CN114448666A - Monitoring and defense method, electronic device and system for cache attack - Google Patents

Abstract

The invention relates to the technical field of security, in particular to a monitoring and defending method of cache attack, electronic equipment and a system, wherein the method comprises the steps of obtaining a current process and starting time of the current process; recording the end time of the current process and the corresponding refreshing times of the current process; determining a time interval based on the start time and the end time; when the Time interval is between a first threshold and a second threshold and the refresh frequency is greater than a preset refresh frequency, determining that the current process is a malicious process to prevent the refresh operation of the current process, wherein the first threshold is between a first refresh interval and a second refresh interval, the first refresh interval is a normal refresh interval, the second refresh interval is a Spcetre attack interval, the second threshold is between a third refresh interval and a fourth refresh interval, the third refresh interval is a Flush and Time attack interval, and the fourth refresh interval is a Flush and Reload attack interval. By combining the time interval and the refreshing times, whether the attack is malicious or not can be confirmed in real time.

Description

Monitoring and defense method, electronic device and system for cache attack

technical field

The invention relates to the technical field of security, in particular to a monitoring and defense method, electronic device and system for cache attacks.

Background technique

During the operation of information systems and software systems relying on specific physical equipment, various physical state information such as electromagnetic radiation, sound, time, and computer CPU memory operations will be generated. As a typical side channel attack method, cache side channel attack is based on the analysis of the highly interactive and shared memory state between CPU cache processes during program operation, and uses the characteristics of different memory access time and cache access time to crack passwords. systematic attack.

The stealth and destructive power of cache side-channel attacks are extremely strong, but there are still many deficiencies in the current defense measures against cache side-channel attacks, especially on the ARM architecture. The detection accuracy and resolution are also lower.

SUMMARY OF THE INVENTION

In view of this, embodiments of the present invention provide a method, electronic device and system for monitoring and defending a cache attack, so as to solve the problem of the accuracy of cache attack monitoring.

According to a first aspect, an embodiment of the present invention provides a method for monitoring and defending a cache attack, including:

Obtain the current process and the startup time of the current process;

Record the end time of the current process and the refresh times corresponding to the current process;

based on the start time and the end time, determining a time interval;

When the time interval is between the first threshold and the second threshold, and the number of refreshes is greater than the preset number of refreshes, it is determined that the current process is a malicious process to prevent the refresh operation of the current process, and the first The threshold is between the first refresh interval and the second refresh interval, the first refresh interval is the normal refresh interval, the second refresh interval is the Spcetre attack interval, and the second threshold is between the third refresh interval and the fourth refresh interval Between the intervals, the third refresh interval is the Flush and Time attack interval, and the fourth refresh interval is the Flush and Reload attack interval.

The method for monitoring and defending a cache attack provided by the embodiment of the present invention is different from a normal process that frequently refreshes the cache. The refresh-based cache attack has a necessary and fundamental feature due to branch prediction training or encryption, that is, an interval is required when performing a refresh operation. At a specific time, although different attacks have different values, these values are all within a certain range. Based on this, by comparing the time interval and the number of refreshes corresponding to the current process, the time interval is compared with the first threshold and the second threshold. And the number of refreshes is compared with the number of preset refreshes, so as to confirm in real time whether it is a malicious attack.

Optionally, when the time interval is between the first threshold and the second threshold, and the refresh count is greater than a preset refresh count, determining that the current process is a malicious process to prevent the current process from being refreshed operations, including:

When the time interval is between the first threshold and the second threshold, and the refresh count is greater than the preset refresh count, set the alarm value as the target value;

It is determined based on the alarm value that the current process is a malicious process to prevent a refresh operation of the current process.

The method for monitoring and defending a cache attack provided by the embodiment of the present invention sets an alarm value as a target value after determining that the current process is a malicious process, so that the alarm value can be read to prevent the refresh operation of the current process, and the data processing process is simplified.

Optionally, the determining that the current process is a malicious process based on the alarm value includes:

The alarm value is read, and it is determined that the current process is a malicious process, so as to prevent the refresh operation of the current process.

