CN114448666A - Monitoring and defending method, electronic equipment and system for cache attack - Google Patents
Monitoring and defending method, electronic equipment and system for cache attack Download PDFInfo
- Publication number
- CN114448666A CN114448666A CN202111589222.8A CN202111589222A CN114448666A CN 114448666 A CN114448666 A CN 114448666A CN 202111589222 A CN202111589222 A CN 202111589222A CN 114448666 A CN114448666 A CN 114448666A
- Authority
- CN
- China
- Prior art keywords
- refresh
- current process
- interval
- time
- alarm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 249
- 238000012544 monitoring process Methods 0.000 title claims abstract description 49
- 230000008569 process Effects 0.000 claims abstract description 195
- 230000007123 defense Effects 0.000 claims description 40
- 230000015654 memory Effects 0.000 claims description 33
- 238000010586 diagram Methods 0.000 description 10
- 238000001514 detection method Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 238000012549 training Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 239000008186 active pharmaceutical agent Substances 0.000 description 4
- 238000011010 flushing procedure Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000001228 spectrum Methods 0.000 description 3
- 241001504505 Troglodytes troglodytes Species 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000008260 defense mechanism Effects 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 230000005670 electromagnetic radiation Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention relates to the technical field of security, in particular to a monitoring and defending method of cache attack, electronic equipment and a system, wherein the method comprises the steps of obtaining a current process and starting time of the current process; recording the end time of the current process and the corresponding refreshing times of the current process; determining a time interval based on the start time and the end time; when the Time interval is between a first threshold and a second threshold and the refresh frequency is greater than a preset refresh frequency, determining that the current process is a malicious process to prevent the refresh operation of the current process, wherein the first threshold is between a first refresh interval and a second refresh interval, the first refresh interval is a normal refresh interval, the second refresh interval is a Spcetre attack interval, the second threshold is between a third refresh interval and a fourth refresh interval, the third refresh interval is a Flush and Time attack interval, and the fourth refresh interval is a Flush and Reload attack interval. By combining the time interval and the refreshing times, whether the attack is malicious or not can be confirmed in real time.
Description
Technical Field
The invention relates to the technical field of security, in particular to a monitoring and defending method, electronic equipment and a system for cache attack.
Background
The information system and the software system can generate various physical state information such as electromagnetic radiation, sound, time, computer CPU memory operation and the like in the running process depending on specific physical equipment. The cache side channel attack is a typical side channel attack method, which is implemented by analyzing the highly interactive and shared memory state among CPU cache processes in the program running process and cracking a cryptosystem by using the characteristics of different memory access time and cache access time.
The concealment and the destructive power of the channel attack on the cache side are extremely strong, but the existing defense measures against the channel attack on the cache side still have many defects, particularly the defense technology against the side channel attack for refreshing the cache on the ARM architecture cannot realize real-time monitoring, and the detection accuracy and the resolution ratio are also low.
Disclosure of Invention
In view of this, embodiments of the present invention provide a monitoring and defense method, an electronic device, and a system for cache attack, so as to solve the problem of accuracy of cache attack monitoring.
According to a first aspect, an embodiment of the present invention provides a monitoring and defense method for a cache attack, including:
acquiring a current process and starting time of the current process;
recording the end time of the current process and the refreshing times corresponding to the current process;
determining a time interval based on the start time and the end time;
when the Time interval is between a first threshold and a second threshold and the refresh frequency is greater than a preset refresh frequency, determining that the current process is a malicious process to prevent refresh operation of the current process, wherein the first threshold is between a first refresh interval and a second refresh interval, the first refresh interval is a normal refresh interval, the second refresh interval is a Spcetre attack interval, the second threshold is between a third refresh interval and a fourth refresh interval, the third refresh interval is a Flush and Time attack interval, and the fourth refresh interval is a Flush and Reload attack interval.
The monitoring and defending method for the cache attack is different from the method for frequently refreshing the cache in a normal process, the cache attack based on the refreshing has a necessary and fundamental characteristic due to branch prediction training or encryption, namely, specific time is required to be separated when the refreshing operation is executed, although different attacks have different values, the values are within a certain range, and based on the fact, the time interval is compared with a first threshold value and a second threshold value and the refreshing times are compared with the preset refreshing times through the time interval corresponding to the current process and the refreshing times, so that whether the cache attack is a malicious attack or not is confirmed in real time.
