Paper 2024/1856
"There's always another counter": Detecting Micro-architectural Attacks in a Probabilistically Interleaved Malicious/Benign Setting
, Indian Institute of Technology Kharagpur, Indian Institute of Technology Kharagpur, Indian Institute of Technology Kharagpur, Indian Institute of Technology Kharagpur, Indian Institute of Technology Kharagpur, Indian Institute of Technology KharagpurAbstract
Modern micro-architectural attacks use a variety of building blocks chained to develop a final exploit. However, since in most cases, the footprint of such attacks is not visible architecturally (like, in the file-system), it becomes trickier to defend against these. In light of this, several automated defence mechanisms use Hardware Performance Counters (HPCs) detect when the micro-architectural elements are being misused for a potential attacks (like flush-reload, Spectre, Meltdown etc.). In order to bypass such defences, recent works have proposed the idea of "probabilistic interleaving": the adversary interleaves the actual attack code with benign code with very low frequency. Such a strategy tips off the HPCs used for detection with a lot of unnecessary noise; recent studies have shown that probabilistically interleaved attacks can achieve an attack evasion rate of 100% (i.e. are virtually undetectable). In this work, we contend this folklore. We develop a theoretical model of interleaved attacks using lightweight statistical tools like Gaussian Mixture Models and Dip Test for Unimodality and prove they are detectable for the correct choices of HPCs. Furthermore, we also show possible defence strategy against a stronger threat model than considered in literature: where the attacker interleaves multiple attacks instead of a single attack. Empirically, to instantiate our detector, in contrast to prior detection strategies, we choose LLMs for a number of reasons: (1) LLMs can easily contextualize data from a larger set of HPCs than generic machine learning techniques, and (2) with simple prompts, LLMs can quickly switch between different statistical analysis methods. To this end, we develop an LLM-based methodology to detect probabilistically interleaved attacks. Our experiments establish that our improved methodology is able to achieve 100% speculative attacks like Spectre v1/v2/v3, Meltdown, and Spectre v2 (with improved gadgets that even evade recent protections like Enhanced IBRS, IBPB conditional, and so on). This makes our methodology suitable for detecting speculative attacks in a non-profiled setting: where attack signatures might not be known in advance. All in all, we achieve a 100% attack detection rate, even with very low interleave frequencies (i.e. $10^{-6}$). Our detection principle and its instantiation through LLMs shows how probabilistically interleaving attack code in benign execution is not a perfect strategy, and more research is still needed into developing and countering better attack evasion strategies.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. SPACE 2024: Fourteenth International Conference on Security, Privacy and Applied Cryptographic Engineering
- Keywords
- LLMsMicro-architectural attacksInterleaved attacks
- Contact author(s)
-
mandal up98 @ kgpian iitkgp ac in
rupalikalundia @ kgpian iitkgp ac in
nimish mishra @ kgpian iitkgp ac in
shubhishukla @ kgpian iitkgp ac in
sarani @ cse iitkgp ac in
debdeep @ cse iitkgp ac in - History
- 2024-11-15: approved
- 2024-11-13: received
- See all versions
- Short URL
- https://ia.cr/2024/1856
- License
-
CC BY-NC
BibTeX
@misc{cryptoeprint:2024/1856,
author = {Upasana Mandal and Rupali Kalundia and Nimish Mishra and Shubhi Shukla and Sarani Bhattacharya and Debdeep Mukhopadhyay},
title = {"There's always another counter": Detecting Micro-architectural Attacks in a Probabilistically Interleaved Malicious/Benign Setting},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1856},
year = {2024},
url = {https://eprint.iacr.org/2024/1856}
}
