Method and system for actively cutting off hidden channels to cope with cache side channel attacks

A channel attack, covert channel technology, applied in the direction of inter-program communication, multi-program device, instrument, etc., can solve the problem of not being able to read with malicious system registers, and achieve the effect of flexible implementation, prevention of leakage, and low defense cost.

Active Publication Date: 2019-07-19
NAT UNIV OF DEFENSE TECH
View PDF5 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Also, it cannot be used against malicious system register reads

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for actively cutting off hidden channels to cope with cache side channel attacks
  • Method and system for actively cutting off hidden channels to cope with cache side channel attacks
  • Method and system for actively cutting off hidden channels to cope with cache side channel attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] To defend against cache side-channel attacks including meltdown attacks, it is necessary to analyze the principles of cache side-channel attacks including meltdown attacks in detail. To perform a meltdown attack, the attacker will repeat the following three steps. In the first step, registers are loaded with inaccessible kernel addresses or privileged system registers. In the second step, transient instructions perform memory accesses to allocate cache lines based on registers loaded with sensitive content. In the third step, the attacker uses FLUSH+RELOAD to extract sensitive information encoded in the timing channel of the memory location accessed in the second step. In the first step, accessing a privileged resource from a userspace program ends up throwing an exception because its privilege level does not allow it to do so. However, under out-of-order execution, there are many instructions in the small time window before an exception is finally thrown. Hence, a r...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and system for actively cutting off a hidden channel to cope with a cache side channel attack. The method comprises the following implementation steps of interceptingexceptions caused by program operation; and if the exception caused by the program operation is intercepted, judging whether the current exception is the cache side channel attack or not, if the current exception is the cache side channel attack, injecting the noise data into the cache by clearing the cache data, resetting a micro-architecture state, and finally calling a user exception processingprogram to continue to process the current exception. According to the method disclosed by the invention, the cache side channel attack including a Meltdown attack is defended from a software countermeasure level; the method can achieve the purpose of giving consideration to the performance, can effectively prevent the leakage of the sensitive information, hardly affects the performance of a normal application program, does not need to modify CPU hardware, can resist the variants read by the maliciously system registers, and has the advantages of being low in defense cost and flexible to implement.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a method and system for actively cutting off a covert channel to deal with cache side-channel attacks, which can be used to prevent cache side-channel attacks including Meltdown attacks. Background technique [0002] Modern superscalar processors are used to implement instruction-level parallelism. Out-of-order execution is a standard technique for maximizing performance by allowing the processor to execute instructions based on the availability of input data and execution units rather than their original order, and avoiding having the processor wait for previous instructions to complete. Exploiting instruction-level parallelism is one of the key goals in designing high-performance processors. A hazard is a situation in the pipeline that blocks the execution of the next instruction in the instruction stream. To avoid risk and maximize ILP performance, many techniques have been ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/54G06F9/54
CPCG06F9/544G06F21/54
Inventor 黄辰林陈鲍孜丁滟吴庆波谭郁松谭霜王晓川粟长征余杰马俊
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap