You are looking at a specific version 20190603:070350 of this paper. See the latest version.

Paper 2019/613

MeltdownDetector: A Runtime Approach for Detecting Meltdown Attacks

Taha Atahan Akyildiz and Can Berk Guzgeren and Cemal Yilmaz and Erkay Savas

Abstract

In this work, we present a runtime approach, called MeltdownDetector, for detecting, isolating, and preventing ongoing Meltdown attacks that operate by causing segmentation faults. Meltdown exploits a hardware vulnerability that allows a malicious process to access memory locations, which do not belong to the process, including the physical and kernel memory. The proposed approach is based on a simple observation that in order for a Meltdown attack to be successful, either a single byte of data located at a particular memory address or a sequence of consecutive memory addresses (i.e., sequence of bytes) need to be read, so that a meaningful piece of information can be extracted from the data leaked. MeltdownDetector, therefore, monitors segmentation faults occurring at memory addresses that are close to each other and issues a warning at runtime when these faults become ``suspicious.'' Furthermore, MeltdownDetector flushes the caches after every suspicious segmentation fault, preventing even a single byte of data from being leaked. In the experiments we carried out to evaluate the proposed approach, MeltdownDetector successfully detected all the attacks, correctly isolated all the malicious processes, and did so at the earliest possible time after the attacks have started with an average runtime overhead of 0.34% and without even leaking a single byte of information.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Meltdownside-channel attackscountermeasuresruntime detectionpreventionand isolation
Contact author(s)
cyilmaz @ sabanciuniv edu
History
2019-07-25: revised
2019-06-03: received
See all versions
Short URL
https://ia.cr/2019/613
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.