Optionally, when the time interval is between a first threshold and a second threshold and the refresh time is greater than a preset refresh time, determining that the current process is a malicious process to prevent a refresh operation of the current process, including:
when the time interval is between a first threshold value and a second threshold value and the refreshing time is greater than a preset refreshing time, setting an alarm value as a target value;
and determining that the current process is a malicious process based on the alarm value so as to prevent the refresh operation of the current process.
According to the monitoring and defending method for the cache attack, provided by the embodiment of the invention, after the current process is determined to be the malicious process, the alarm value is set as the target value so as to be convenient for reading the alarm value to prevent the refreshing operation of the current process, and the data processing process is simplified.
Optionally, the determining that the current process is a malicious process based on the alarm value includes:
and reading the alarm value, and determining that the current process is a malicious process so as to prevent the refreshing operation of the current process.
The monitoring and defending method for the cache attack, provided by the embodiment of the invention, is simple and easy to implement by monitoring and defending the malicious process in a software mode.
Optionally, the determining that the current process is a malicious process based on the alarm value includes:
and writing the alarm value into an alarm register so that the alarm register triggers an interrupt and records the current process as a malicious process in an interrupt service program to prevent the refresh operation of the current process.
The monitoring and defending method for the cache attack provided by the embodiment of the invention realizes the monitoring and defending of the cache attack through hardware interrupt defending measures.
Optionally, the determining that the current process is a malicious process based on the alarm value includes:
and writing the alarm value into an alarm register so that the refresh defensive device reads the alarm value from the alarm register and records the current process as a malicious process to prevent the refresh operation of the current process.
The monitoring and defending method for the cache attack provided by the embodiment of the invention realizes the monitoring and defending of the cache attack through the defending measures of the hardware alarm register.
Optionally, the method further comprises:
when the current process is determined not to be a malicious process, refreshing a first-level cache and a second-level cache based on the current process.
According to a second aspect, an embodiment of the present invention provides an electronic device, including: a memory and a processor, the memory and the processor are communicatively connected to each other, the memory stores computer instructions, and the processor executes the computer instructions to execute the method for monitoring and defending against cache attacks described in the first aspect or any one of the embodiments of the first aspect.
According to a third aspect, an embodiment of the present invention provides a computer-readable storage medium storing computer instructions for causing a computer to execute the method for monitoring and defending against cache attacks described in the first aspect or any one of the implementation manners of the first aspect.
According to a fourth aspect, an embodiment of the present invention provides a monitoring and defense system for a cache attack, including:
an electronic device according to the second aspect of the invention;
and the alarm register is connected with the electronic equipment and is used for storing the alarm value.
Optionally, the system further comprises:
and the refresh defensive device is connected with the alarm register and is used for reading the alarm value stored in the alarm register and determining that the current process is a malicious process to prevent the refresh operation of the current process when the alarm value is a target value.
It should be noted that, the electronic device, the computer-readable storage medium, and the monitoring and defending system for cache attacks provided in the embodiments of the present invention are described in the above related description of the monitoring and defending method for cache attacks, and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 illustrates a schematic diagram of the refresh features of spectra, Flush + Reload, and Flush + Time attacks;
FIG. 2 is a flow diagram of a method for monitoring defense against refresh attacks according to an embodiment of the present invention;
FIG. 3 is a flow diagram of a method for monitoring defense against refresh attacks according to an embodiment of the present invention;
FIG. 4 is a flow diagram of a method for monitoring defense against refresh attacks according to an embodiment of the present invention;
FIG. 5 is a flow diagram of a method for monitoring defense against refresh attacks according to an embodiment of the present invention;
FIG. 6 is a flow diagram of a method for monitoring defense against refresh attacks according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of a FlushDetector module interface according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of a monitoring defense system architecture for refresh attacks according to an embodiment of the present invention;
fig. 9 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a real-time monitoring defense scheme Secflush on the basis of counting general characteristics of an attack process, particularly characteristics of a refresh operation. The hardware-based detection has the advantages of high calculation speed, high efficiency and convenience in timing. More importantly, since SecFlush is based on the root cause that flush-based cache attacks can implement, it is difficult for an attacker to escape this hardware detection mechanism. Moreover, since a refresh operation is essential for such a refresh-based cache attack, the fact that SecFlush prohibits a malicious process from performing the refresh operation means that the refresh-based attack inevitably fails, and it is difficult for an attacker to escape such a software defense mechanism.
