的煤矿巷道网络全局化建模[J]. 清华大学学报(自然科学版), 2017, 57(3): 312-317.
[12] 李振强, 黄振, 陈曦, 葛宁. 微纳卫星编队的欠采样传输无源定位方法[J]. 清华大学学报(自然科学版), 2016, 56(6): 650-655.
[13] 杨德亮, 谢旭东, 李春文, 牛小铁. 基于分布式视频网络的交叉口车辆精确定位方法[J]. 清华大学学报(自然科学版), 2016, 56(3): 281-286,293.
[14] 唐诗洋, 疏学明, 申世飞, 王国栋. 基于伪基站的地震废墟人员搜寻定位技术[J]. 清华大学学报(自然科学版), 2016, 56(12): 1278-1283.
[15] 江汉臣, 林鹏, 强茂山. 基于实时定位系统的监理人员管理和评价[J]. 清华大学学报(自然科学版), 2015, 55(9): 950-956,963.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn