Skip to main content
Log in

SpyDetector: An approach for detecting side-channel attacks at runtime

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

In this work, we first present a low-cost, anomaly-based semi-supervised approach, which is instrumental in detecting the presence of ongoing side-channel attacks at runtime. We are, in particular, concerned with attacks that are carried out by creating intentional contentions in shared resources with cryptographic applications using a “spy” process. At a very high level, the approach quantifies contentions in shared resources, associates these contentions with processes, such as with a victim process, and issues a warning at runtime whenever the contentions reach a “suspicious” level. We then adapt this approach to detect the presence of four different types of cache-based side-channel attacks, namely prime-and-probe attacks on advanced encryption standard (AES), flush-and-reload attacks on AES and elliptic curve digital signature algorithm with Montgomery ladder algorithm, and Flush + Flush attacks on AES. To this end, we vary the shared resources monitored, the level of granularity at which the contentions in these resources are quantified, and the way the suspicious levels of contentions are detected. We evaluate the proposed approach also in cross-virtual machine setups (when applicable). The results of our experiments support our basic hypothesis that spy processes, which leverage information leaked by cryptographic applications through some shared resources, ironically leak information by themselves through the same or related channels, which can be analyzed to detect the presence of ongoing attacks at runtime.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. AES Standard. csrc.nist.gov/publications/fips/fips197/fips-197.pdf (2001)

  2. AES-NI. https://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/. Accessed 28 Mar 2016

  3. Aciiçmez, O.: Yet another microarchitectural attack: exploiting i-cache. IACR Cryptol ePrint Arch 2007, 164 (2007)

    Google Scholar 

  4. Aciiçmez, O., Brumley, B.B., Grabher, P.: New results on instruction cache attacks. In: Mangard, S., Standaert, F.-X. (eds.) CHES, Volume 6225 of Lecture Notes in Computer Science, pp. 110–124. Springer (2010)

  5. Aciiçmez, O., Koç, Ç.K., Seifert, J.-P.: On the power of simple branch prediction analysis. IACR Cryptol. ePrint Arch. 2006, 351 (2006)

    Google Scholar 

  6. Aciiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES (short paper). In: Ning, P., Qing, S., Li, N. (eds.) ICICS, Volume 4307 of Lecture Notes in Computer Science, pp. 112–121. Springer (2006)

  7. Aciiçmez, O., Koç, Ç.K., Seifert, J.-P.: Predicting secret keys via branch prediction. In: Abe, M. (ed.) Topics in Cryptology—CT-RSA 2007, The Cryptographers’ Track at the RSA Conference 2007, San Francisco, CA, USA, 5–9 Feb 2007. Lecture Notes in Computer Science, vol. 4377, pp. 225–242. Springer, Berlin (2006)

  8. Aciiçmez, O., Schindler, W., Koç, Ç.K.: Cache based remote timing attack on the AES. In: Abe, M. (ed.) Topics in Cryptology—CT-RSA 2007, The Cryptographers’ Track at the RSA Conference 2007, San Francisco, CA, USA, 5–9 Feb 2007. Lecture Notes in Computer Science, vol. 4377, pp. 271–286. Springer, Berlin (2006)

  9. Aciiçmez, O., Seifert, J.-P., Koç, Ç.K.: Predicting secret keys via branch prediction. IACR Cryptol. ePrint Arch. 2006, 288 (2006)

    MATH  Google Scholar 

  10. Aciiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES. IACR Cryptol. ePrint Arch. 2006, 138 (2006)

    Google Scholar 

  11. Aciiçmez, O., Schindler, W.: A vulnerability in RSA implementations due to instruction cache analysis and its demonstration on OpenSSL. In: Malkin, T. (ed.) Topics in Cryptology—CT-RSA 2008, The Cryptographers’ Track at the RSA Conference 2008, San Francisco, CA, USA, April 8–11, 2008. Proceedings, Volume 4964 of Lecture Notes in Computer Science, pp. 256–273. Springer (2008)

  12. Apecechea, G.I., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! A fast, cross-VM attack on AES. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) Proceedings of Research in Attacks, Intrusions and Defenses—17th International Symposium, RAID 2014, Gothenburg, Sweden, September 17–19, 2014, Volume 8688 of Lecture Notes in Computer Science, pp. 299–319. Springer (2014)

  13. Atici, A.C., Yilmaz, C., Savas, E.: An approach for isolating the sources of information leakage exploited in cache-based side-channel attacks. In: Seventh International Conference on Software Security and Reliability, SERE 2012, Gaithersburg, Maryland, USA, 18–20 June 2013—Companion Volume, pp. 74–83. IEEE (2013)

  14. Barthe, G., Köpf, B., Mauborgne, L., Ochoa, M.: Leakage Resilience against Concurrent Cache Attacks, pp. 40–158. Springer, Berlin (2014)

    Google Scholar 

  15. Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “ooh aah... just a little bit” : a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) Proceedings of Cryptographic Hardware and Embedded Systems—CHES 2014—16th International Workshop, Busan, South Korea, September 23–26, 2014, Volume 8731 of Lecture Notes in Computer Science, pp. 75–92. Springer (2014)

  16. Bernstein, D.J.: Cache-timing attacks on AES. Technical report (2005)

  17. Bertoni, G., Zaccaria, V., Breveglieri, L., Monchiero, M., Palermo, G.: AES power attack based on induced cache miss and countermeasure. In: International Symposium on Information Technology: Coding and Computing (ITCC 2005), Volume 1, 4–6 April 2005, Las Vegas, Nevada, USA, pp. 586–591. IEEE Computer Society (2005)

  18. Blömer, J., Krummel, V.: Analysis of countermeasures against access driven cache attacks on AES. In: Adams, C.M., Miri, A., Wiener, M.J. (eds.) Selected Areas in Cryptography, Volume 4876 of LNCS, pp. 96–109. Springer (2007)

  19. Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. In: Goubin, L., Matsui, M. (eds.) Proceedings of Cryptographic Hardware and Embedded Systems—CHES 2006, 8th International Workshop, Yokohama, Japan, October 10–13, 2006, Volume 4249 of Lecture Notes in Computer Science, pp. 201–215. Springer (2006)

  20. Bowring, J.F., Rehg, J.M., Harrold, M.J.: Active learning for automatic classification of software behavior. In: International Symposium on Software Testing and Analysis, pp. 195–205 (2004)

  21. Bob Brumley, B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Díaz, C. (eds.) Computer Security—ESORICS 2011—16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12–14, 2011. Proceedings, Volume 6879 of Lecture Notes in Computer Science, pp. 355–371. Springer (2011)

  22. Chiappetta, M., Savas, E., Yilmaz, C.: Real time detection of cache-based side-channel attacks using hardware performance counters. Appl. Soft. Comput. 49, 1162–1174 (2016)

    Article  Google Scholar 

  23. Demme, J., Maycock, M., Schmitz, J., Tang, A., Waksman, A., Sethumadhavan, S., Stolfo, S.J.: On the feasibility of online malware detection with performance counters. In: Mendelson, A. (eds.) The 40th Annual International Symposium on Computer Architecture, ISCA’13, Tel-Aviv, Israel, June 23–27, 2013, pp. 559–570. ACM (2013)

  24. Dickinson, W., Leon, D., Podgurski, A.: Pursuing failure: the distribution of program failures in a profile space. In: Proceedings of the 9th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 246–255 (2001)

  25. Dickinson, W., Leon, D., Podgursky, A.: Finding failures by cluster analysis of execution profiles. In: International Conference on Software Engineering, pp. 339–348 (2001)

  26. Doychev, G., Feld, D., Köpf, B., Mauborgne, L., Reineke, J.: Cacheaudit: a tool for the static analysis of cache side channels. In: Proceedings of the 22nd USENIX Conference on Security, SEC’13, pp. 431–446. USENIX Association, Berkeley, CA (2013)

