SpyDetector: An approach for detecting side-channel attacks at runtime

SpyDetector: An approach for detecting side-channel attacks at runtime In this work, we first present a low-cost, anomaly-based semi-supervised approach, which is instrumental in detecting the presence of ongoing side-channel attacks at runtime. We are, in particular, concerned with attacks that are carried out by creating intentional contentions in shared resources with cryptographic applications using a “spy” process. At a very high level, the approach quantifies contentions in shared resources, associates these contentions with processes, such as with a victim process, and issues a warning at runtime whenever the contentions reach a “suspicious” level. We then adapt this approach to detect the presence of four different types of cache-based side-channel attacks, namely prime-and-probe attacks on advanced encryption standard (AES), flush-and-reload attacks on AES and elliptic curve digital signature algorithm with Montgomery ladder algorithm, and Flush + Flush attacks on AES. To this end, we vary the shared resources monitored, the level of granularity at which the contentions in these resources are quantified, and the way the suspicious levels of contentions are detected. We evaluate the proposed approach also in cross-virtual machine setups (when applicable). The results of our experiments support our basic hypothesis that spy processes, which leverage information leaked by cryptographic applications through some shared resources, ironically http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png International Journal of Information Security Springer Journals

SpyDetector: An approach for detecting side-channel attacks at runtime

Loading next page...
 
/lp/springer_journal/spydetector-an-approach-for-detecting-side-channel-attacks-at-runtime-H6wUzHAQeM
Publisher
Springer Journals
Copyright
Copyright © 2018 by Springer-Verlag GmbH Germany, part of Springer Nature
Subject
Computer Science; Data Encryption; Computer Communication Networks; Operating Systems; Coding and Information Theory; Management of Computing and Information Systems; Communications Engineering, Networks
ISSN
1615-5262
eISSN
1615-5270
D.O.I.
10.1007/s10207-018-0411-7
Publisher site
See Article on Publisher Site

Abstract

In this work, we first present a low-cost, anomaly-based semi-supervised approach, which is instrumental in detecting the presence of ongoing side-channel attacks at runtime. We are, in particular, concerned with attacks that are carried out by creating intentional contentions in shared resources with cryptographic applications using a “spy” process. At a very high level, the approach quantifies contentions in shared resources, associates these contentions with processes, such as with a victim process, and issues a warning at runtime whenever the contentions reach a “suspicious” level. We then adapt this approach to detect the presence of four different types of cache-based side-channel attacks, namely prime-and-probe attacks on advanced encryption standard (AES), flush-and-reload attacks on AES and elliptic curve digital signature algorithm with Montgomery ladder algorithm, and Flush + Flush attacks on AES. To this end, we vary the shared resources monitored, the level of granularity at which the contentions in these resources are quantified, and the way the suspicious levels of contentions are detected. We evaluate the proposed approach also in cross-virtual machine setups (when applicable). The results of our experiments support our basic hypothesis that spy processes, which leverage information leaked by cryptographic applications through some shared resources, ironically

Journal

International Journal of Information SecuritySpringer Journals

Published: Jun 2, 2018

References

You’re reading a free preview. Subscribe to read the entire article.


DeepDyve is your
personal research library

It’s your single place to instantly
discover and read the research
that matters to you.

Enjoy affordable access to
over 18 million articles from more than
15,000 peer-reviewed journals.

All for just $49/month

Explore the DeepDyve Library

Search

Query the DeepDyve database, plus search all of PubMed and Google Scholar seamlessly

Organize

Save any article or search result from DeepDyve, PubMed, and Google Scholar... all in one place.

Access

Get unlimited, online access to over 18 million full-text articles from more than 15,000 scientific journals.

Your journals are on DeepDyve

Read from thousands of the leading scholarly journals from SpringerNature, Elsevier, Wiley-Blackwell, Oxford University Press and more.

All the latest content is available, no embargo periods.

See the journals in your area

DeepDyve

Freelancer

DeepDyve

Pro

Price

FREE

$49/month
$360/year

Save searches from
Google Scholar,
PubMed

Create lists to
organize your research

Export lists, citations

Read DeepDyve articles

Abstract access only

Unlimited access to over
18 million full-text articles

Print

20 pages / month

PDF Discount

20% off