We present a kernel-level infrastructure which allows to perform system-wide detection of malicious behavior of applications attempting to exploit cache-based side-channel attacks to break the process confinement enforced by common operating systems. This infrastructure relies on hardware performance counters to collect information at runtime from all applications running on the machine. Detection metrics are derived from these measurements, to maximize the likelihood that a malicious application is promptly detected. Our experimental assessment shows that we are able to detect a large family of side-channel attacks with a very reduced overhead in the system. We also discuss countermeasures which can be enacted once a process is suspected to be carrying out a side-channel attack, to increase the overall system’s security level.
2020, ACACES 2020, Poster Abstracts, Pages 35-38
Don’t be Paranoid: Dynamic Detection and Mitigation for Threats Exploiting Cache-based Side-channel Attacks (02a Capitolo o Articolo)
Carna' Stefano, Ferracci Serena, Quaglia Francesco, Pellegrini Alessandro