  27. Drebes, A., Heydemann, K., Pop, A., Cohen, A., Drach, N.: Automatic detection of performance anomalies in task-parallel programs. CoRR, abs/1405.2916 (2014)

  28. Faban.org. Faban—helping measure performance (2014)

  29. Falzon, K., Bodden, E.: Dynamically Provisioning Isolation in Hierarchical Architectures, pp. 83–101. Springer, Cham (2015)

    Google Scholar 

  30. Gullasch, D., Bangerter, E., Krenn, S.: Cache games—bringing access-based cache attacks on AES to practice. In: 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22–25 May 2011, Berkeley, California, USA, pp. 490–505 (2011)

  31. Gülmezoglu, B., Inci, M.S., Irazoqui Apecechea, G., Eisenbarth, T., Sunar, B.: A faster and more realistic flush + reload attack on AES. In: Mangard, S., Poschmann, A.Y. (eds.) Constructive Side-Channel Analysis and Secure Design—6th International Workshop, COSADE 2015, Berlin, Germany, April 13–14, 2015. Revised Selected Papers, Volume 9064 of Lecture Notes in Computer Science, pp. 111–126. Springer (2015)

  32. Gulmezoglu, B., nci, M.S., Irazoqui Apecechea, G., Eisenbarth, T., Sunar, B.: Cross-VM cache attacks on aes. IEEE Trans. Multi Scale Comput. Syst. 2(3), 211–222 (2016)

    Article  Google Scholar 

  33. Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush + flush: a fast and stealthy cache attack. In: 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, July 7–8, 2016, San Sebastián, Spain, pp. 279–299 (2016)

  34. Haran, M., Karr, A., Orso, A., Porter, A., Sanil, A.: Applying classification techniques to remotely-collected program execution data. SIGSOFT Softw. Eng. Notes 30(5), 146–155 (2005)

    Article  Google Scholar 

  35. Hoglund, G., McGraw, G.: Exploiting Software: How to Break Code. Addison-Wesley, Boston (2004)

    Google Scholar 

  36. İnci, M.S., Gulmezoglu, B., Irazoqui Apecechea, G., Eisenbarth, T., Sunar, B., Sunar, B.: Cache Attacks Enable Bulk Key Recovery on the Cloud, pp. 368–388. Springer, Berlin (2016)

    Google Scholar 

  37. Incubator.apache.org. Olio—apache incubator (2014)

  38. Irazoqui Apecechea, G., Eisenbarth, T., Sunar, B.: Cross processor cache attacks. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS’16, pp. 353–364. ACM, New York, NY (2016)

  39. Jones, J.A., Harrold, M.J., Stasko, J.: Visualization of test information to assist fault localization. In: International Conference on Software Engineering, pp. 467–477. ACM (2002)

  40. Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. In: Quisquater, J., Deswarte, Y., Meadows, C.A., Gollmann, D. (eds.) Proceedings of Computer Security—ESORICS 98, 5th European Symposium on Research in Computer Security, Louvain-la-Neuve, Belgium, September 16–18, 1998, Volume 1485 of Lecture Notes in Computer Science, pp. 97–110. Springer (1998)

  41. Kocher, P.C.: Timing attacks on implementations of Diffie–Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) Proceedings of Advances in Cryptology—CRYPTO’96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18–22, 1996, Volume 1109 of Lecture Notes in Computer Science, pp. 104–113. Springer (1996)

  42. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO, Volume 1666 of Lecture Notes in Computer Science, pp. 388–397. Springer (1999)

  43. Kulah, Y.: Spycatcher: lightweight online approaches for detecting cache-based side channel attacks. Master’s thesis, Sabanci University, Istanbul, Turkey (2015)

  44. Liblit, B., Aiken, A., Zheng, A.X., Jordan, M.I.: Bug isolation via remote program sampling. SIGPLAN Not. 38(5), 141–154 (2003)

    Article  Google Scholar 

  45. Mowery, K., Keelveedhi, S., Shacham, H.: Are AES \(\times \)86 cache timing attacks still feasible? In: Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop, CCSW’12, pp. 19–24. ACM, New York, NY (2012)

