Selection of Best Fit Hardware Performance Counters to Detect Cache Side-Channel Attacks

Melis Kapotoglu Koc; Deniz Turgay Altilar

doi:10.1145/3579988.3585052

Selection of Best Fit Hardware Performance Counters to Detect Cache Side-Channel Attacks

Melis Kapotoglu Koc, Deniz Turgay Altilar

Department of Computer Engineering

Istanbul Technical University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Citations (Scopus)

Abstract

Cache side-channel attack is a common threat in cloud environments where caches are shared across co-located tenants. Detection of such attacks in real-time before the attack procedure is completed can enable cloud users to come up with a countermeasure and protect their privacy against these kinds of vulnerabilities. In this work, a real-time cache side-channel attack detection system for cloud systems is presented which leverages hardware performance counters. The combination of two neural networks is trained with long-term time sequences collected via hardware performance counters to learn the normal behavior of benign applications so that anomalies caused by attackers can be detected. This paper primarily examines the selection of best fit hardware performance counters for this purpose. Initial experiments are performed and time series feature extraction and selection methods are applied to preliminary results for the analysis.

Original language	English
Title of host publication	SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems
Publisher	Association for Computing Machinery, Inc
Pages	17-22
Number of pages	6
ISBN (Electronic)	9798400701009
DOIs	https://doi.org/10.1145/3579988.3585052
Publication status	Published - 26 Apr 2023
Event	3rd ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, SaT-CPS 2023, held in conjunction with the 13th ACM Conference on Data and Application Security and Privacy, CODASPY 2023 - Charlotte, United States Duration: 26 Apr 2023 → …

Publication series

Name	SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems

Conference

Conference	3rd ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, SaT-CPS 2023, held in conjunction with the 13th ACM Conference on Data and Application Security and Privacy, CODASPY 2023
Country/Territory	United States
City	Charlotte
Period	26/04/23 → …

Bibliographical note

Publisher Copyright:
© 2023 Owner/Author.

Funding

This work was supported by the Scientific Research Projects Department of Istanbul Technical University (Project number: MGA-2021-42887).

Funders	Funder number
Istanbul Teknik Üniversitesi	MGA-2021-42887

Keywords

cache side-channel attacks
hardware performance counters
real-time attack detection

Access to Document

10.1145/3579988.3585052

Cite this

Koc, M. K., & Altilar, D. T. (2023). Selection of Best Fit Hardware Performance Counters to Detect Cache Side-Channel Attacks. In SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (pp. 17-22). (SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems). Association for Computing Machinery, Inc. https://doi.org/10.1145/3579988.3585052

Koc, Melis Kapotoglu ; Altilar, Deniz Turgay. / Selection of Best Fit Hardware Performance Counters to Detect Cache Side-Channel Attacks. SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems. Association for Computing Machinery, Inc, 2023. pp. 17-22 (SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems).

@inproceedings{eb01d35a0aa54f58a4843331212767d0,

title = "Selection of Best Fit Hardware Performance Counters to Detect Cache Side-Channel Attacks",

abstract = "Cache side-channel attack is a common threat in cloud environments where caches are shared across co-located tenants. Detection of such attacks in real-time before the attack procedure is completed can enable cloud users to come up with a countermeasure and protect their privacy against these kinds of vulnerabilities. In this work, a real-time cache side-channel attack detection system for cloud systems is presented which leverages hardware performance counters. The combination of two neural networks is trained with long-term time sequences collected via hardware performance counters to learn the normal behavior of benign applications so that anomalies caused by attackers can be detected. This paper primarily examines the selection of best fit hardware performance counters for this purpose. Initial experiments are performed and time series feature extraction and selection methods are applied to preliminary results for the analysis.",

keywords = "cache side-channel attacks, hardware performance counters, real-time attack detection",

