SpyCatcher: lightweight online approaches for detecting cache-based side channel attacks

Külah, Yusuf (2015) SpyCatcher: lightweight online approaches for detecting cache-based side channel attacks. [Thesis]

[thumbnail of YusufKulah_10064100.pdf] PDF
YusufKulah_10064100.pdf

Download (12MB)

Abstract

With the increasing complexity of cryptographic algorithms, attackers are looking for side channels to compromise private data. While attackers are tracking side channels, they leave traces behind them unintentionally. In this work, we concentrated on Flush+Reload type of attacks which is aimed to retrieve private data by using intentional contentions on shared resource. Our shared resource is 11 Data Cache of CPU. The trace of attackers on shared resource is a great asset for extraction of utilization pattern which is strong indicator for presence of attacker in the system. For this reason we collected data and extract utilization characteristics of the resource by using hard­ ware performance counters. In this work, by taking the advantage of machine learning approaches, we make a decision on running applications, whether attacker application is one of them or not. Smarter attackers may flush cache partially in order to minimize footprint on shared resource. Workload level is another significant factor that alters the utilization profile of shared resource. For this reason, we experimented our approaches under 4 different levels of partial cache flush and 7 different workload level which mimics e-commerce server load. Our approach is able to detect the presence of attacker with higher than 85% accuracy and lower than 0.5% average execution time overhead.
Item Type: Thesis
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK7800-8360 Electronics > TK7885-7895 Computer engineering. Computer hardware
Divisions: Faculty of Engineering and Natural Sciences > Academic programs > Computer Science & Eng.
Faculty of Engineering and Natural Sciences
Depositing User: IC-Cataloging
Date Deposited: 04 Apr 2018 11:34
Last Modified: 26 Apr 2022 10:15
URI: https://research.sabanciuniv.edu/id/eprint/34376

Actions (login required)

View Item
View Item