  46. Neve, M., Seifert, J.-P., Wang, Z.: A refined look at Bernstein’s AES side-channel analysis. In: Lin, F.-C., Lee, D.-T., Lin, B.-S.P., Shieh, S., Jajodia, S. (eds.) ASIACCS, pp. 369. ACM (2006)

  47. Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Cryptogr. 30(2), 201–217 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  48. Nomani, J., Szefer, J.: Predicting program phases and defending against side-channel attacks using hardware performance counters. In: Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy, HASP’15, pp. 9:1–9:4. ACM, New York, NY (2015)

  49. Ozcelik, B., Kalkan, K., Yilmaz, C.: An approach for classifying program failures. In: International Conference on the Advances in System Testing and Validation Lifecycle, pp. 93–98 (2010)

  50. Ozcelik, B., Yilmaz, C.: Seer: a lightweight online failure prediction approach. IEEE Trans. Softw. Eng. 42(1), 26–46 (2016)

    Article  Google Scholar 

  51. Ozsoy, M., Donovick, C., Gorelik, I., Abu-Ghazaleh, N.B., Ponomarev, D.V.: Malware-aware processors: a framework for efficient online malware detection. In: 21st IEEE International Symposium on High Performance Computer Architecture, HPCA 2015, Burlingame, CA, USA, February 7–11, 2015, pp. 651–661. IEEE Computer Society (2015)

  52. Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. IACR Cryptol. ePrint Arch. 2002, 169 (2002)

    Google Scholar 

  53. Pattuk, E., Kantarcioglu, M., Lin, Z., Ulusoy, H.: Preventing cryptographic key leakage in cloud virtual machines. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 703–718. USENIX Association, San Diego, CA (2014)

  54. Payer, M.: HexPADS: A Platform to Detect Stealth Attacks, pp. 138–154. Springer, Cham (2016)

    Google Scholar 

  55. Percival, C.: Cache missing for fun and profit. In: Proceedings of BSDCan 2005 (2005)

  56. Poddar, R., Datta, A., Rebeiro, C.: A Cache Trace Attack on CAMELLIA, pp. 144–156. Springer, Berlin (2011)

    Google Scholar 

  57. Podgurski, A., Leon, D., Francis, P., Masri, W., Minch, M., Sun, J., Wang, B.: Automated support for classifying software failure reports. In: Proceedings of the 25th International Conference on Software Engineering (ICSE’03), pp. 465–475 (2003)

  58. Raj, H., Nathuji, R., Singh, A., England, P.: Resource management for isolation enhanced cloud services. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW’09, pp. 77–84. ACM, New York, NY (2009)

  59. Rebeiro, C., Mondal, M., Mukhopadhyay, D.: Pinpointing cache timing attacks on AES. In: VLSI Design, pp. 306–311. IEEE (2010)

  60. Rebeiro, C., Mondal, M., Mukhopadhyay, D.: Pinpointing cache timing attacks on AES. In: 23rd International Conference on VLSI Design, 2010. VLSID’10, pp. 306 –311 (2010)

  61. Rebeiro, C., Mukhopadhyay, D.: Cryptanalysis of CLEFIA Using Differential Methods with Cache Trace Patterns, pp. 89–103. Springer, Berlin (2011)

    MATH  Google Scholar 

  62. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Al-Shaer, E., Jha, S., Keromytis, A.D. (eds.) Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9–13, 2009, pp. 199–212. ACM (2009)

  63. Savas, E., Yilmaz, C.: A generic method for the analysis of a class of cache attacks: a case study for AES. Comput. J. 58(10), 2716–2737 (2015)

    Article  Google Scholar 

  64. Sherwood, T., Sair, S., Calder, B.: Phase tracking and prediction. In: Proceedings of the 30th Annual International Symposium on Computer Architecture, ISCA’03, pp. 336–349. ACM, New York, NY (2003)

