TY - JOUR
T1 - CBA-Detector
T2 - A Self-Feedback Detector Against Cache-Based Attacks
AU - Zheng, Beilei
AU - Gu, Jianan
AU - Wang, Jialun
AU - Weng, Chuliang
N1 - Publisher Copyright:
© 2004-2012 IEEE.
PY - 2022
Y1 - 2022
N2 - Cloud computing is convenient to provide adequate resources for tenants. However, since multiple tenants share the underlying hardware resources, malicious tenants can use the shared processor to launch cache-based attacks. Such attacks can help malicious tenants steal private data of other tenants bypassing isolation mechanisms provided by the system, resulting in information leakage. Moreover, Spectre and Meltdown vulnerabilities can even extract memory contents arbitrarily with the help of cache attacks. Therefore, cache-based attacks pose a serious threat to the security of cloud platforms. To defeat such attacks, many detection methods have been proposed. However, most methods induce high false positives because they completely rely on the hardware performance counters (HPCs) and detect attacks with static criteria. To solve this problem, this article proposes a self-feedback detector named CBA-Detector to detect cache-based attacks in real time. Specifically, CBA-Detector first uses machine learning technologies to create models for identifying suspicious programs with abnormal hardware behaviors, then analyzes suspicious programs from the instruction level to identify real attacks and provide feedback. Based on the feedback, the models can be updated to further improve their detection accuracy. As our experiments show, CBA-Detector can accurately identify cache-based attacks in real time and introduces a little overhead. Besides, the misjudgment rate decreases with the running time.
AB - Cloud computing is convenient to provide adequate resources for tenants. However, since multiple tenants share the underlying hardware resources, malicious tenants can use the shared processor to launch cache-based attacks. Such attacks can help malicious tenants steal private data of other tenants bypassing isolation mechanisms provided by the system, resulting in information leakage. Moreover, Spectre and Meltdown vulnerabilities can even extract memory contents arbitrarily with the help of cache attacks. Therefore, cache-based attacks pose a serious threat to the security of cloud platforms. To defeat such attacks, many detection methods have been proposed. However, most methods induce high false positives because they completely rely on the hardware performance counters (HPCs) and detect attacks with static criteria. To solve this problem, this article proposes a self-feedback detector named CBA-Detector to detect cache-based attacks in real time. Specifically, CBA-Detector first uses machine learning technologies to create models for identifying suspicious programs with abnormal hardware behaviors, then analyzes suspicious programs from the instruction level to identify real attacks and provide feedback. Based on the feedback, the models can be updated to further improve their detection accuracy. As our experiments show, CBA-Detector can accurately identify cache-based attacks in real time and introduces a little overhead. Besides, the misjudgment rate decreases with the running time.
KW - Cache-based side-channel attacks
KW - false positives
KW - machine learning
KW - self-feedback
UR - https://www.scopus.com/pages/publications/85112182462
U2 - 10.1109/TDSC.2021.3089882
DO - 10.1109/TDSC.2021.3089882
M3 - 文章
AN - SCOPUS:85112182462
SN - 1545-5971
VL - 19
SP - 3231
EP - 3243
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 5
ER -