Cache side channel attacks obtain victim cache line access footprint to infer security-critical information. Among them, cross-core attacks exploiting the shared last level cache are more threatening as their simplicity to set up and high capacity. Stateful approaches of detection-based mitigation observe precise cache behaviors and protect specific cache lines that are suspected of being attacked. However, their recording structures incur large storage overhead and are vulnerable to reverse engineering attacks. Exploring the intrinsic non-determinate layout of a traditional Cuckoo filter, this paper proposes a space efficient Auto-Cuckoo filter to record access footprints, which succeed to decrease storage overhead and resist reverse engineering attacks at the same time. With Auto-Cuckoo filter, we propose PiPoMonitor to detect \textit{Ping-Pong patterns} and prefetch specific cache line to interfere with adversaries' cache probes. Security analysis shows the PiPoMonitor can effectively mitigate cross-core attacks and the Auto-Cuckoo filter is immune to reverse engineering attacks. Evaluation results indicate PiPoMonitor has negligible impact on performance and the storage overhead is only 0.37$\%$, an order of magnitude lower than previous stateful approaches.
翻译:Cache 侧通道袭击获得受害者缓冲线接入足迹,以获取安全关键信息。 其中,利用共享最后层缓冲点的交叉核心袭击更具有威胁性,因为其设置和容量都比较简单。基于检测的缓解方法显示精确缓冲行为,并保护被怀疑受到袭击的特定缓冲线。然而,它们的记录结构产生巨大的存储管理,容易发生反向工程袭击。探讨传统的Cuckoo过滤器的内在非固定布局,本文提议建立一个空间高效自动库过滤器,以记录存取脚印,这些脚印能够同时减少存储间接费用并抵抗反向工程袭击。在Auto-Cuckoo过滤器中,我们建议PiPop Monitor检测\ textit{Ping-Pong模式,并预先建立特定的缓冲线,以干扰对手的缓冲探测器。安全分析显示Pipo Monitor能够有效减轻跨核心袭击,而Aut-Cuckoo过滤器可以避免反向工程袭击。 评估结果表明,Pipo Monitor对性操作的影响微不足道,而存储顶部仅值为0.37。