  65. Shi, J., Song, X., Chen, H., Zang, B.: Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In: IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W 2011), Hong Kong, China, June 27–30, 2011, pp. 194–199. IEEE (2011)

  66. Smeds, N.: OpenMP application tuning using hardware performance counters. In: Proceedings 2003 International Conference on OpenMP Shared Memory Parallel Programming, pp. 260–270. Springer, Berlin (2003)

  67. Spreitzer, R., Gérard, B.: Towards more practical time-driven cache attacks. In: Information Security Theory and Practice. Securing the Internet of Things—8th IFIP WG 11.2 International Workshop, WISTP 2014, Heraklion, Crete, Greece, June 30–July 2, 2014. Proceedings, pp. 24–39 (2014)

  68. Tang, A., Sethumadhavan, S., Stolfo, S.J.: Unsupervised anomaly-based malware detection using hardware features. CoRR, abs/1403.1631, (2014)

  69. Tiri, K., Aciiçmez, O., Neve, M., Andersen, F.: An analytical model for time-driven cache attacks. In: Biryukov, A. (ed.) FSE, Volume 4593 of LNCS, pp. 399–413. Springer (2007)

  70. Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  71. Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: Walter, C.D., Koç, Ç. K., Paar, C. (eds.) Proceedings of Cryptographic Hardware and Embedded Systems—CHES 2003, 5th International Workshop, Cologne, Germany, September 8–10, 2003, Volume 2779 of Lecture Notes in Computer Science, pp. 62–76. Springer (2003)

  72. Uhsadel, L., Georges, A., Verbauwhede, I.: Exploiting hardware performance counters. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J. (eds.) Fifth International Workshop on Fault Diagnosis and Tolerance in Cryptography, 2008, FDTC 2008, Washington, DC, USA, 10 August 2008, pp. 59–67. IEEE Computer Society (2008)

  73. Varadarajan, V., Ristenpart, T., Swift, M.M.: Scheduler-based defenses against cross-VM side-channels. In: Fu, K., Jung, J. (eds.) Proceedings of the 23rd USENIX Security Symposium, pp. 687–702. USENIX Association, San Diego, CA, 20–22 Aug 2014

  74. Wang, X., Karri, R.: Numchecker: detecting kernel control-flow modifying rootkits by using hardware performance counters. In: The 50th Annual Design Automation Conference 2013, DAC’13, Austin, TX, USA, May 29–June 07, 2013, pp. 79:1–79:7. ACM (2013)

  75. Weaver, V.M., McKee, S.A.: Can hardware performance counters be trusted? In: Christie, D., Lee, A., Mutlu, O., Zorn, B.G. (eds.) 4th International Symposium on Workload Characterization (IISWC 2008), Seattle, Washington, USA, September 14–16, 2008, pp. 141–150. IEEE Computer Society (2008)

  76. Weiß, M., Heinz, B., Stumpf, F.: A cache timing attack on AES in virtualization environments. In: Financial Cryptography and Data Security—16th International Conference, FC 2012, Kralendijk, Bonaire, February 27–March 2, 2012, Revised Selected Papers, pp. 314–328 (2012)

  77. Witten, I.H., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques, 2nd edn. Morgan Kaufmann Publishers, Burlington (2005)

    MATH  Google Scholar 

  78. Yarom, Y., Benger, N.: Recovering openssl ECDSA nonces using the FLUSH + RELOAD cache side-channel attack. IACR Cryptol. ePrint Arch. 2014, 140 (2014)

    Google Scholar 

  79. Yarom, Y., Falkner, K.: FLUSH + RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: Fu, K., Jung, J. (eds.) Proceedings of the 23rd USENIX Security Symposium, pp. 719–732. USENIX Association, San Diego, CA, 20–22 Aug 2014

  80. Yarom, Y., Genkin, D., Heninger, N.: Cachebleed: a timing attack on openssl constant time RSA. IACR Cryptol. ePrint Arch. 2016, 224 (2016)

