Paper 2021/652

Detector+: An Approach for Detecting, Isolating, and Preventing Timing Attacks

Arsalan Javeed, Cemal Yilmaz, and Erkay Savas

Abstract

In this work, we present a novel approach, called Detector+ , to detect, isolate, and prevent timing-based side channel attacks (i.e., timing attacks) at runtime. The proposed approach is based on a simple observation that the time measurements required by the timing attacks differ from those required by the benign applications as these attacks need to measure the execution times of typically quite short-running operations. Detector+ , therefore, monitors the time readings made by processes and mark consecutive pairs of readings that are close to each other in time as suspicious. In the presence of suspicious time measurements, Detector+ introduces noise into the measurements to prevent the attacker from extracting information by using these measurements. The sequence of suspicious time measurements are then analyzed by using a sliding window based approach to pinpoint the malicious processes at runtime. We have empirically evaluated the proposed approach by using five well known timing attacks, including Meltdown, together with their variations, representing some of the mechanisms that an attacker can employ to become stealthier. In one evaluation setup, each type of attack was carried out concurrently by multiple processes. In the other setup, multiple types of attacks were carried out concurrently. In all the experiments, Detector+ detected all the malicious time measurements with almost a perfect accuracy, prevented all the attacks, and correctly pinpointed all the malicious processes involved in the attacks without any false positives after they have made a few time measurements with an average runtime overhead of 1.56%.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
side channel attackstiming attacksruntime attack detectionisolationand prevention
Contact author(s)
ajaveed @ sabanciuniv edu
cemal yilmaz @ sabanciuniv edu
erkay savas @ sabanciuniv edu
History
2021-08-20: revised
2021-05-20: received
See all versions
Short URL
https://ia.cr/2021/652
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/652,
      author = {Arsalan Javeed and Cemal Yilmaz and Erkay Savas},
      title = {Detector+: An Approach for Detecting, Isolating, and Preventing Timing Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/652},
      year = {2021},
      url = {https://eprint.iacr.org/2021/652}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.