Real time detection of cache-based side-channel attacks using hardware performance counters

[Display omitted] •Three methods for detecting a class of cache-based side-channel attacks are proposed.•A new tool (quickhpc) for probing hardware performance counters at a higher temporal resolution than the existing tools is presented.•The first method is based on correlation, the other two use m...

Full description

Saved in:
Bibliographic Details
Published in:Applied soft computing Vol. 49; pp. 1162 - 1174
Main Authors: Chiappetta, Marco, Savas, Erkay, Yilmaz, Cemal
Format: Journal Article
Language:English
Published: Elsevier B.V 01-12-2016
Subjects:
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:[Display omitted] •Three methods for detecting a class of cache-based side-channel attacks are proposed.•A new tool (quickhpc) for probing hardware performance counters at a higher temporal resolution than the existing tools is presented.•The first method is based on correlation, the other two use machine learning techniques and reach a minimum F-score of 0.93.•A smarter attack is devised that is capable of circumventing the first method. In this paper we analyze three methods to detect cache-based side-channel attacks in real time, preventing or limiting the amount of leaked information. Two of the three methods are based on machine learning techniques and all the three of them can successfully detect an attack in about one fifth of the time required to complete it. We could not experience the presence of false positives in our test environment and the overhead caused by the detection systems is negligible. We also analyze how the detection systems behave with a modified version of one of the spy processes. With some optimization we are confident these systems can be used in real world scenarios.
ISSN:1568-4946
1872-9681
DOI:10.1016/j.asoc.2016.09.014