    Google Scholar 

  81. Yilmaz, C.: Using hardware performance counters for fault localization. In: Proceedings of the 2010 International Conference on the Advances in System Testing and Validation Lifecycle, pp. 87–92 (2010)

  82. Yilmaz, C., Paradkar, A., Williams, C.: Time will tell: fault localization using time spectra. In: Proceedings of the 30th International Conference on Software Engineering (ICSE’08), pp. 81–90 (2008)

  83. Yilmaz, C., Porter, A.A.: Combining hardware and software instrumentation to classify program executions. In: Roman, G., Sullivan, K.J. (eds.) Proceedings of the 18th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2010, Santa Fe, NM, USA, November 7–11, 2010, pp. 67–76. ACM (2010)

  84. Zhang, T., Zhang, Y., Lee, R.B.: CloudRadar: A real-time side-channel attack detection system in clouds. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J., (eds.) Research in attacks, intrusions, and defenses, pp. 118–140. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45719-2_6

  85. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-tenant side-channel attacks in PaaS clouds. In: Ahn, G., Yung, M., Li, N. (eds.) Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3–7, 2014, pp. 990–1003. ACM (2014)

  86. Zhang, Y., Reiter, M.K.: Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS’13, pp. 827–838. . ACM, New York, NY (2013)

  87. Zhao, X., Wang, T., Zheng, Y.: Cache timing attacks on camellia block cipher. IACR Cryptol. ePrint Arch. 2009, 354 (2009)

    Google Scholar 

Download references

Acknowledgements

This research was supported by the Scientific and Technological Research Council of Turkey (110E037).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Cemal Yilmaz.

Appendices

Appendices

1.1 A Further analysis of the data obtained for the best prime-and-probe attack scenarios on AES

To further reason about the results presented in Sect. 4.5.7, we carried out an in-depth analysis, the results of which are summarized in Fig. 10. This figure compares a number of features (denoted by the vertical axes) obtained in the presence of different types of spy processes (denoted by the horizontal axes) to those obtained in the absence of any spy processes (denoted by the literal “*”). Note that the first three features are the features we use to detect the presence of spy processes (Sect. 4.3.1). The last two features, which measure the average number of cache misses and accesses experienced by the victim process are included to better reason about the results.

We first observed that as the number of cache sets flushed by the spy process increased, the average number of cache misses experienced by the victim process increased (Fig. 10d). The more cache sets the spy process flushed, the more the victim process suffered.

We then observed that the presence of the spy affected not only the cache contention behavior, but also the scheduling behavior of the victim process and that the actual effect differed depending on the workload type. When \({\textit{workloadType}}={\textit{simulated}}\), as the number of cache sets flushed by the spy increased, i.e., as the spy tended to spend more time in a quantum, the scheduling frequency of the victim process steadily increased (Fig. 10b) while the average number of cache accesses made in a quantum stayed more or less the same, except for \({\textit{spyType}}=64\) where we observed a steady increase (Fig. 10e). Furthermore, the victim access ratio decreased because of the increasing number of accesses made by the spy process (Fig. 10c). As a result, the victim miss rate steadily increased (Fig. 10a).

When \({\textit{workloadType}}={\textit{webserver}}\), on the other hand, the scheduling frequency of the victim process steadily decreased (Fig. 10b) while the average number of cache accesses made in a quantum (Fig. 10e) as well as the victim access ratio (Fig. 10c) steadily increased. Since the growth rate of the increase in the access count tended to be larger than that of the increase in the miss count, the victim miss rate tended to decrease (Fig. 10a). That is, although the victim process experienced more cache misses, its cache miss ratio per scheduling quantum tended to decrease. All of these effects were due to the process scheduler of the operating system, which aimed to improve both the latency and the throughput by dynamically modifying the scheduling frequency of processes as well as the durations of the quanta allocated to them.

