Cryptology ePrint Archive: Report 2021/652

Detector+: An Approach for Detecting, Isolating, and Preventing Timing Attacks

Arsalan Javeed and Cemal Yilmaz and Erkay Savas

Abstract: In this work, we present a novel approach, called Detector+ , to detect, isolate, and prevent timing-based side channel attacks (i.e., timing attacks) at runtime. The proposed approach is based on a simple observation that the time measurements required by the timing attacks differ from those required by the benign applications as these attacks need to measure the execution times of typically quite short-running operations. Detector+ , therefore, monitors the time readings made by processes and mark consecutive pairs of readings that are close to each other in time as suspicious. In the presence of suspicious time measurements, Detector+ introduces noise into the measurements to prevent the attacker from extracting information by using these measurements. The sequence of suspicious time measurements are then analyzed by using a sliding window based approach to pinpoint the malicious processes at runtime. We have empirically evaluated the proposed approach by using five well known timing attacks, including Meltdown, together with their variations, representing some of the mechanisms that an attacker can employ to become stealthier. In one evaluation setup, each type of attack was carried out concurrently by multiple processes. In the other setup, multiple types of attacks were carried out concurrently. In all the experiments, Detector+ detected all the malicious time measurements with almost a perfect accuracy, prevented all the attacks, and correctly pinpointed all the malicious processes involved in the attacks without any false positives after they have made a few time measurements with an average runtime overhead of 1.56%.

Category / Keywords: applications / side channel attacks, timing attacks, runtime attack detection, isolation, and prevention

Date: received 19 May 2021, last revised 20 Aug 2021

Contact author: ajaveed at sabanciuniv edu, cemal yilmaz at sabanciuniv edu, erkay savas at sabanciuniv edu

Available format(s): PDF | BibTeX Citation

Version: 20210820:060850 (All versions of this report)

Short URL: ia.cr/2021/652


[ Cryptology ePrint archive ]