| Cache attack is one of the side channel attacks which seriously threatens the security of system,and involves the mainstream of computer systems in a huge number of areas such as the servers domain,the desktop field and the embedded space.The attack mode is based on the time difference of Cache hit and Cache miss to detect the access of memory and Cache in the process of the target program,and finally obtain the private information.In the aspect of attackers,this article takes the application of fine-grained Cache attack of Flush+Reload as an example,including monitor the user's keyboard input on the Linux and fix the position of the lookup table of AES encryption in the OpenSSL 1.0.2.The two cases in application illustrate that such security problems really exist and increasingly prominent.We need to protect the privacy of users by taking continuous improvement security measures.On the defensive point of view,this paper discusses the main defense methods in the industry,and puts forward a defense mechanism of Cache attack,which is called dynamic randomization system based on the analysis of their advantages and disadvantages.The defense scheme is researched and developed from randomization perspective which has some certain utilities.The works of this paper are listed as follows:First,we introduce the memory architecture of CPU,and analyze the four main methods of Cache attack in detail,including the basic implementation and the new development of attack and defense technology.Second,this paper chooses one of the main Cache attacks called Flush+Reload as the representative to study its two application scenarios:monitoring Linux user operation and attacking the AES encryption algorithm.At the same time,the general working mode of the attack is extracted.The attacker uses the clflush instruction to erase a specific Cache line and then detects whether the erasable Cache row is loaded by the target process after the target process is executed.Thirdly,the defense strategy of dynamic randomization system is designed according to two randomization targets about effectiveness and performance.In order to improve the level of randomization,the system refines random granularity,delays the randomization time to run time and randomizes physical address from the three angles of code randomization,stack randomization and heap randomization.At the same time,the system is implemented applying LLVM optimization technology as well as using a compiler converter and runtime library to randomize the program layout.Finally,this article has implemented the above protection scheme on the AES encryption program,and used the SPEC CPU2006 benchmark to analyze and test the defense effectiveness of the system and the performance overhead of the program.On the one hand,the effectiveness analysis results show that the dynamic randomization defense scheme proposed has better preventive effect on the Cache attacks.On the other hand,performance evaluation indicates that this scheme does not cost much time to program. |
PDF Full Text Request