MeltdownDetector: a runtime approach for detecting meltdown attacks

Akyıldız, Taha Atahan and Güzgeren, Can Berk and Yılmaz, Cemal and Savaş, Erkay (2020) MeltdownDetector: a runtime approach for detecting meltdown attacks. Future Generation Computer Systems, 112 . pp. 136-147. ISSN 0167-739X (Print) 1872-7115 (Online)

This is the latest version of this item.

[thumbnail of FGCS-20-MeltdownDetector.pdf] PDF
FGCS-20-MeltdownDetector.pdf
Restricted to Registered users only

Download (648kB) | Request a copy

Abstract

In this work, we present a runtime approach, called MeltdownDetector, for detecting, isolating, and preventing ongoing Meltdown attacks that operate by causing segmentation faults. Meltdown exploits a hardware vulnerability that allows a malicious process to access memory locations, which do not belong to the process, including the physical and kernel memory. The proposed approach is based on a simple observation that in order for a Meltdown attack to be worthwhile, either a single byte of data located at a particular memory address or a sequence of consecutive memory addresses (i.e., sequence of bytes) need to be read, so that a meaningful piece of information can be extracted from the data leaked. MeltdownDetector, therefore, monitors segmentation faults occurring at memory addresses that are close to each other and issues a warning at runtime when these faults become “suspicious.” Furthermore, MeltdownDetector flushes the cache hierarchy after every suspicious segmentation fault, which, in turn, prevents any information leakage. In the experiments, MeltdownDetector successfully detected all the attacks and correctly pinpointed all the malicious processes involved in these attacks and did so without issuing any false alarms and without leaking even a single byte of data. Furthermore, the runtime overhead of the fastest MeltdownDetector implementation was about 1%, on average.
Item Type: Article
Subjects: Q Science > Q Science (General)
Divisions: Faculty of Engineering and Natural Sciences > Academic programs > Computer Science & Eng.
Faculty of Engineering and Natural Sciences
Depositing User: Cemal Yılmaz
Date Deposited: 21 Sep 2020 18:35
Last Modified: 30 Jul 2023 17:06
URI: https://research.sabanciuniv.edu/id/eprint/40546

Available Versions of this Item

Actions (login required)

View Item
View Item