Research On Spectre Attack Detection Method For Container And SGX

Spectre attacks exploit vulnerabilities in CPU design,which enables attackers to access memory content that should not be accessed.In Docker,an attacker can break through the container boundary by using Spectre attacks and access the data on other containers or hosts.Software Guard Extensions(SGX)provides a hardware isolation mechanism to protect sensitive data.However,in SGX,attackers can exploit Spectre attacks to obtain data in SGX and tamper with and steal it.Although some detection methods based on hardware performance counters have emerged in recent years,these methods are limited to detecting Spectre attacks in virtual machine environments.In order to solve the above problems,this dissertation studies the Spectre attack detection method for containers and SGX.The main contributions of this dissertation are as follows:Aiming at Spectre attacks in containers,this dissertation analyzes Spectre attacks in Docker firstly,including the attack model,attack code,and attack process.Then a method based on hardware performance counters is proposed,which can be implemented in Docker.First,simulate the normal and attacked scenarios of Docker by constructing benign programs and attack programs in Docker.When the program is running,data is collected using hardware performance counters.Next,the Random Forest algorithm is used to select features and select the minimum feature set.Finally,deep learning is used to classify and detect programs.The experimental results show that this method can efficiently detect Spectre attacks in container,achieving a detection accuracy of 99.99%while reducing false positives.Aiming at Spectre attacks in SGX,this dissertation analyzes Spectre attacks in SGX,and then a hardware performance counter-based method is proposed,which can be implemented in SGX-based cloud platforms.First,benign and attack programs are constructed in the isolated space Enclave of SGX.When the program is running,data is collected using hardware performance counters to form a dataset,and a fully connected neural network is trained to identify Spectre attacks.The trained model can be used for real-time detection.Unlike previous detection techniques,this dissertation introduces the random forest into the detection model to select the most suitable features.Experimental results show that the detection accuracy of this method is over 99.94%,and other evaluation criteria are higher than existing detection methods.The detection method in this dissertation can effectively detect Spectre attacks in container and SGX,and can be applied to cloud computing,edge computing and other scenarios to provide users with a more secure computing environment.