The invention obtains a first threshold and a second threshold for judging the time threshold on the basis of extracting the attack characteristics of the refresh cache. In the running process of a software program, in order to ensure the consistency of a cache, namely data in a memory is consistent with data in the cache, an operating system needs to frequently refresh the cache, and the refreshing is normal operation when a DMA (direct memory access), a multi-core heterogeneous processor or a symmetric multi-processor (SMP) architecture is used for running the program. However, the refresh operation based on the refresh cache attack has different characteristics, and due to the need to train the branch predictor or the encryption and other operations, when the cache attack refreshes the cache, a certain time interval (greater than a certain threshold value) exists between two refresh operations. And in order to improve the success rate of the attack, an attacker can refresh the same cache line for many times. Therefore, the refreshing is an indispensable step for the cache attack based on the refreshing, and if the characteristics of the cache attack refreshing hardware defense technology research based on the refreshing cache attack can be found, all the cache attacks based on the refreshing can be detected and defended in time through the hardware implementation.
And refreshing the data of the operation time by analyzing the attack of two times, and relating the time interval and the times of two adjacent refreshes. As shown in fig. 1, it can be seen that the interval between refreshes is substantially stable but there is little and very much noise.
For the refresh feature of the spectrum attack, the curve represented by Loop1 in fig. 1, which has the shortest time but the largest number of times, is a normal refresh operation; the interval time of a curve represented by Loop2 is longer than that of Loop1, the interval time is used for training a branch predictor, and in Loop2, the refresh operation is malicious refresh; loop3 has the greatest time interval but the least number of times, which is not shown because of the time excess, which is a complete Flush + Reload attack time. This is the maximum time to perform a flush operation based on a flushed cache attack, so a flush greater than Loop3 is safe.
For the refresh feature of Flush + Time attack, loopt represents the Time interval between the execution of refresh operations of Flush + Time attack. The interval of Flush + Time attack refresh operation is uniform, and the interval is used for calling the encryption program of the victim process twice. Loopft is longer than Loopfr, which is a malicious refresh cycle.
For the refresh feature of Flush + Reload attack, Loopfr in fig. 1 represents the interval time between the execution of the refresh operation of Flush + Reload attack. The time interval of Flush + Reload attack refresh operation is also uniform, the time interval is used for calling an encryption program of a victim process, the time of Loopfr is longer than that of Loop2, and the Flush + Reload attack refresh operation is also a malicious refresh cycle.
Since Loop2, Loopfr, and Loopft are malicious refresh cycles, a refresh-based cache attack is detected as long as Loop2, Loopfr, and Loopft are caught. Based on this, two thresholds, a first threshold T1 and a second threshold T2, are set in the present scheme to clip Loop2, Loopfr, and Loopft, and the refreshes between T1 and T2 are all malicious refreshes. The value of T1 should be between Loop1 and Loop2, so that normal processes are not reported by mistake, and malicious refreshes can be detected. The value of T1 is important because false positives occur if T1< Loop1, and failures of defense if T1> Loop2, Loopfr, or Loopft. The value of T2 should be between Loopft and Loop3, so that Spcedre attack of removing Loop2 cannot be judged to be malicious while malicious refresh is detected. In addition, the scheme also sets a preset refresh time malicious _ number for judging the malicious process. To prevent false positives, we decide that only processes with malicious refreshes more than the maleious _ number are considered malicious processes. The larger the value of the magic _ number, the less likely it will produce a false positive, but too large to detect an attack in a timely manner or possibly produce a false negative. Because the spectra attack requires multiple branch prediction training, the branch predictor is induced to make incorrect predictions. Each training will generate a malicious refresh, and a process with more than 5 times of branch prediction training is a malicious process. As shown in FIG. 6, the clock frequencies of the global timer, PMCCTR and the system are 333MHz, 667MHz and 55MHz, respectively. And timing by using a global timer, uniformly stipulating data to the frequency of a system clock, and selecting a threshold value.
In the embodiment of the invention, three monitoring defense measures are provided, which are respectively as follows: software defense, hardware interrupt defense, and hardware alarm register defense. For software defense measures, namely processing by software, determining a malicious process and preventing the refreshing operation of the malicious process; for a hardware terminal defense measure, namely triggering a terminal through an alarm register with hardware, and determining a malicious process in an interrupt service program; for the defense measure of the hardware alarm register, the label of the malicious process is sent to the monitor through the refreshing defensive device by reading the value of the alarm register.
In accordance with an embodiment of the present invention, there is provided an embodiment of a method for monitoring and defending against a refresh attack, it is noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than here.
In this embodiment, a monitoring and defending method for a refresh attack is provided, which may be used in electronic devices, such as an FPGA, and fig. 2 is a flowchart of the monitoring and defending method for a refresh attack according to an embodiment of the present invention, and as shown in fig. 2, the flowchart includes the following steps:
and S11, acquiring the current process and the starting time of the current process.
The electronic equipment is provided with a timer, and when the current process is monitored, the timer is started and the starting time of the current process is recorded. Meanwhile, in order to distinguish the processes, each process has a unique identifier.
And S12, recording the end time of the current process and the corresponding refreshing times of the current process.
And the electronic equipment records the end time of the current process and counts the refreshing times triggered by the current process.
S13, a time interval is determined based on the start time and the end time.
And the electronic equipment calculates the difference between the ending time and the starting time, namely, the time interval corresponding to the current process is determined.
And S14, when the time interval is between the first threshold and the second threshold and the refresh frequency is greater than the preset refresh frequency, determining that the current process is a malicious process to prevent the refresh operation of the current process.
The first threshold is between a first refresh interval and a second refresh interval, the first refresh interval is a normal refresh interval, the second refresh interval is a Spcetre attack interval, the second threshold is between a third refresh interval and a fourth refresh interval, the third refresh interval is a Flush and Time attack interval, and the fourth refresh interval is a Flush and Reload attack interval.
The electronic device compares the current time interval with a first threshold and a second threshold, compares the refresh times with preset refresh times, and determines that the current process is a malicious process and needs to be prevented from refreshing if the time interval is between the first threshold and the second threshold and the refresh times are greater than the preset refresh times.
The monitoring and defending method for cache attacks provided by the embodiment is different from the method for frequently refreshing the cache in a normal process, the cache attack based on the refreshing has a necessary and fundamental characteristic due to branch prediction training or encryption, namely, specific time is required to be separated when the refreshing operation is executed, although different attacks have different values, the values are within a certain range, and based on the specific time, the time interval is compared with a first threshold value and a second threshold value and the refreshing number is compared with a preset refreshing number according to the time interval and the refreshing number corresponding to the current process, so that whether the cache attack is a malicious attack or not is confirmed in real time.
In this embodiment, a monitoring and defending method for a refresh attack is provided, which may be used in electronic devices, such as an FPGA, and fig. 3 is a flowchart of the monitoring and defending method for a refresh attack according to an embodiment of the present invention, and as shown in fig. 3, the flowchart includes the following steps:
and S21, acquiring the current process and the starting time of the current process.
Please refer to S11 in fig. 2 for details, which are not described herein.
And S22, recording the end time of the current process and the corresponding refreshing times of the current process.
Please refer to S12 in fig. 2 for details, which are not described herein.
S23, a time interval is determined based on the start time and the end time.
Please refer to S13 in fig. 2 for details, which are not described herein.
And S24, when the time interval is between the first threshold and the second threshold and the refresh frequency is greater than the preset refresh frequency, determining that the current process is a malicious process to prevent the refresh operation of the current process.
The first threshold is between a first refresh interval and a second refresh interval, the first refresh interval is a normal refresh interval, the second refresh interval is a Spcetre attack interval, the second threshold is between a third refresh interval and a fourth refresh interval, the third refresh interval is a Flush and Time attack interval, and the fourth refresh interval is a Flush and Reload attack interval.
Specifically, S24 includes:
and S241, when the time interval is between the first threshold and the second threshold and the refreshing time is greater than the preset refreshing time, setting the alarm value as a target value.
And when the conditions of the time interval and the refreshing times are met, the electronic equipment sets the alarm value and the target value. For example, set to 1. Of course, the time interval or the number of refreshes does not satisfy the above condition, and the electronic device may also set an alarm value, for example, to 0.
And S242, determining that the current process is a malicious process based on the alarm value so as to prevent the refresh operation of the current process.
The electronic equipment can directly determine that the current process is a malicious process based on the alarm value, or the electronic equipment stores the alarm value into an alarm register so that the alarm register determines the malicious process by triggering interrupt and prevents the refresh operation of the current process; or the electronic equipment stores the alarm value into the alarm register, so that the refresh defensive device reads the alarm value from the alarm register and sends the alarm value to the monitor, and the monitor prevents the refresh operation of the current process under the condition that the current process is a malicious process.
According to the monitoring and defending method for the cache attack, after the current process is determined to be the malicious process, the alarm value is set to the target value so that the alarm value can be read to prevent the refreshing operation of the current process, and the data processing process is simplified.