Fig. 10
figure 10

Comparing the effects of spy types. The horizontal axes denote the spy type with the literal ‘*’ depicting the absence of any spy process, whereas the vertical axes denote the average values of victim’s miss rate, quantum ratio, access ratio, miss count, and access count obtained from windows of length 2000, respectively

One important observation is that no matter how the spy process affected the victim process, the three detection features we used (Fig. 10a–c) helped distinguish between the presence and absence of the spy. That is, the boxes associated with the absence of a spy (the ones marked with the “*” literals) were well-separated from the other boxes representing the distributions of the feature values observed in the presence of different spy types, explaining the high F-measures achieved in this study.

Table 3 Some statistics collected for \({\textit{workloadType}}={\textit{webserver}}\) when \({\textit{windowLength}}=2000\). The last two rows report the average values when \({\textit{victimYield}}=0\) and \({\textit{spyYield}}=0\), respectively

1.2 B Further analysis of the data obtained for the less likely prime-and-probe attack scenarios on AES without workload classification

We carried out an additional analysis to figure out why it was difficult for the proposed approach to detect the presence of the spy processes in the less likely attack scenarios (Sect. 4.5.8). Table 3 presents some statistics obtained for \({\textit{workloadType}}={\textit{webserver}}\) and \({\textit{windowLength}}=2000\). The columns depict the settings of \({\textit{victimYield}}\) and \({\textit{spyYield}}\), the average numbers of victim and spy quanta observed in windows, and the average numbers of cache accesses and misses experienced by the victim process in a scheduling quantum, respectively. Compared to the best attack scenario (last row), when \({\textit{victimYield}}=0\), the victim process was scheduled significantly fewer times (32.04 vs. 715.36 on average), but made significantly more cache accesses in each scheduling quantum (1, 327, 987.72 vs. 3047.63 on average). Similarly, when \({\textit{spyYield}}=0\), the spy process was scheduled significantly less frequently (31.64 vs. 789.37 times on average).

All these differences would make the effect of the spy process to fade away for \({\textit{workloadType}}={\textit{webserver}}\) in the less likely attack scenarios as illustrated by Fig. 11. Compared to the best attack scenario (Fig. 10), in the less likely attack scenarios, the values of the detection features obtained in the presence and absence of the spy process (the first three columns in Fig. 11) were closer to each other. That is, the boxes representing the distributions of the data obtained in the presence and absence of the spy process tended to overlap, making it difficult to detect the presence of the spy.

Fig. 11
figure 11

Effects of the spy when \({\textit{workloadType}} = {\textit{webserver}}\), \({\textit{windowLength}} = 2000\), \(threshold = 0.92\), \(\textit{workloadAwareness} = no\), and a\({\textit{victimYield}} = 1\) and \({\textit{spyYield}} = 0\)b\({\textit{victimYield}} = 0\) and \({\textit{spyYield}} = 0\), and c\({\textit{victimYield}} = 0\) and \({\textit{spyYield}} = 1\)

Fig. 12
figure 12

Detailed results when \({\textit{windowLength}}=20{,}000\), \(threshold = 0.7\), and \({\textit{subject}} = all\)

Fig. 13
figure 13

Effect of spy type when \({\textit{windowLength}} = 20{,}000\), \(threshold = 0.7\), \({\textit{subject}} = all\), and \(\textit{workloadAwareness} = {\textit{predicted}}\). The vertical axis depicts the precision, the recall, or the F-measures obtained

Fig. 14
figure 14

Effect of workload level when \({\textit{windowLength}} = 20{,}000\), \(threshold = 0.7\), \({\textit{subject}} = all\), and \(\textit{workloadAwareness} = {\textit{predicted}}\). The vertical axis depicts the precision, the recall, or the F-measures obtained

1.3 C Further analysis of the data obtained for the less likely prime-and-probe attack scenarios on AES with workload classification

