当前位置:
X-MOL 学术
›
Secur. Commun. Netw.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Survey of CPU Cache-Based Side-Channel Attacks: Systematic Analysis, Security Models, and Countermeasures
Security and Communication Networks ( IF 1.968 ) Pub Date : 2021-06-11 , DOI: 10.1155/2021/5559552 Chao Su 1, 2 , Qingkai Zeng 1, 2
Security and Communication Networks ( IF 1.968 ) Pub Date : 2021-06-11 , DOI: 10.1155/2021/5559552 Chao Su 1, 2 , Qingkai Zeng 1, 2
Affiliation
Privacy protection is an essential part of information security. The use of shared resources demands more privacy and security protection, especially in cloud computing environments. Side-channel attacks based on CPU cache utilize shared CPU caches within the same physical device to compromise the system’s privacy (encryption keys, program status, etc.). Information is leaked through channels that are not intended to transmit information, jeopardizing system security. These attacks have the characteristics of both high concealment and high risk. Despite the improvement in architecture, which makes it more difficult to launch system intrusion and privacy leakage through traditional methods, side-channel attacks ignore those defenses because of the shared hardware. Difficult to be detected, they are much more dangerous in modern computer systems. Although some researchers focus on the survey of side-channel attacks, their study is limited to cryptographic modules such as Elliptic Curve Cryptosystems. All the discussions are based on real-world applications (e.g., Curve25519), and there is no systematic analysis for the related attack and security model. Firstly, this paper compares different types of cache-based side-channel attacks. Based on the comparison, a security model is proposed. The model describes the attacks from four key aspects, namely, vulnerability, cache type, pattern, and range. Through reviewing the corresponding defense methods, it reveals from which perspective defense strategies are effective for side-channel attacks. Finally, the challenges and research trends of CPU cache-based side-channel attacks in both attacking and defending are explored. The systematic analysis of CPU cache-based side-channel attacks highlights the fact that these attacks are more dangerous than expected. We believe our survey would draw developers’ attention to side-channel attacks and help to reduce the attack surface in the future.
中文翻译:
基于 CPU 缓存的侧信道攻击调查:系统分析、安全模型和对策
隐私保护是信息安全的重要组成部分。共享资源的使用需要更多的隐私和安全保护,尤其是在云计算环境中。基于 CPU 缓存的旁道攻击利用同一物理设备内的共享 CPU 缓存来破坏系统的隐私(加密密钥、程序状态等)。信息通过并非旨在传输信息的渠道泄露,危及系统安全。这些攻击同时具有高隐蔽性和高风险的特点。尽管架构的改进使得通过传统方法发起系统入侵和隐私泄露变得更加困难,但由于共享硬件,侧信道攻击忽略了这些防御。很难被检测到,它们在现代计算机系统中要危险得多。尽管一些研究人员专注于侧信道攻击的调查,但他们的研究仅限于椭圆曲线密码系统等密码模块。所有的讨论都是基于现实世界的应用(例如Curve25519),并没有对相关的攻击和安全模型进行系统分析。首先,本文比较了不同类型的基于缓存的侧信道攻击。在比较的基础上,提出了一种安全模型。该模型从漏洞、缓存类型、模式和范围四个关键方面描述了攻击。通过回顾相应的防御方法,揭示了从哪些角度防御策略对侧信道攻击有效。最后,探讨了基于 CPU 缓存的侧信道攻击在攻防两方面的挑战和研究趋势。对基于 CPU 缓存的侧信道攻击的系统分析突出了这些攻击比预期更危险的事实。我们相信我们的调查会引起开发人员对侧信道攻击的关注,并有助于减少未来的攻击面。
更新日期:2021-06-11
中文翻译:
基于 CPU 缓存的侧信道攻击调查:系统分析、安全模型和对策
隐私保护是信息安全的重要组成部分。共享资源的使用需要更多的隐私和安全保护,尤其是在云计算环境中。基于 CPU 缓存的旁道攻击利用同一物理设备内的共享 CPU 缓存来破坏系统的隐私(加密密钥、程序状态等)。信息通过并非旨在传输信息的渠道泄露,危及系统安全。这些攻击同时具有高隐蔽性和高风险的特点。尽管架构的改进使得通过传统方法发起系统入侵和隐私泄露变得更加困难,但由于共享硬件,侧信道攻击忽略了这些防御。很难被检测到,它们在现代计算机系统中要危险得多。尽管一些研究人员专注于侧信道攻击的调查,但他们的研究仅限于椭圆曲线密码系统等密码模块。所有的讨论都是基于现实世界的应用(例如Curve25519),并没有对相关的攻击和安全模型进行系统分析。首先,本文比较了不同类型的基于缓存的侧信道攻击。在比较的基础上,提出了一种安全模型。该模型从漏洞、缓存类型、模式和范围四个关键方面描述了攻击。通过回顾相应的防御方法,揭示了从哪些角度防御策略对侧信道攻击有效。最后,探讨了基于 CPU 缓存的侧信道攻击在攻防两方面的挑战和研究趋势。对基于 CPU 缓存的侧信道攻击的系统分析突出了这些攻击比预期更危险的事实。我们相信我们的调查会引起开发人员对侧信道攻击的关注,并有助于减少未来的攻击面。
京公网安备 11010802027423号