The monitoring and defense method for a cache attack provided by the embodiment of the present invention performs monitoring and defense of malicious processes through software, which is simple and easy to implement.

Optionally, the determining that the current process is a malicious process based on the alarm value includes:

The alarm value is written into an alarm register, so that the alarm register triggers an interrupt and records the current process as a malicious process in an interrupt service routine, so as to prevent a refresh operation of the current process.

The monitoring and defense method for a cache attack provided by the embodiment of the present invention realizes the monitoring and defense of the cache attack through hardware interruption defense measures.

Optionally, the determining that the current process is a malicious process based on the alarm value includes:

The alert value is written into an alert register, so that the flush defender reads the alert value from the alert register and records the current process as a malicious process to prevent a flush operation of the current process.

The monitoring and defense method for a cache attack provided by the embodiment of the present invention realizes the monitoring and defense of the cache attack through the defense measures of the hardware alarm register.

Optionally, the method further includes:

When it is determined that the current process is not a malicious process, the first level cache and the second level cache are refreshed based on the current process.

According to a second aspect, an embodiment of the present invention provides an electronic device, including: a memory and a processor, the memory and the processor are connected in communication with each other, the memory stores computer instructions, and the processor By executing the computer instructions, the first aspect or the method for monitoring and defending a cache attack described in any implementation manner of the first aspect is executed.

According to a third aspect, an embodiment of the present invention provides a computer-readable storage medium, where the computer-readable storage medium stores computer instructions, and the computer instructions are used to cause the computer to execute the first aspect or any one of the first aspect. A monitoring and defense method for a cache attack described in an embodiment.

According to a fourth aspect, an embodiment of the present invention provides a monitoring and defense system for cache attacks, including:

The electronic device described in the second aspect of the present invention;

An alarm register, connected with the electronic device, is used to store the alarm value.

Optionally, the system further includes:

A refresh defender, connected to the alarm register, for reading the alarm value stored in the alarm register, and determining that the current process is a malicious process when the alarm value is a target value to prevent the refresh operation of the current process .

It should be noted that, for the beneficial effects of the electronic device, the computer-readable storage medium, and the cache attack monitoring and defense system provided by the embodiments of the present invention, please refer to the above description of the cache attack monitoring and defense method, which will not be repeated here.

Description of drawings

In order to illustrate the specific embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the specific embodiments or the prior art. Obviously, the accompanying drawings in the following description The drawings are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without creative efforts.

Figure 1 shows a schematic diagram of the refresh features of Spectre, Flush+Reload and Flush+Time attacks;

FIG. 2 is a flowchart of a method for monitoring and defending a refresh attack according to an embodiment of the present invention;

3 is a flowchart of a method for monitoring and defending a refresh attack according to an embodiment of the present invention;

4 is a flowchart of a method for monitoring and defending a refresh attack according to an embodiment of the present invention;

FIG. 5 is a flowchart of a method for monitoring and defending a refresh attack according to an embodiment of the present invention;

FIG. 6 is a flowchart of a method for monitoring and defending a refresh attack according to an embodiment of the present invention;

7 is a schematic diagram of a FlushDetector module interface according to an embodiment of the present invention;

FIG. 8 is a schematic diagram of a monitoring and defense system architecture of a refresh attack according to an embodiment of the present invention;

FIG. 9 is a schematic diagram of a hardware structure of an electronic device provided by an embodiment of the present invention.

Detailed ways

In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments These are some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative efforts shall fall within the protection scope of the present invention.

The invention proposes a real-time monitoring and defense scheme SecFlush on the basis of counting the general characteristics of the attack process, especially the characteristics of the refresh operation. The invention detects malicious refresh behaviors through hardware design, and prohibits malicious processes from driving in the kernel. The flush operation is performed in the program to defend against flush-based cache attacks. Hardware-based detection has the advantages of fast computation, high efficiency, and convenient timing. What's more, since SecFlush is based on the root cause of flush-based cache attacks, it is very difficult for attackers to evade this hardware detection mechanism. Moreover, since the flush operation is essential for such flush-based cache attacks, SecFlush prohibits malicious processes from performing flush operations, which means that flush-based attacks are bound to fail, and it is difficult for attackers to evade this software defense mechanism.

