Paper 2021/652
Detector+: An Approach for Detecting, Isolating, and Preventing Timing Attacks
Arsalan Javeed, Cemal Yilmaz, and Erkay Savas
Abstract
In this work, we present a novel approach, called Detector+ , to detect, isolate, and prevent timing-based side channel attacks (i.e., timing attacks) at runtime. The proposed approach is based on a simple observation that the time measurements required by the timing attacks differ from those required by the benign applications as these attacks need to measure the execution times of typically quite short-running operations. Detector+ , therefore, monitors the time readings made by processes and mark consecutive pairs of readings that are close to each other in time as suspicious. In the presence of suspicious time measurements, Detector+ introduces noise into the measurements to prevent the attacker from extracting information by using these measurements. The sequence of suspicious time measurements are then analyzed by using a sliding window based approach to pinpoint the malicious processes at runtime. We have empirically evaluated the proposed approach by using five well known timing attacks, including Meltdown, together with their variations, representing some of the mechanisms that an attacker can employ to become stealthier. In one evaluation setup, each type of attack was carried out concurrently by multiple processes. In the other setup, multiple types of attacks were carried out concurrently. In all the experiments, Detector+ detected all the malicious time measurements with almost a perfect accuracy, prevented all the attacks, and correctly pinpointed all the malicious processes involved in the attacks without any false positives after they have made a few time measurements with an average runtime overhead of 1.56%.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Preprint. MINOR revision.
- Keywords
- side channel attackstiming attacksruntime attack detectionisolationand prevention
- Contact author(s)
-
ajaveed @ sabanciuniv edu
cemal yilmaz @ sabanciuniv edu
erkay savas @ sabanciuniv edu - History
- 2021-08-20: revised
- 2021-05-20: received
- See all versions
- Short URL
- https://ia.cr/2021/652
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/652, author = {Arsalan Javeed and Cemal Yilmaz and Erkay Savas}, title = {Detector+: An Approach for Detecting, Isolating, and Preventing Timing Attacks}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/652}, year = {2021}, url = {https://eprint.iacr.org/2021/652} }