As a specific application example of this embodiment, when the monitoring defense method is a software defense measure, the detection portion is implemented by a software portion, and the user invokes a flush defender kernel driver by invoking flush api to perform a refresh operation. The specific process is as follows: firstly, a driver detects a malicious process and records the time interval of refreshing the process. Second, caches L1 and L2 are flushed for non-malicious processes, otherwise flushing is prohibited (preventing attacks). Third, if the number of refreshes at T1 and T2 exceeds the maleious _ number, then the pid of the current process will be recorded as the pid of the malicious process.
Specifically, as shown in fig. 5, the user calls the FlushDefender kernel driver by calling FlushAPI to perform a refresh operation. At the moment, the hardware timer starts timing, and records the pid of the current process, the alarm value alarm is cleared, and the current time is recorded to calculate the refresh time interval of the current process. If the time interval is between T1 and T2 and the refreshing time exceeds the preset refreshing time N, setting the alarm value alarm to 1, otherwise, keeping the alarm value alarm unchanged. And when the alarm value alarm is 1, recording that the current process pid is a malicious process pid.
As a specific application example of this embodiment, when the monitoring defense method is a hardware interrupt defense measure, the user invokes the flush defender kernel driver by invoking flush api to perform a refresh operation. The specific process is as follows: firstly, the driver writes the pid of the current process into the register and triggers the hardware to detect. Second, caches L1 and L2 are flushed for non-malicious processes, otherwise flushing is prohibited (preventing attacks). And ecFlush, namely a real-time monitoring defense scheme based on the refresh cache attack. Thirdly, the method is different from the defense measure of the hardware alarm register in that the alarm register of the hardware triggers the interrupt, and the pid of the current process is recorded as the pid of the malicious process in the interrupt service program.
Specifically, as shown in fig. 6, when the current process is detected, the pid of the current process is recorded, the pid is written into a hardware register, the hardware detection is invoked, and the virtual address to be refreshed is converted into a physical address. During hardware detection, a hardware timer counts time, records pid of the current process, clears the alarm, and records the current time so as to calculate the refresh time interval. If the time interval is between T1 and T2 and the refreshing time exceeds the preset refreshing time N, setting the alarm value alarm to be 1, otherwise, keeping the alarm value alarm unchanged. And when the alarm value alarm is 1, triggering interruption, and recording that the current process pid is a malicious process pid in an interruption service program.
As a specific application example of this embodiment, when the monitoring defense method is a hardware alarm register defense measure, in the hardware alarm register defense measure, a user invokes a flush defender kernel driver by invoking flush api to perform a refresh operation. The specific process is as follows: firstly, the driver writes the pid of the current process into the register and triggers the hardware to detect. The hardware records the time interval of the process refresh, and if the number of refreshes at T1 and T2 exceeds the magic _ number, the value of the alarm register will be pulled high. Second, hardware defense techniques based on flush cache attacks for non-malicious processes study flush caches L1 and L2, otherwise flush is prohibited (blocking attacks). And thirdly, reading the value of the hardware alarm register, and recording the pid of the current process as the pid of the malicious process if the alarm is found.
Specifically, unlike the embodiment shown in fig. 5 described above, the refresh defensive reads the value of the alarm register through ioread32() and determines whether the current process is a malicious process. And if the read value of the alarm is 1, determining that the current process is a malicious process.
An embodiment of the present invention further provides an electronic device, please refer to fig. 9, fig. 9 is a schematic structural diagram of an electronic device according to an alternative embodiment of the present invention, and as shown in fig. 9, the electronic device may include: at least one processor 31, such as a CPU (Central Processing Unit), at least one communication interface 33, a memory 34, at least one communication bus 32. Wherein a communication bus 32 is used to enable the connection communication between these components. The communication interface 33 may include a Display (Display) and a Keyboard (Keyboard), and the optional communication interface 33 may also include a standard wired interface and a standard wireless interface. The Memory 34 may be a high-speed RAM (Random Access Memory) or a non-volatile Memory, such as at least one disk Memory. The memory 34 may optionally be at least one memory device located remotely from the processor 31. Wherein the memory 34 stores an application program, and the processor 31 calls the program code stored in the memory 34 for executing any of the above method steps.
The communication bus 32 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus 32 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 9, but this does not indicate only one bus or one type of bus.