The present invention obtains the first threshold and the second threshold for judging the time threshold based on the extraction of the attack feature of the refresh cache. In the running process of a software program, in order to ensure cache coherence, that is, the data in the memory is consistent with the data in the cache, the operating system needs to frequently refresh the cache, whether it is DMA, multi-core heterogeneous processors or symmetric multi-processor (SMP) architectures. Running the program like this, these refreshes are normal operations. However, the refresh operation of this refresh-based cache attack has different characteristics. Due to the need to train branch predictors or operations such as encryption, when the cache attack refreshes the cache, there will be a certain time interval between two refresh operations (greater than a certain time interval). threshold). And in order to improve the success rate of the attack, the attacker will flush the same cache line multiple times. Therefore, flushing is an indispensable step for flush-based cache attacks. If we can find the characteristics of cache attack flush-based hardware defense technology research, we can detect and timely defend against all flush-based cache attacks through hardware implementation.

By analyzing the data of the operation time of two attacks, and the relationship between the time interval and the number of two adjacent refreshes. As shown in Figure 1, it can be seen that the refresh interval is basically stable but there is a small amount of noise and the noise is too large.

For the refresh feature of Spectre attack, the curve represented by Loop1 in Figure 1 has the shortest time but the most times, it is a normal refresh operation; the curve represented by Loop2 has a longer interval than Loop1, and this time interval is used to train branch prediction In Loop2, the refresh operation is a malicious refresh; in Loop3, the interval time is the largest, but the number of times is the smallest. Because the time is too large, it is not shown in the figure. It is a complete Flush+Reload attack time. This is the maximum time a flush-based cache attack can perform a flush operation, so flushes larger than Loop3 are safe.

For the refresh feature of the Flush+Time attack, Loopft represents the time interval between the execution of the refresh operation of the Flush+Time attack. Flush+Time attack refresh operation interval is relatively uniform, this interval is used to call the encryption program of the victim process twice. Loopft has a bigger time than Loopfr, which is a malicious refresh loop.

For the refresh feature of the Flush+Reload attack, Loopfr in Figure 1 represents the interval between the execution of the refresh operation of the Flush+Reload attack. The time interval of Flush+Reload attack refresh operation is also relatively uniform. This interval is used to call the encryption program of the victim process once. Loopfr has a longer time than Loop2, and it is also a malicious refresh cycle.

Since Loop2, Loopfr, and Loopft are malicious flush loops, flush-based cache attacks are detected as long as Loop2, Loopfr, and Loopft are caught. Based on this, two thresholds are set in this solution, the first threshold T1 and the second threshold T2, which are used to clamp Loop2, Loopfr, and Loopft. The refreshes between T1 and T2 are all malicious refreshes. The value of T1 should be between Loop1 and Loop2, so that the normal process will not be reported as an error, and malicious refreshes can be detected. The value of T1 is very important, because if T1<Loop1 will produce false positives, if T1>Loop2, Loopfr or Loopft, the defense will fail. The value of T2 should be between Loopft and Loop3. While detecting malicious refresh, the Spcetre attack that removes Loop2 will not be judged malicious. In addition, this solution also sets a preset number of refreshes malicious_number, which is used to determine malicious processes. To prevent false positives, we decided that only processes with malicious flushes greater than malicious_number are considered malicious. The larger the value of malicious_number is, the less likely it is to generate false positives. However, if it is too large, attacks cannot be detected in time or false positives may occur. Because the Spectre attack requires multiple branch prediction training, which induces the branch predictor to make wrong predictions. Each training generates a malicious refresh, and a process that trains branch prediction more than 5 times is a malicious process. As shown in Figure 6, the clock frequencies of the global timer, PMCCNTR and the system are 333MHz, 667MHz and 55MHz, respectively. The global timer is used for timing, the data is uniformly reduced to the system clock frequency, and the threshold is selected.

