CacheShield: Detecting Cache Attacks through Self-Observation

Samira Briongos, Pedro Malagón, Gorka Irazoqui, Thomas Eisenbarth

Abstract

Microarchitectural attacks pose a great threat to any code running in parallel to other untrusted processes. Especially in public clouds, where system resources such as caches are shared across several tenants, microarchitectural attacks remain an unsolved problem. Cache attacks rely on evictions by the spy process, which alter the execution behavior of the victim process. Similarly, all attacks exploiting shared resource access will influence these resources, thereby influencing the process they are targeting. We show that hardware performance events reveal the presence of such attacks. Based on this observation, we propose CacheShield, a tool to protect legacy code by self-monitoring its execution and detecting the presence of microarchitectural attacks. CacheShield can be run by users and does not require alteration of the OS or hypervisor, while previously proposed software-based countermeasures require cooperation from the hypervisor. Unlike methods that try to detect malicious processes, our approach is lean, as only a fraction of the system needs to be monitored. It also integrates well into today’s cloud infrastructure, as concerned users can opt to use CacheShield without support from the cloud service provider. Our results show that CacheShield detects attacks fast, with high reliability, and with few false positives, even in the presence of strong noise.

OriginalspracheEnglisch
TitelCODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy
Seitenumfang12
Herausgeber (Verlag)Association for Computing Machinery
Erscheinungsdatum13.03.2018
Seiten224-235
ISBN (Print)978-145035632-9
DOIs
PublikationsstatusVeröffentlicht - 13.03.2018
Veranstaltung8th ACM Conference on Data and Application Security and Privacy - Tempe, USA / Vereinigte Staaten
Dauer: 19.03.201821.03.2018
Konferenznummer: 135355

Fingerprint

Untersuchen Sie die Forschungsthemen von „CacheShield: Detecting Cache Attacks through Self-Observation“. Zusammen bilden sie einen einzigartigen Fingerprint.

Zitieren