Cache Side Channel Attack Detection And Location Based On Loop Analysis

The expanding software scale,design flaws in the computer architecture itself,and the lack of security awareness among programmers have all led to the emergence of security vulnerabilities.However,software vulnerabilities can be repaired by updating software code,but hardware vulnerabilities are difficult to repair just by updating software code.Spectre and Meltdown vulnerabilities are carefully constructed vulnerabilities that take advantage of defects in the CPU design structure,and currently cannot be repaired at the software level.The key to these vulnerabilities have exploited cache side-channel attacks to cause great harm to user privacy data.Cache side channel attack infers whether the user has accessed the data through the access time difference caused by whether the user data is hit,thereby inferring the user's sensitive data.At present,there have been many studies on the detection of Cache side channel attacks,but they are based on the entire process and cannot pinpoint the attack.This paper helps researchers to locate the attack in a deeper and faster way by locating the minimum loop where the Cache-side channel attack is happened.For programmers,this technique can also be used to locate loops with low Cache performance,thereby improving program performance.The main research contents and innovations of this paper are as follows:(1)The development of Cache-side channel attack detection is analyzed.Because the Cache-side channel attack program continuously accesses the Cache and clears the access,it results in a very high Cache miss rate.By detecting the cache miss rate of the program,the attack program and the benign program can be distinguished.This paper designs a way for the parent process to monitor the child process running the program under test to detect attack programs.(2)Based on the characteristics of Cache-side channel attacks that attacks are continuous happen in the loop,the research method of positioning attack loop is first proposed.A binary vulnerability detection and location system is designed.The system has three modules,namely the attack detection module,the attack location module and the visualization module.Attack positioning is divided into two methods: coarse-grained positioning and fine-grained positioning.First get all the functions and loops of the binary program,and get their execution control flow.Coarse-grained positioning is based on loop execution control flow to perform performance detection of each loop to determine the attack cycle.Fine-grained positioning uses event sampling to obtain the instruction set when the event occurs,then matching the smallest loop.(3)The internal structure restoration scheme of the binary program is designed and implemented,the ALCCT tree expression method is proposed,and the ALCCT tree generation algorithm is implemented.The results of the ALCCT tree combined with the results of the attack localization loop are displayed visually to show the vulnerability of the binary program at a glance.This article selects a number of different types of programs for attack detection,and the results prove that it can distinguish between attack programs and benign programs well.At the same time,a typical attack program is taken as an example,and the loops generated by the attack are analyzed and detected in combination with the source code.The results prove that the proposed scheme can indeed locate the smallest attack loop and has good performance.