Figure 12 presents the detailed results, i.e., the average F-measures for every combination of spy type, workload type, and workload level, we obtained by using the proposed approach with \(\textit{workloadAwareness}={\textit{predicted}}\) in the less likely attack scenarios (Sect. 4.5.8). Analyzing the sensitivity of the proposed approach to different spy types, we observed that when \(\textit{workloadAwareness}={\textit{predicted}}\), the F-measures did not get affected by the spy type (Fig. 13). When \({\textit{workloadType}}={\textit{webserver}}\), however, as the number of cache sets flushed by the spy process increased, the F-measures tended to increase. Nevertheless, the minimum average F-measure was 0.80. Analyzing the sensitivity to different workload levels (Fig. 14), we observed no clear pattern when \({\textit{workloadType}}={\textit{simulated}}\). When \({\textit{workloadType}}={\textit{webserver}}\), on the other hand, as the workload level increased, the F-measures tended to decrease. Nevertheless, the minimum average F-measure was 0.78. Also note that as the workload level increases, the odds that the attack will be successful decrease due to the noise in measurements imposed by the workload.

1.4 D Further analysis of the runtime overhead data for the prime-and-probe attacks on AES

Analyzing the effects of the independent variables on the runtime overheads reported in Sect. 4.5.10, we first observed that the runtime overhead for \({\textit{workloadType}}={\textit{webserver}}\) was larger than that for \({\textit{workloadType}}={\textit{simulated}}\). The average runtime overhead was 1.76% for \({\textit{workloadType}}={\textit{webserver}}\) and 0.18% for \({\textit{workloadType}}={\textit{simulated}}\). We believe that this was due to the fact that when \({\textit{workloadType}}={\textit{webserver}}\), the number of active processes increased considerably compared to when \({\textit{workloadType}}={\textit{simulated}}\), where there were only three active user processes running concurrently; the victim process, the spy process, and the workload generator. The increased number of active processes in turn reduced the amount of time allocated to each quantum belonging to the victim process and caused the victim process to appear less frequently in windows. Therefore, for each window as well as for each quantum, the runtime overhead cost per unit of execution time increased for the victim process, explaining the overall increase in the overheads.

We then focused on \({\textit{workloadType}}={\textit{webserver}}\), i.e., the workload type imposing the highest runtime overhead on average. Comparing the overheads for \(\textit{workloadAwareness}=no\) and \(\textit{workloadAwareness}={\textit{predicted}}\), we observed that predicting the workload level at runtime slightly increased the runtime overheads. The average runtime overhead was 1.27% for \(\textit{workloadAwareness}={\textit{predicted}}\) and 1.15% for \(\textit{workloadAwareness}=no\).

Comparing the overheads for different workload levels when \({\textit{workloadType}}={\textit{webserver}}\) and \(\textit{workloadAwareness}={\textit{predicted}}\), we observed that as the level of workload increased the overheads tended to increase. The average runtime overheads were 0.06, 2.18, 1.24, and 1.58% for \({\textit{workloadLevel}}=1\), 2, 3, and 4, respectively. As the workload increased, the victim tended to appear less frequently in windows and each quantum belonging to victim tended to last shorter. Thus the runtime overhead cost per unit of execution time increased for the victim process. Moreover, we believe that the jump in the overheads when \({\textit{workloadLevel}}=2\), occurred due to noise in measurements, which we believe was also evident from the relatively high variation in the overheads observed at this workload level.

We then evaluated the sensitivity of the runtime overhead to different window lengths. One trade-off with the proposed approach is that as the window gets longer, the time required to process a single window increases, but the number of windows to be processed decreases. Our experiment results confirm this trade-off. From \({\textit{windowLength}}=2000\) to 4000, the average runtime overhead increased from 0.64% to 2.20%. However, after this turning point, the overhead tended to decrease as the window length increased. The average overheads were 1.42, 1.20, 1.16, and 0.98% for \({\textit{windowLength}}=6000\), 8000, 10,000, and 20,000, respectively. Had we measured the overheads over longer periods of time in the experiments, this trade-off might have been less visible.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kulah, Y., Dincer, B., Yilmaz, C. et al. SpyDetector: An approach for detecting side-channel attacks at runtime. Int. J. Inf. Secur. 18, 393–422 (2019). https://doi.org/10.1007/s10207-018-0411-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-018-0411-7

Keywords

Navigation