Abstract
Cloud computing is convenient to provide adequate resources for tenants, but it suffers from information disclosure risks because hardware resources are shared among multiple tenants. For example, secret information in the shared cache can be inferred by other malicious processes, which is called cache-based attacks. To defeat against such attacks, many detection methods have been proposed. However, most of the existing detection mechanisms completely rely on the hardware performance counters (HPCs) and induce high false positives in detecting attacks. This paper proposes an accurate detector named CBA-Detector to detect cache-based side-channel attacks in real time. CBA-Detector is composed of an offline analysis phase and an online detection phase. The former analyzes the hardware events generated by sample programs. Then it extracts features from these events to train machine learning models. Based on the models, the latter monitors active processes in real time to discover suspicious processes. These suspicious processes will be checked again at the instruction level by customized Pintools, which effectively eliminates false positives. As shown in our experiments, CBA-Detector can accurately identify attacks in real time and introduces 4.4% overhead on PARSEC and about 10% overhead on web server.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