The memory 34 may include a volatile memory (RAM), such as a random-access memory (RAM); the memory may also include a non-volatile memory (english: non-volatile memory), such as a flash memory (english: flash memory), a hard disk (english: hard disk drive, abbreviated: HDD) or a solid-state drive (english: SSD); the memory 34 may also comprise a combination of the above-mentioned kinds of memories.
The processor 31 may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of CPU and NP.
The processor 31 may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.
Optionally, the memory 34 is also used to store program instructions. The processor 31 may call program instructions to implement a monitoring and defense method for cache attacks as shown in any of the embodiments of the present application.
The embodiment of the invention also provides a non-transient computer storage medium, wherein the computer storage medium stores computer executable instructions which can execute the monitoring and defending method of the cache attack in any method embodiment. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
The embodiment of the invention also provides a monitoring defense system which comprises the electronic equipment and the alarm register. The details of the electronic device are as described above. The alarm register is connected with the electronic equipment and used for storing an alarm value.
In particular, fig. 8 shows the overall system architecture, which consists of three levels. And (3) a user layer: user process, three timer APIs, a refresh API and Monitor. Operating system layer: three timer drivers and a FlushDefender. Hardware layer: the global timer, pmcntr timer and cache are modules that accompany the system. NewTimer and FlushDetector use FPGA implemented modules that connect to the system through an AXI-GP interface. The FlushDetector and FlushDefender modules represent components of SecFlush.
The user may call the timer driver and FlushDefender through the timer API and the refresh API. The timer driver is used to obtain the exact current time, which can be obtained by calling a global timer, a pmcntr timer, or a new timer. The FlushDetector is a hardware detection module that records basic data for each refresh operation, such as the current time and pid of the process, and compares the recorded data with the characteristics of the refresh-based cache attack to infer whether the process performed the attack. The basic function of the FlushDefender is to quickly flush L1 and L2 cache lines. Also, the FlushDefender can detect an exception by calling FlushDetector. If the FlushDefender receives an alarm from the FlushDetector, the FlushDefender records the current process as a malicious process, and defends against cache attacks based on refreshing by prohibiting the malicious process from executing the refreshing operation. In addition, it reports the pid of the malicious process to Monitor through netlink. A Monitor is a user-level application that receives messages from the kernel layer.
The interface of the FlushDetector module pulls slv _ reg _ wren signal high as shown in fig. 7, the basic operation component, this module is to the Detector operation component, inputs the value of the bus register offset address into axi _ awaddr [1:0], and then inputs the process pid into s _ axi _ wdata [31:0 ]. clock _ counter acts as a timer and increments by 1 every clock cycle, clearing the alarm signal. Current _ pid, last _ time is recorded, and the time interval of the current process is calculated. If between T1 and T2, a malicious refresh is indicated, at which time the refresh timer (flush _ counter) is incremented by 1. If the flush _ counter equals the magic _ number, the alarm output is pulled high, thereby writing to the bus register and alarming. If the time interval is less than T1, the refresh timer (flush _ counter) remains unchanged. If the time interval is greater than T2, indicating no attack, the flush timer is cleared.
As no instruction for refreshing the cache line on the user plane exists on the ARMCortex-A9, the basic function of quickly refreshing the cache lines of L1 and L2 is realized by using a flush Defender kernel drive through a read-write state general register, and meanwhile, the cache line is interacted with hardware and a user layer to defend against the cache attack based on refreshing. Flushing the L1 cache line using a CP15 coprocessor and CPSR register (currentprogramstutusregister); the PL310 cache controller is used to flush the L2 cache lines, where the address being flushed is a physical address.
The flushdefenser defends against acquiring current _ pid from the kernel's pointer current. It then writes the current _ pid to the bus register via the iowrite32() function, while calling the FlushDetector detect to detect the attack, and the virtual address is then translated to a physical address. Next, if the current process is not a malicious process, the FlushDetector clears the historical data in the L1 and L2 data cache lines and invalidates them for a write operation. Then, the present embodiment proposes three defense methods. The first method is to read the value of the special bus register alarm by the ioread32() function, which is the detection result of the FlushDetector. If the value of the specific bus register alarm is pulled high, the current process will be recorded as a malicious process and the malicious process's label (maleious _ pid) is sent to the Monitor through the sendusrmsg () function of the netlink mechanism. Another method is to trigger an interrupt through the alarm register, then log the malicious process and alert the Monitor in the interrupt service routine. This approach is referred to as "hardware interrupt defense". The third method is software defense, as described above.
