Fast, Robust and Accurate Detection of Attack Phases in Side-Channel Attacks

Arash Pashrashid

Introduction

• Modern processors use speculative execution and shared resources (e.g. caches) for high efficiency�
• Speculative execution causes attacks like Spectre and Meltdown

​

• Sharing resources causes attacks like Prime+Probe and Flush+Flush

2

Prior work and limitations

• Many countermeasures developed to secure systems but they slowdown the system significantly
• Detectors help to prevent unnecessary restrictions
• Many detectors use machine learning to detect malicious activities, but they are vulnerable to evasive attacks

3

Fooling PerSpectron

• Fooling PerSpectron with evasive attacks: we inject safe code to the branch mistraining phase of the attack.
• Injecting noops
• Injecting memory access instructions
• PerSpectron accuracy falls from %98 to 4%
• Our systematic attack: Proposing an attack entirely executed with a sequence of benign programs

4

Our detector

• We propose a detector that is robust to known evasive attacks as well as our systematic attack
• We aim to track the sequence of attack phases
• Our solution uses a direct-analysis approach to monitor micro architectural state changes

5