Title | ||
---|---|---|
Secflush: A Hardware/Software Collaborative Design For Real-Time Detection And Defense Against Flush-Based Cache Attacks |
Abstract | ||
---|---|---|
In recent years, cache attacks against micro architectures have posed a daunting threat to modern processors such as x86 and ARM. Of the attacks, flush-based cache attacks have attracted increasing attention from researchers due to their low noise, high resolution and high efficiency. However, existing defenses against flush-based cache attacks have some problems such as lack of platform versatility, high overhead, and low detection accuracy. In this study, we find that flush-based cache attacks have a fundamental feature of flushing a cache line multiple times at regular intervals. Based on this feature of flush-based cache attacks, we propose a hardware/software collaborative design of real-time safeguard on the ARM-FPGA embedded SoC, called SecFlush. SecFlush detects attacks using a hardware monitoring module, and defends against attacks by prohibiting malicious processes from performing flush operations in a kernel driver. It also provides a flush API for users to call the driver. The experimental results show that SecFlush can reduce the success rate of flush-based cache attacks to less than 1% within 6.01 ms. The evaluation results show that the time overhead is only about 5%-21%. |
Year | DOI | Venue |
---|---|---|
2019 | 10.1007/978-3-030-41579-2_15 | INFORMATION AND COMMUNICATIONS SECURITY (ICICS 2019) |
Keywords | DocType | Volume |
Cache attack, Spectre attack, Hardware/Software collaboration, Real-Time detection and defense, ARM-FPGA embedded SoC | Conference | 11999 |
ISSN | Citations | PageRank |
0302-9743 | 0 | 0.34 |
References | Authors | |
0 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Churan Tang | 1 | 0 | 0.34 |
Zongbin Liu | 2 | 0 | 4.73 |
Cunqing Ma | 3 | 0 | 2.70 |
Jingquan Ge | 4 | 0 | 2.37 |
Chenyang Tu | 5 | 0 | 6.08 |