With reference to the system shown in fig. 7, the monitoring and defending method for cache attacks includes:
(1) the main flow of the hardware module FlushDetector is as follows:
step 1: pull slv _ reg _ wren signal high;
step 2: inputting the value of the bus register offset address into axi _ awaddr [1:0 ];
and step 3: then, inputting the process pid into s _ axi _ wdata [31:0 ];
and 4, step 4: clock _ counter as a timer and increments by 1 every clock cycle;
and 5: clearing the alarm signal;
step 6: recording current _ pid and last _ time, and calculating the time interval of the current process;
and 7: if the current time is between the threshold value 1 and the threshold value 2, the malicious refresh exists, and the refresh timer (flush _ counter) is added with 1;
and step 8: if the flush counter equals the magic number, the alarm output signal is pulled high, writing to the bus register and alarming.
And step 9: if the time interval is less than Threshold1, the refresh timer (flush _ counter) remains unchanged;
step 10: if the time interval is greater than Threshold2, indicating no attack, the flush timer is cleared.
(2) The FlushDefender kernel driver module defends against attacks;
step 1: acquiring current _ pid from the pointer current of the kernel by the FlushDefender;
and 2, step: writing current _ pid to the bus register via iowrite32() function;
and step 3: invoking a FlushDetector to detect the attack, and then converting the virtual address into a physical address;
and 4, step 4: if the current process is not a malicious process, the FlushDetector clears the L1 and L2 data cache lines and invalidates them;
and 5: the value of the special bus register alarm is read by the ioread32() function, which is the result of the detection by the FlushDetector. If the value of the special bus register alarm is pulled high, the current process is recorded as a malicious process, and the label (malicious _ pid) of the malicious process is sent to the Monitor through the sendusrmsg () function of the netlink mechanism;
step 6: interrupts are triggered via the alarm register, and then malicious processes are recorded and an alarm is raised to the Monitor in an interrupt service routine.
By analyzing that the cache is frequently refreshed differently from the normal process, the refresh-based cache attack has a necessary and fundamental characteristic due to the branch prediction training or encryption that a certain time interval is required when the refresh operation is performed, and although different attacks have different values, the values are within a certain range. And then, a defense system is constructed by combining software and hardware, a FlushDetector hardware module monitors the malicious process in real time according to the refreshing characteristic of the cache attack, and then a FlushDefender software kernel drives the malicious process to be prohibited from executing the refreshing operation to defend the attack. And finally, a reasonably designed hardware module and software module realize real-time monitoring and effective defense on the attack of the cache side channel, and the method is high in accuracy and low in time overhead, so that the serious attack threat faced by the ARM architecture mobile terminal is solved.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.
Claims (10)
1. A monitoring and defense method for cache attacks is characterized by comprising the following steps:
acquiring a current process and starting time of the current process;
recording the end time of the current process and the refreshing times corresponding to the current process;
determining a time interval based on the start time and the end time;
when the Time interval is between a first threshold and a second threshold and the refresh frequency is greater than a preset refresh frequency, determining that the current process is a malicious process to prevent refresh operation of the current process, wherein the first threshold is between a first refresh interval and a second refresh interval, the first refresh interval is a normal refresh interval, the second refresh interval is a Spcetre attack interval, the second threshold is between a third refresh interval and a fourth refresh interval, the third refresh interval is a Flush and Time attack interval, and the fourth refresh interval is a Flush and Reload attack interval.
2. The method according to claim 1, wherein when the time interval is between a first threshold and a second threshold and the refresh time is greater than a preset refresh time, determining that the current process is a malicious process to prevent a refresh operation of the current process comprises:
when the time interval is between a first threshold value and a second threshold value and the refreshing time is greater than a preset refreshing time, setting an alarm value as a target value;
and determining that the current process is a malicious process based on the alarm value so as to prevent the refresh operation of the current process.
3. The method of claim 2, wherein the determining that the current process is a malicious process based on the alert value comprises:
and reading the alarm value, and determining that the current process is a malicious process so as to prevent the refreshing operation of the current process.
4. The method of claim 2, wherein the determining that the current process is a malicious process based on the alert value comprises:
and writing the alarm value into an alarm register so that the alarm register triggers an interrupt and records the current process as a malicious process in an interrupt service program to prevent the refresh operation of the current process.
5. The method of claim 2, wherein the determining that the current process is a malicious process based on the alert value comprises:
and writing the alarm value into an alarm register so that the refresh defensive device reads the alarm value from the alarm register and records the current process as a malicious process to prevent the refresh operation of the current process.