In the embodiment of the present invention, three monitoring defense measures are proposed, which are software defense measures, hardware interruption defense measures, and hardware alarm register defense measures. Among them, for software defense measures, that is, through software processing, determine the malicious process and prevent the refresh operation of the malicious process; for hardware terminal defense measures, that is, trigger the terminal through the hardware alarm register, and determine the malicious process in the interrupt service routine; The hardware alarm register defense measure, by reading the value of the alarm register, sends the label of the malicious process to the monitor by refreshing the defender.

According to an embodiment of the present invention, an embodiment of a method for monitoring and defending a refresh attack is provided. It should be noted that the steps shown in the flowchart of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and , although a logical order is shown in the flowcharts, in some cases steps shown or described may be performed in an order different from that herein.

In this embodiment, a method for monitoring and defending a refresh attack is provided, which can be used for electronic devices, such as an FPGA, etc. FIG. 2 is a flowchart of a method for monitoring and defending a refresh attack according to an embodiment of the present invention, as shown in FIG. 2 , The process includes the following steps:

S11, obtain the current process and the start time of the current process.

A timer is set in the electronic device, when the current process is monitored, the timer is started and the start time of the current process is recorded. At the same time, in order to distinguish each process, each process has a unique identifier.

S12, record the end time of the current process and the refresh times corresponding to the current process.

The electronic device records the end time of the current process, and counts the number of refreshes triggered by the current process.

S13, based on the start time and the end time, determine a time interval.

The electronic device calculates the difference between the end time and the start time, that is, determines the time interval corresponding to the current process.

S14, when the time interval is between the first threshold and the second threshold, and the number of refreshes is greater than the preset number of refreshes, determine that the current process is a malicious process to prevent the refresh operation of the current process.

The first threshold is between the first refresh interval and the second refresh interval, the first refresh interval is the normal refresh interval, the second refresh interval is the Spcetre attack interval, and the second threshold is the third Between the refresh interval and the fourth refresh interval, the third refresh interval is the Flush and Time attack interval, and the fourth refresh interval is the Flush and Reload attack interval.

The electronic device compares the current time interval with the first threshold and the second threshold, and compares the number of refreshes with the preset number of refreshes. Set the number of refreshes, and it can be determined that the current process is a malicious process, and the refresh operation of the malicious process needs to be prevented.

The monitoring and defense method for a cache attack provided in this embodiment is different from a normal process that frequently refreshes the cache. The refresh-based cache attack has a necessary and fundamental feature due to branch prediction training or encryption, that is, a certain interval is required when performing a refresh operation. Although different attacks have different values, these values are all within a certain range. Based on this, by comparing the time interval and the number of refreshes corresponding to the current process, the time interval is compared with the first threshold and the second threshold and Compare the number of refreshes with the preset number of refreshes to confirm in real time whether it is a malicious attack.

In this embodiment, a method for monitoring and defending a refresh attack is provided, which can be used for electronic devices, such as an FPGA, etc. FIG. 3 is a flowchart of a method for monitoring and defending a refresh attack according to an embodiment of the present invention, as shown in FIG. 3 , The process includes the following steps:

S21, obtain the current process and the start time of the current process.

For details, please refer to S11 of the embodiment shown in FIG. 2 , which will not be repeated here.

S22, record the end time of the current process and the refresh times corresponding to the current process.

For details, please refer to S12 of the embodiment shown in FIG. 2 , which will not be repeated here.

S23, based on the start time and the end time, determine the time interval.

For details, please refer to S13 of the embodiment shown in FIG. 2 , which will not be repeated here.

S24, when the time interval is between the first threshold and the second threshold, and the number of refreshes is greater than the preset number of refreshes, determine that the current process is a malicious process to prevent the refresh operation of the current process.

The first threshold is between the first refresh interval and the second refresh interval, the first refresh interval is the normal refresh interval, the second refresh interval is the Spcetre attack interval, and the second threshold is the third Between the refresh interval and the fourth refresh interval, the third refresh interval is the Flush and Time attack interval, and the fourth refresh interval is the Flush and Reload attack interval.

Specifically, the above S24 includes:

S241 , when the time interval is between the first threshold and the second threshold, and the number of refreshes is greater than the preset number of refreshes, set an alarm value as a target value.

When the conditions of the time interval and the number of refreshes are satisfied, the electronic device sets the alarm value to the target value. For example, set to 1. Of course, if the time interval or the number of refreshes does not meet the above conditions, the electronic device may also set an alarm value, for example, set it to 0.

S242 , based on the alarm value, determine that the current process is a malicious process to prevent the refresh operation of the current process.

The electronic device can directly determine that the current process is a malicious process based on the alarm value, or the electronic device stores the alarm value in the alarm register, so that the alarm register can determine the malicious process by triggering an interrupt and prevent the refresh operation of the current process; Or, the electronic device stores the alarm value in the alarm register, so that the refresh defender reads the alarm value from the alarm register and sends it to the monitor. In the case that the current process is a malicious process, the monitor prevents the refresh of the current process. operate.

In the monitoring and defense method for a cache attack provided by this embodiment, after determining that the current process is a malicious process, an alarm value is set as a target value so that the alarm value can be read to prevent the refresh operation of the current process, and the data processing process is simplified.

As a specific application example of this embodiment, when the monitoring and defense method is a software defense measure, the detection part is implemented by the software part, and the user invokes the FlushAPI to perform a refresh operation, thereby invoking the FlushDefender kernel driver. The specific process is as follows: First, the driver detects a malicious process, and records the time interval at which the process is refreshed. Second, flush caches L1 and L2 for non-malicious processes, otherwise flushing is prohibited (preventing attacks). Third, if the number of refreshes at T1 and T2 exceeds malicious_number, the pid of the current process will be recorded as the pid of the malicious process.

Specifically, as shown in Figure 5, the user invokes the FlushAPI to perform a refresh operation, thereby invoking the FlushDefender kernel driver. At this point, the hardware timer starts timing and records the pid of the current process, the alarm value alarm is cleared to zero, and the current time is recorded to calculate the refresh interval of the current process. If the time interval is between T1 and T2 and the number of refreshes exceeds the preset number of refreshes N, the alarm value alarm is set to 1, otherwise the alarm value alarm remains unchanged. When the alarm value alarm is 1, the current process pid is recorded as the malicious process pid.

As a specific application example of this embodiment, when the monitoring and defense method is a hardware interruption defense measure, the user performs a refresh operation by invoking the FlushAPI, thereby invoking the FlushDefender kernel driver. The specific process is as follows: First, the driver writes the pid of the current process into the register, triggering the hardware to detect. Second, flush caches L1 and L2 for non-malicious processes, otherwise flushing is prohibited (preventing attacks). ecFlush: A real-time monitoring defense scheme based on flushing cache attacks. Third, the difference from the hardware alarm register defense measures is that the interrupt is triggered by the hardware alarm register, and the pid of the current process is recorded as the pid of the malicious process in the interrupt service routine.

Specifically, as shown in FIG. 6 , when the current process is detected, the pid of the current process is recorded, the pid is written into the hardware register, the hardware detection is called, and the virtual address that needs to be refreshed is converted into a physical address. During hardware detection, the hardware timer counts, records the pid of the current process, clears the alarm, records the current time, and calculates the refresh interval. If the time interval is between T1 and T2 and the number of refreshes exceeds the preset number of refreshes N, the alarm value alarm is set to 1, otherwise the alarm value alarm remains unchanged. When the alarm value alarm is 1, an interrupt is triggered, and the current process pid is recorded in the interrupt service routine as the malicious process pid.

As a specific application example of this embodiment, when the monitoring and defense method is a hardware alarm register defense measure, in the hardware alarm register defense measure, the user performs a refresh operation by calling FlushAPI, thereby calling the FlushDefender kernel driver. The specific process is as follows: First, the driver writes the pid of the current process into the register, triggering the hardware to detect. The hardware records the refresh time interval of the process. If the number of refreshes in T1 and T2 exceeds the malicious_number, the value of the alarm register will be pulled up. Second, for non-malicious processes, based on the hardware defense technology of flushing cache attack, the flushing cache L1 and L2 are studied, otherwise flushing is prohibited (blocking the attack). Third, read the value of the hardware alarm register, and if an alarm is found, record the pid of the current process as the pid of the malicious process.

Specifically, different from the embodiment shown in FIG. 5 above, the refresh defender reads the value of the alarm register through ioread32(), and determines whether the current process is a malicious process. If the read value of alarm is 1, it is confirmed that the current process is a malicious process.

An embodiment of the present invention also provides an electronic device. Please refer to FIG. 9 . FIG. 9 is a schematic structural diagram of an electronic device provided by an optional embodiment of the present invention. As shown in FIG. 9 , the electronic device may include: at least one processing The device 31 is, for example, a CPU (Central Processing Unit, central processing unit), at least one communication interface 33 , a memory 34 , and at least one communication bus 32 . Among them, the communication bus 32 is used to realize the connection and communication between these components. The communication interface 33 may include a display screen (Display) and a keyboard (Keyboard), and the optional communication interface 33 may also include a standard wired interface and a wireless interface. The memory 34 may be a high-speed RAM memory (Random Access Memory, volatile random access memory), or may be a non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory 34 may also be at least one storage device located away from the aforementioned processor 31 . The application program is stored in the memory 34, and the processor 31 calls the program code stored in the memory 34 for executing any of the above method steps.

The communication bus 32 may be a peripheral component interconnect (PCI for short) bus or an extended industry standard architecture (EISA for short) bus or the like. The communication bus 32 can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is used in FIG. 9, but it does not mean that there is only one bus or one type of bus.

The memory 34 may include volatile memory (English: volatile memory), such as random-access memory (English: random-access memory, abbreviation: RAM); the memory may also include non-volatile memory (English: non-volatile memory) memory), such as flash memory (English: flash memory), hard disk (English: hard diskdrive, abbreviation: HDD) or solid-state drive (English: solid-state drive, abbreviation: SSD); the memory 34 may also include the above-mentioned types of memory The combination.

The processor 31 may be a central processing unit (English: central processing unit, abbreviation: CPU), a network processor (English: network processor, abbreviation: NP), or a combination of CPU and NP.

The processor 31 may further include a hardware chip. The above-mentioned hardware chip may be an application-specific integrated circuit (English: application-specific integrated circuit, abbreviation: ASIC), a programmable logic device (English: programmable logic device, abbreviation: PLD) or a combination thereof. The above-mentioned PLD may be a complex programmable logic device (English: complex programmable logic device, abbreviation: CPLD), a field programmable gate array (English: field-programmable gate array, abbreviation: FPGA), a general array logic (English: generic arraylogic , abbreviation: GAL) or any combination thereof.

Optionally, memory 34 is also used to store program instructions. The processor 31 may invoke program instructions to implement the method for monitoring and defending a cache attack as shown in any of the embodiments of the present application.

Embodiments of the present invention further provide a non-transitory computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions can execute the method for monitoring and defending a cache attack in any of the foregoing method embodiments. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a flash memory (Flash Memory), a hard disk (HardDisk) Drive, abbreviation: HDD) or solid-state drive (Solid-State Drive, SSD), etc.; the storage medium may also include a combination of the above-mentioned types of memories.

The embodiment of the present invention also provides a monitoring and defense system, which includes an electronic device and an alarm register. The specific structural details of the electronic device are referred to above. The alarm register is connected to the electronic device for storing the alarm value.

Specifically, Figure 8 shows the overall system architecture, which consists of three levels. User layer: User process, three timer APIs, refresh API and Monitor. OS layer: Three timer drivers and FlushDefender. Hardware layer: Global timers, PMCCNTR timers and caches are modules that come with the system. NewTimer and FlushDetector use FPGA-implemented modules that connect to the system via an AXI-GP interface. The FlushDetector and FlushDefender modules represent components of SecFlush.

User can call Timer Driver and FlushDefender through Timer API and Flush API. The timer driver is used to get the precise current time, which can be obtained by calling the global timer, the PMCCNTR timer, or a new timer. FlushDetector is a hardware detection module that records basic data for each flush operation, such as the current time and the pid of the process, and it compares the recorded data with the characteristics of flush-based cache attacks to infer whether the process performed the attack. The basic function of FlushDefender is to quickly flush L1 and L2 cache lines. Also, FlushDefender can detect anomalies by calling FlushDetector. If FlushDefender receives an alert from FlushDetector, it will log the current process as a malicious process and defend against flush-based cache attacks by preventing the malicious process from performing flush operations. Additionally, it reports the pid of the malicious process to Monitor via netlink. Monitor is a user-level application that receives messages from the kernel layer.

The interface of the FlushDetector module is shown in Figure 7, the slv_reg_wren signal is pulled high, the basic operation component, this module requires the Detector to operate the component, input the value of the bus register offset address into axi_awaddr[1:0], and then input the process pid into s_axi_wdata[ 31:0]. clock_counter acts as a timer and increments each clock cycle by 1, clearing the alarm signal. Record current_pid, last_time, and calculate the time interval of the current process. If it is between T1 and T2, there is a malicious flush, and the flush_counter is incremented by 1. If the refresh timer (flush_counter) is equal to malicious_number, the alarm output signal is pulled high, thereby writing the alarm to the bus register. If the time interval is less than T1, the flush timer (flush_counter) remains unchanged. If the time interval is greater than T2, there is no attack, and the flush_counter is cleared.

Since there is no user-level instruction to refresh the cache line on the ARMCortex-A9, the FlushDefender kernel driver is used to quickly refresh the L1 and L2 cache lines by reading and writing the status general register. Flush cache attack. Use the CP15 coprocessor and the CPSR register (CurrentProgramStatusRegister) to refresh the L1 cache line; use the PL310 cache controller to refresh the L2 cache line, and the refreshed address is the physical address.

The FlushDefender defense gets the current_pid from the kernel's pointer current. Then, it writes the current_pid to the bus register through the iowrite32() function, and calls the FlushDetector detection to detect the attack, and then the virtual address is converted to a physical address. Next, if the current process is not malicious, FlushDetector clears the historical data in the L1 and L2 data cache lines and invalidates them before writing. Then, three defense methods are proposed in this embodiment. The first method is to read the value of a specific bus register alarm through the ioread32() function, which is the detection result of FlushDetector. If the value of the specific bus register alarm is pulled high, the current process will be recorded as a malicious process, and the malicious process's label (malicious_pid) will be sent to the Monitor through the sendusrmsg() function of the netlink mechanism. Another way is to trigger an interrupt via the alarm register, then log the malicious process and alert the Monitor in the interrupt service routine. Call this method "Hardware Interruption Defense". The third method is software defenses, as described above.

Combined with the system shown in Figure 7, the monitoring and defense method for the cache attack includes:

(1) The main process of the hardware module FlushDetector is as follows:

Step 1: Pull the slv_reg_wren signal high;

Step 2: Input the value of the bus register offset address into axi_awaddr[1:0];

Step 3: Then input the process pid into s_axi_wdata[31:0];

Step 4: clock_counter acts as a timer and increments each clock cycle by 1;

Step 5: Clear the alarm signal to zero;

Step 6: Record current_pid, last_time, and calculate the time interval of the current process;

Step 7: If it is between threshold 1 and threshold 2, it means that there is a malicious flush, and the flush_counter is incremented by 1;

Step 8: If the refresh timer (flush_counter) is equal to malicious_number, the alarm output signal is pulled high, and the alarm is written to the bus register.

Step 9: If the time interval is less than Threshold1, the refresh timer (flush_counter) remains unchanged;

Step 10: If the time interval is greater than Threshold2, it means there is no attack, and the flush_counter is cleared.

(2) FlushDefender kernel driver module defends against attacks;

Step 1: FlushDefender obtains current_pid from the kernel's pointer current;

Step 2: Write current_pid to the bus register through the iowrite32() function;

Step 3: The FlushDetector is called to detect the attack, and then the virtual address is converted to a physical address;

Step 4: If the current process is not malicious, FlushDetector clears the L1 and L2 data cache lines and invalidates them;

Step 5: Read the value of the specific bus register alarm through the ioread32() function, which is the detection result of the FlushDetector. If the value of the specific bus register alarm is pulled high, the current process will be recorded as a malicious process, and the malicious process label (malicious_pid) will be sent to the Monitor through the sendusrmsg() function of the netlink mechanism;

Step 6: Trigger an interrupt via the alarm register, then log the malicious process and alert the Monitor in the interrupt service routine.

By analyzing, different from the frequent flushing of the cache by the normal process, the flush-based cache attack has a necessary and fundamental feature due to branch prediction training or encryption, that is, the flushing operation needs to be performed at a specific time interval, although different attacks have different values, but these values are within a certain range. Then, a defense system is constructed by combining software and hardware. The FlushDetector hardware module monitors malicious processes in real time according to the refresh characteristics of cache attacks, and the FlushDefender software kernel driver prohibits malicious processes from performing refresh operations to defend against attacks. Finally, reasonable hardware modules and software modules are designed to realize real-time monitoring and effective defense of cache side-channel attacks, with high accuracy and small time overhead, thus solving the serious attack threat faced by ARM-based mobile terminals.

Although the embodiments of the present invention have been described with reference to the accompanying drawings, various modifications and variations can be made by those skilled in the art without departing from the spirit and scope of the present invention, and such modifications and variations fall within the scope of the appended claims within the limits of the requirements.

Claims (10)

1. A monitoring and defense method for cache attacks is characterized by comprising the following steps:

acquiring a current process and starting time of the current process;

recording the end time of the current process and the refreshing times corresponding to the current process;

determining a time interval based on the start time and the end time;

when the Time interval is between a first threshold and a second threshold and the refresh frequency is greater than a preset refresh frequency, determining that the current process is a malicious process to prevent refresh operation of the current process, wherein the first threshold is between a first refresh interval and a second refresh interval, the first refresh interval is a normal refresh interval, the second refresh interval is a Spcetre attack interval, the second threshold is between a third refresh interval and a fourth refresh interval, the third refresh interval is a Flush and Time attack interval, and the fourth refresh interval is a Flush and Reload attack interval.

2. The method according to claim 1, wherein when the time interval is between a first threshold and a second threshold and the refresh time is greater than a preset refresh time, determining that the current process is a malicious process to prevent a refresh operation of the current process comprises:

when the time interval is between a first threshold value and a second threshold value and the refreshing time is greater than a preset refreshing time, setting an alarm value as a target value;

and determining that the current process is a malicious process based on the alarm value so as to prevent the refresh operation of the current process.

3. The method of claim 2, wherein the determining that the current process is a malicious process based on the alert value comprises:

and reading the alarm value, and determining that the current process is a malicious process so as to prevent the refreshing operation of the current process.

4. The method of claim 2, wherein the determining that the current process is a malicious process based on the alert value comprises:

and writing the alarm value into an alarm register so that the alarm register triggers an interrupt and records the current process as a malicious process in an interrupt service program to prevent the refresh operation of the current process.

5. The method of claim 2, wherein the determining that the current process is a malicious process based on the alert value comprises:

and writing the alarm value into an alarm register so that the refresh defensive device reads the alarm value from the alarm register and records the current process as a malicious process to prevent the refresh operation of the current process.

6. The method of claim 1, further comprising:

when the current process is determined not to be a malicious process, refreshing a first-level cache and a second-level cache based on the current process.

7. An electronic device, comprising:

a memory and a processor, the memory and the processor being communicatively connected to each other, the memory having stored therein computer instructions, the processor executing the computer instructions to perform the method for monitoring and defending against cache attacks according to any one of claims 1 to 6.

8. A computer-readable storage medium storing computer instructions for causing a computer to execute the method for monitoring and defending against cache attacks according to any one of claims 1 to 6.

9. A monitoring and defense system for cache attacks, comprising:

the electronic device of claim 7;

and the alarm register is connected with the electronic equipment and used for storing the alarm value.

10. The system of claim 9, further comprising:

and the refresh defensive device is connected with the alarm register and is used for reading the alarm value stored in the alarm register and determining that the current process is a malicious process to prevent the refresh operation of the current process when the alarm value is a target value.

Images