Flush-Reload cache side channel attack defense method and device in cloud environment

A channel attack and cache state technology, applied in the field of system security to achieve the effect of defending cache side channel attacks

Active Publication Date: 2018-01-23
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF4 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Flush-Reload side-channel attacks seriously threaten the security of cloud platforms, and it is necessary to propose an effective defense method against Flush-Reload cache attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Flush-Reload cache side channel attack defense method and device in cloud environment
  • Flush-Reload cache side channel attack defense method and device in cloud environment
  • Flush-Reload cache side channel attack defense method and device in cloud environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The defense solution of the present invention is generally used as a security product provided by cloud service providers to users. When users need it, they can purchase the security service to protect instances from Flush-Reload cache side-channel attacks. In the following, the instance to be protected is called the target instance, and the target process runs in it; the instance used to run the protection process is called the protection instance; the instance that implements the attack is called the attack instance, and the attack process runs in it. The technical solutions in the embodiments of the present invention will be described clearly and in detail below in conjunction with the accompanying drawings.

[0031] The flow process of the inventive method is as figure 1 shown. First, the cloud service provider determines the security-sensitive modules that users need to protect. The selection of modules can be provided by the cloud service provider for reference,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a Flush-Reload cache side channel attack defense method and device in a cloud environment. The method comprises the following steps: 1) selecting a safety-sensitive module tobe protected; 2) sharing CPU (Central Processing Unit) caches between a protection process and a target process; 3) sharing the memory of the safety-sensitive module between the protection process andthe target process; and 4) when the target process runs the safety-sensitive module, obfuscating the shared memory of the safety-sensitive module according to a certain strategy by the protection process to interfere a caching state in order to defend Flush-Reload cache side channel attacks. Through adoption of the Flush-Reload cache side channel attack defense method and device, noise is continuously introduced into a high-speed cache channel utilized by Flush-Reload attacks in order to interfere an attack instance, so that user privacy information can be protected effectively.

Description

technical field [0001] The invention belongs to the technical field of system security, and relates to a defense method against a CPU cache (Cache) attack, in particular to a defense method and device against a Flush-Reload cache side channel attack. Background technique [0002] Cloud computing is a commercial computing model, which distributes computing tasks on a resource pool composed of a large number of physical machine environments, enabling users to obtain computing power, storage space, and information services on demand. This resource pool is called the cloud. Cloud computing can be regarded as a computing network, which consists of a group of hardware hosts as servers, and then connects to each other through a communication network to provide various services to other users. Billable IT resources and application delivery methods. Whether it is running an application that helps millions of mobile users share photos, or supporting mission-critical business within a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/54G06F9/54
Inventor 贾晓启张伟娟台建玮杜海超唐静白璐黄庆佳武希耀龚晓锐霍玮
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap