| Meltdown vulnerability exploits Out-of-Order Execution technology provided by modern processor architecture to break the isolation of the user address space and kernel address space,and obtain private data in the computer.In order to avoid data leakage at the micro-architecture level,Intel urgently published the KPTI(Kernel Page Table Isolation)patch,which separates the user page table and the kernel page table into two page tables to protect the kernel data.This method increases the overhead of context switch.PCID(process context identifier)is enabled to reduce page table switching overhead.(Similar techniques are available on ARM processors called ASIDs(Address Space IDs)),but this CPU feature does not apply to earlier processors.This paper presents a new approach to address data leakage at the micro-architecture level caused by the Meltdown vulnerability.In the Meltdown attack,the user program will produce Seg Fault(segment error)when it accesses the kernel data.By observing the behavior pattern of the attacker and extracting the Meltdown attack characteristics,we can judge whether the program that produces Seg Fault is an attacker or not from three aspects: the total attack frequency of the process,the attack frequency of the single address of the process and the continuity of the attacked address.By flushing the cache of the attack process address space to accomplish defense.Experiments show that the aggressive defense strategy in this paper has less overhead than KPTI in CPU performance testing,thread testing,cache IO performance testing,and has no impact on normal application running.This approach fully supports older models of processors. |
PDF Full Text Request