author = "Koc, {Melis Kapotoglu} and Altilar, {Deniz Turgay}",

note = "Publisher Copyright: {\textcopyright} 2023 Owner/Author.; 3rd ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, SaT-CPS 2023, held in conjunction with the 13th ACM Conference on Data and Application Security and Privacy, CODASPY 2023 ; Conference date: 26-04-2023",

year = "2023",

month = apr,

day = "26",

doi = "10.1145/3579988.3585052",

language = "English",

series = "SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems",

publisher = "Association for Computing Machinery, Inc",

pages = "17--22",

booktitle = "SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems",

}

Koc, MK & Altilar, DT 2023, Selection of Best Fit Hardware Performance Counters to Detect Cache Side-Channel Attacks. in SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems. SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, Association for Computing Machinery, Inc, pp. 17-22, 3rd ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, SaT-CPS 2023, held in conjunction with the 13th ACM Conference on Data and Application Security and Privacy, CODASPY 2023, Charlotte, United States, 26/04/23. https://doi.org/10.1145/3579988.3585052

Selection of Best Fit Hardware Performance Counters to Detect Cache Side-Channel Attacks. / Koc, Melis Kapotoglu; Altilar, Deniz Turgay.
SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems. Association for Computing Machinery, Inc, 2023. p. 17-22 (SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Selection of Best Fit Hardware Performance Counters to Detect Cache Side-Channel Attacks

AU - Koc, Melis Kapotoglu

AU - Altilar, Deniz Turgay

PY - 2023/4/26

Y1 - 2023/4/26

N2 - Cache side-channel attack is a common threat in cloud environments where caches are shared across co-located tenants. Detection of such attacks in real-time before the attack procedure is completed can enable cloud users to come up with a countermeasure and protect their privacy against these kinds of vulnerabilities. In this work, a real-time cache side-channel attack detection system for cloud systems is presented which leverages hardware performance counters. The combination of two neural networks is trained with long-term time sequences collected via hardware performance counters to learn the normal behavior of benign applications so that anomalies caused by attackers can be detected. This paper primarily examines the selection of best fit hardware performance counters for this purpose. Initial experiments are performed and time series feature extraction and selection methods are applied to preliminary results for the analysis.

AB - Cache side-channel attack is a common threat in cloud environments where caches are shared across co-located tenants. Detection of such attacks in real-time before the attack procedure is completed can enable cloud users to come up with a countermeasure and protect their privacy against these kinds of vulnerabilities. In this work, a real-time cache side-channel attack detection system for cloud systems is presented which leverages hardware performance counters. The combination of two neural networks is trained with long-term time sequences collected via hardware performance counters to learn the normal behavior of benign applications so that anomalies caused by attackers can be detected. This paper primarily examines the selection of best fit hardware performance counters for this purpose. Initial experiments are performed and time series feature extraction and selection methods are applied to preliminary results for the analysis.

KW - cache side-channel attacks

KW - hardware performance counters

KW - real-time attack detection

UR - http://www.scopus.com/inward/record.url?scp=85159084666&partnerID=8YFLogxK

U2 - 10.1145/3579988.3585052

DO - 10.1145/3579988.3585052

M3 - Conference contribution

AN - SCOPUS:85159084666

T3 - SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems

SP - 17

EP - 22

BT - SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems

PB - Association for Computing Machinery, Inc

T2 - 3rd ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, SaT-CPS 2023, held in conjunction with the 13th ACM Conference on Data and Application Security and Privacy, CODASPY 2023

Y2 - 26 April 2023

ER -

Koc MK, Altilar DT. Selection of Best Fit Hardware Performance Counters to Detect Cache Side-Channel Attacks. In SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems. Association for Computing Machinery, Inc. 2023. p. 17-22. (SaT-CPS 2023 - Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems). doi: 10.1145/3579988.3585052

Selection of Best Fit Hardware Performance Counters to Detect Cache Side-Channel Attacks

Abstract

Publication series

Conference

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this