MeltdownDetector: A runtime approach for detecting meltdown attacks

被引:10
作者
Akyildiz, Taha Atahan [1 ]
Guzgeren, Can Berk [1 ]
Yilmaz, Cemal [1 ]
Savas, Erkay [1 ]
机构
[1] Sabanci Univ, Fac Engn & Nat Sci, TR-34956 Istanbul, Turkey
来源
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE | 2020年 / 112卷
关键词
Meltdown; Side-channel attacks; Countermeasures; Runtime detection; Prevention; Isolation; DRIVEN CACHE ATTACKS;
D O I
10.1016/j.future.2020.05.017
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
In this work, we present a runtime approach, called MeltdownDetector, for detecting, isolating, and preventing ongoing Meltdown attacks that operate by causing segmentation faults. Meltdown exploits a hardware vulnerability that allows a malicious process to access memory locations, which do not belong to the process, including the physical and kernel memory. The proposed approach is based on a simple observation that in order for a Meltdown attack to be worthwhile, either a single byte of data located at a particular memory address or a sequence of consecutive memory addresses (i.e., sequence of bytes) need to be read, so that a meaningful piece of information can be extracted from the data leaked. MeltdownDetector, therefore, monitors segmentation faults occurring at memory addresses that are close to each other and issues a warning at runtime when these faults become "suspicious."Furthermore, MeltdownDetector flushes the cache hierarchy after every suspicious segmentation fault, which, in turn, prevents any information leakage. In the experiments, MeltdownDetector successfully detected all the attacks and correctly pinpointed all the malicious processes involved in these attacks and did so without issuing any false alarms and without leaking even a single byte of data. Furthermore, the runtime overhead of the fastest MeltdownDetector implementation was about 1%, on average. (C) 2020 Elsevier B.V. All rights reserved.
引用
收藏
页码:136 / 147
页数:12
相关论文
共 38 条
[1]  
Aciicmez O., 2006, Topics in Cryptology-CT-RSA 2007. The Cryptographers' Track at the RAS Conference 2007. Proceedings (Lecture Notes in Computer Science Vol.4377), P225
[2]  
Aciicmez O., 2007, Computer and Communications Security (CCS), P312, DOI DOI 10.1145/1229285.1266999
[3]  
Aciiçmez O, 2006, LECT NOTES COMPUT SC, V4307, P112
[4]  
Aciiçqmez O, 2008, LECT NOTES COMPUT SC, V4964, P256, DOI 10.1007/978-3-540-79263-5_16
[5]  
[Anonymous], 2019, MELTDOWN SPECTRE VUL
[6]  
[Anonymous], 2019, Common Vulnerabilities and Exposures-CVE-2019-19378
[7]  
[Anonymous], 2019, 312 JEP
[8]  
BARRETT P, 1987, LECT NOTES COMPUT SC, V263, P311
[9]   “Ooh Aah… Just a little bit”: A small amount of side channel can go a longway [J].
Benger, Naomi ;
van de Pol, Joop ;
Smart, Nigel P. ;
Yarom, Yuval .
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2014, 8731 :75-92
[10]   How to live in a post-meltdown and - Spectre world [J].
Bennett R. ;
Callahan C. ;
Jones S. ;
Levine M. ;
Miller M. ;
Ozment A. .
Queue, 2018, 16 (04)