6. The method of claim 1, further comprising:
when the current process is determined not to be a malicious process, refreshing a first-level cache and a second-level cache based on the current process.
7. An electronic device, comprising:
a memory and a processor, the memory and the processor being communicatively connected to each other, the memory having stored therein computer instructions, the processor executing the computer instructions to perform the method for monitoring and defending against cache attacks according to any one of claims 1 to 6.
8. A computer-readable storage medium storing computer instructions for causing a computer to execute the method for monitoring and defending against cache attacks according to any one of claims 1 to 6.
9. A monitoring and defense system for cache attacks, comprising:
the electronic device of claim 7;
and the alarm register is connected with the electronic equipment and used for storing the alarm value.
10. The system of claim 9, further comprising:
and the refresh defensive device is connected with the alarm register and is used for reading the alarm value stored in the alarm register and determining that the current process is a malicious process to prevent the refresh operation of the current process when the alarm value is a target value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111589222.8A CN114448666A (en) | 2021-12-23 | 2021-12-23 | Monitoring and defending method, electronic equipment and system for cache attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111589222.8A CN114448666A (en) | 2021-12-23 | 2021-12-23 | Monitoring and defending method, electronic equipment and system for cache attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114448666A true CN114448666A (en) | 2022-05-06 |
Family
ID=81364462
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111589222.8A Pending CN114448666A (en) | 2021-12-23 | 2021-12-23 | Monitoring and defending method, electronic equipment and system for cache attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114448666A (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9436603B1 (en) * | 2014-02-27 | 2016-09-06 | Amazon Technologies, Inc. | Detection and mitigation of timing side-channel attacks |
-
2021
- 2021-12-23 CN CN202111589222.8A patent/CN114448666A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9436603B1 (en) * | 2014-02-27 | 2016-09-06 | Amazon Technologies, Inc. | Detection and mitigation of timing side-channel attacks |
Non-Patent Citations (2)
| Title |
|---|
| CHURAN TANG: "Flush+Time:一种高精度和高分辨率ARM-FPGA嵌入式SoC的缓存攻击", 《IEEE》, 4 June 2020 (2020-06-04), pages 2 - 3 * |
| CHURAN TANG: "SecFlush:一种针对基于刷新的缓存攻击的检测与防御的硬件/软件设计", 《SPRINGER》, 31 December 2020 (2020-12-31), pages 3 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mushtaq et al. | Nights-watch: A cache-based side-channel intrusion detector using hardware performance counters | |
| Bazm et al. | Cache-based side-channel attacks detection through intel cache monitoring technology and hardware performance counters | |
| US11777705B2 (en) | Techniques for preventing memory timing attacks | |
| US20200065490A1 (en) | Hardware heuristic-driven binary translation-based execution analysis for return-oriented programming malware detection | |
| US10185824B2 (en) | System and method for uncovering covert timing channels | |
| US11363058B2 (en) | Detecting execution of modified executable code | |
| WO2016095626A1 (en) | Process monitoring method and device | |
| US9542557B2 (en) | Snoop-based kernel integrity monitoring apparatus and method thereof | |
| KR101701014B1 (en) | Reporting malicious activity to an operating system | |
| US20170091454A1 (en) | Lbr-based rop/jop exploit detection | |
| WO2020005450A1 (en) | Heuristic and machine-learning based methods to prevent fine-grained cache side-channel attacks | |
| CN111898127A (en) | Method and system capable of resisting Spectre attack based on flush operation | |
| US9015374B2 (en) | Virtual interrupt filter | |
| Kim et al. | Real-time detection of cache side-channel attack using non-cache hardware events | |
| US20190042746A1 (en) | Methods, systems and apparatus to detect polymorphic malware | |
| CN114448666A (en) | Monitoring and defending method, electronic equipment and system for cache attack | |
| US20180107823A1 (en) | Programmable Hardware Security Counters | |
| Yu et al. | Using hardware performance counters to detect control hijacking attacks | |
| US9880947B2 (en) | Return oriented programming stack pivoting protection | |
| CN114692162A (en) | Processor attack detection method, processor and electronic equipment | |
| Tang et al. | SecFlush: A Hardware/Software Collaborative Design for Real-Time Detection and Defense Against Flush-Based Cache Attacks | |
| Tank et al. | Cache attack detection in virtualized environments | |
| EP4235469A1 (en) | A system for detecting malwares in a resources constrained device | |
| US11966471B2 (en) | Interrupt latency and interval tracking | |
| EP4369226A1 (en) | Protecting computer systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |