Download presentation
Presentation is loading. Please wait.
Published byVictorio Filipe de SΓ‘ Modified over 6 years ago
1
ConfMVM: A Hardware-Assisted Model to Confine Malicious VMs
Zirak Allaf
2
Contents What is Side Channel Attack? Background
Detection System Overview Methodology Rresults and Discussion Conclusion and Future works
3
1. What is Side Channel Attack
Is the action of stealing information by exploiting h/s vulnerabilities to provide unauthorised communication between two entities in shared systems The Attack Characteristics: Such attacks do not require any privileges CPU cycles were the original key factors in both attack and countermeasures There are two main attack techniques: Flush+Reload Prime+Probe
4
Flush+Reload Main Memory LLC Cache πππππππππ ππππ π π³ π π³ π Attacker
ππππ 1 ππππ 2 ππππ 3 Shared area to store AES look-up table . ππππ π LLC Cache π ππ‘ 1 π ππ‘ 2 π ππ‘ 3 . π ππ‘ π πππππππππ ππππ π π³ π Attacker n=3000, threshold π³ π Victm loop ( 1 to n) AESEncrypt() end loop (0= to 255, step 16) end loop π ππ‘ 3 21 a1 loop (add=start π 2 to end π 2 ) End loop access(add) π ππ‘ 3 flush(add) π ππ‘ 3 a1 wait() π ππ‘ 3 a1 if time(add)<threshold accessed by victim else not accessed accessed by victim
5
3. Detection System Overview
6
4. Methodology Standard Performance Evaluation Corporation (SPEC)
It is designed to provide performance measurement which can be used to compute sensitive workloads on different computer systems. SPEC benchmark suite includes 29 applications which are written in C,C++ and Fortran There two types: SPECint 2006: 12 applications (bzip2, gcc) SPECfp 2006: 17 applications (bwaves, dealII) Hardware Performance Counters (HPCs) Events Model Specific Registers (MSR) Kernel privilege There are two types of PMC: Three fixed function registers (core cycles, reference cycles and core instructions) four programmable events (e.g. L3 misses, branch predictions)
7
4. Methodology (contβd) Hardware and Software Specifications
HP Proliant DL360 G7 Intelβs Xeon X GHz 16 GB RAM Ubuntu 14.04 K-Nearest Neighbors (k-NN) Instance-based algorithm Hamming measurements π· π» = π=0 π |π₯βπ¦|
8
4. Methodology (contβd) Data collection Processor core-based profiling
Preprocessing Window size = 0.2 Β΅p Data aggregation
9
5. Results The distribution of ROC curves in native system
10
5. Results (contβd) The distribution of ROC curves in cloud system
11
6. Conclusion and Future works
The detection system of side channel attacks classification Hardware Performance Counter (HPCs) host system events relevant to a Flush+Reload attack 99% and 96% respectively under SPEC CPU2006 workloads Limitation and Future Work detect techniques such as Prime+Probe due to the behaviour of the malicious loop inside the program
12
Spinnaker Tower End slide
13
Questions
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.