Fight Hardware with Hardware: System-wide Detection and Mitigation of Side-Channel Attacks using Performance Counters

• URL: http://arxiv.org/abs/2402.13281v1
• Date: Sun, 18 Feb 2024 15:45:38 GMT
• Title: Fight Hardware with Hardware: System-wide Detection and Mitigation of Side-Channel Attacks using Performance Counters
• Authors: Stefano Carnà, Serena Ferracci, Francesco Quaglia, Alessandro Pellegrini,
• Abstract summary: We present a kernel-level infrastructure that allows system-wide detection of malicious applications attempting to exploit cache-based side-channel attacks. This infrastructure relies on hardware performance counters to collect information at runtime from all applications running on the machine. High-level detection metrics are derived from these measurements to maximize the likelihood of promptly detecting a malicious application.
• Score: 45.493130647468675
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: We present a kernel-level infrastructure that allows system-wide detection of malicious applications attempting to exploit cache-based side-channel attacks to break the process confinement enforced by standard operating systems. This infrastructure relies on hardware performance counters to collect information at runtime from all applications running on the machine. High-level detection metrics are derived from these measurements to maximize the likelihood of promptly detecting a malicious application. Our experimental assessment shows that we can catch a large family of side-channel attacks with a significantly reduced overhead. We also discuss countermeasures that can be enacted once a process is suspected of carrying out a side-channel attack to increase the overall tradeoff between the system's security level and the delivered performance under non-suspected process executions.

Related papers

• PARIS: A Practical, Adaptive Trace-Fetching and Real-Time Malicious Behavior Detection System [6.068607290592521]
  We propose adaptive trace fetching, lightweight, real-time malicious behavior detection system. Specifically, we monitor malicious behavior with Event Tracing for Windows (ETW) and learn to selectively collect maliciousness-related APIs or call stacks. As a result, we can monitor a wider range of APIs and detect more intricate attack behavior.
  arXiv  Detail & Related papers  (2024-11-02T14:52:04Z)
• A Scheduling-Aware Defense Against Prefetching-Based Side-Channel Attacks [16.896693436047137]
  Speculative loading of memory, called prefetching, is common in real-world CPUs. Prefetching can be exploited to bypass process isolation and leak secrets, such as keys used in RSA, AES, and ECDH implementations. We implement our countermeasure for an x86_64 and an ARM processor.
  arXiv  Detail & Related papers  (2024-10-01T07:12:23Z)
• Delay-Induced Watermarking for Detection of Replay Attacks in Linear Systems [1.143707646428782]
  A state-feedback watermarking signal design for the detection of replay attacks in linear systems is proposed. The proposed secure control scheme holds promise of being superior to conventional, feed-forward, watermarking schemes.
  arXiv  Detail & Related papers  (2024-04-01T01:34:30Z)
• Scalable Ensemble-based Detection Method against Adversarial Attacks for speaker verification [73.30974350776636]
  This paper comprehensively compares mainstream purification techniques in a unified framework. We propose an easy-to-follow ensemble approach that integrates advanced purification modules for detection.
  arXiv  Detail & Related papers  (2023-12-14T03:04:05Z)
• Poisoning Retrieval Corpora by Injecting Adversarial Passages [79.14287273842878]
  We propose a novel attack for dense retrieval systems in which a malicious user generates a small number of adversarial passages. When these adversarial passages are inserted into a large retrieval corpus, we show that this attack is highly effective in fooling these systems. We also benchmark and compare a range of state-of-the-art dense retrievers, both unsupervised and supervised.
  arXiv  Detail & Related papers  (2023-10-29T21:13:31Z)
• Towards a Near-real-time Protocol Tunneling Detector based on Machine Learning Techniques [0.0]
  We present a protocol tunneling detector prototype which inspects, in near real time, a company's network traffic using machine learning techniques. The detector monitors unencrypted network flows and extracts features to detect possible occurring attacks and anomalies. Results show 97.1% overall accuracy and an F1-score equals to 95.6%.
  arXiv  Detail & Related papers  (2023-09-22T09:08:43Z)
• An RL-Based Adaptive Detection Strategy to Secure Cyber-Physical Systems [0.0]
  Increased dependence on software based control has escalated the vulnerabilities of Cyber Physical Systems. We propose a Reinforcement Learning (RL) based framework which adaptively sets the parameters of such detectors based on experience learned from attack scenarios.
  arXiv  Detail & Related papers  (2021-03-04T07:38:50Z)
• Aurora Guard: Reliable Face Anti-Spoofing via Mobile Lighting System [103.5604680001633]
  Anti-spoofing against high-resolution rendering replay of paper photos or digital videos remains an open problem. We propose a simple yet effective face anti-spoofing system, termed Aurora Guard (AG)
  arXiv  Detail & Related papers  (2021-02-01T09:17:18Z)
• No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems [95.54151664013011]
  We present a novel framework to generate adversarial spoofing signals that violate physical properties of the system. We analyze four anomaly detectors published at top security conferences.
  arXiv  Detail & Related papers  (2020-12-07T11:02:44Z)
• Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
  adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes. We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks. These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
  arXiv  Detail & Related papers  (2020-08-17T07:16:57Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.