Paper 2019/613
MeltdownDetector: A Runtime Approach for Detecting Meltdown Attacks
Taha Atahan Akyildiz, Can Berk Guzgeren, Cemal Yilmaz, and Erkay Savas
Abstract
In this work, we present a runtime approach, called MeltdownDetector, for detecting, isolating, and preventing ongoing Meltdown attacks that operate by causing segmentation faults. Meltdown exploits a hardware vulnerability that allows a malicious process to access memory locations, which do not belong to the process, including the physical and kernel memory. The proposed approach is based on a simple observation that in order for a Meltdown attack to be worthwhile, either a single byte of data located at a particular memory address or a sequence of consecutive memory addresses (i.e., sequence of bytes) need to be read, so that a meaningful piece of information can be extracted from the data leaked. MeltdownDetector, therefore, monitors segmentation faults occurring at memory addresses that are close to each other and issues a warning at runtime when these faults become "suspicious." Furthermore, MeltdownDetector flushes the cache hierarchy after every suspicious segmentation fault, which, in turn, prevents any information leakage. In the experiments we carried out to evaluate the proposed approach, MeltdownDetector successfully detected all the attacks in every subject workload under every combination of attack detection configuration and attack variation used in the experiments and correctly pinpointed all the malicious processes involved in these attacks without issuing any false alarms and without leaking even a single byte of data. Furthermore, the runtime overhead of MeltdownDetector was 0.55%, on average.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Keywords
- Meltdownside-channel attackscountermeasuresruntime detectionpreventionand isolation
- Contact author(s)
- cyilmaz @ sabanciuniv edu
- History
- 2019-07-25: revised
- 2019-06-03: received
- See all versions
- Short URL
- https://ia.cr/2019/613
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/613, author = {Taha Atahan Akyildiz and Can Berk Guzgeren and Cemal Yilmaz and Erkay Savas}, title = {{MeltdownDetector}: A Runtime Approach for Detecting Meltdown Attacks}, howpublished = {Cryptology {ePrint} Archive, Paper 2019/613}, year = {2019}, url = {https://eprint.iacr.org/2019/613} }