公开(公告)号：US11861049B2

公开(公告)日：2024-01-02

申请号：US16774826

申请日：2020-01-28

申请人： The George Washington University

发明人： Guru Prasadh V. Venkataramani ,  Milos Doroslovacki ,  Fan Yao ,  Hongyu Fang

IPC分类号： G06F21/75 ,  G06F12/0846 ,  G06F21/55 ,  G06N5/04 ,  G06F17/14

CPC分类号： G06F21/75 ,  G06F12/0848 ,  G06F21/554 ,  G06N5/04 ,  G06F17/141 ,  G06F2212/601 ,  G06F2212/604 ,  G06F2221/033

摘要： A system and method for defense against cache timing channel attacks using cache management hardware is provided. Sensitive information leakage is a growing security concern exacerbated by shared hardware structures in computer processors. Recent studies have shown how adversaries can exploit cache timing channel attacks to exfiltrate secret information. To effectively guard computing systems against such attacks, embodiments disclosed herein provide practical defense techniques that are readily deployable and introduce only minimal performance overhead. In this regard, a new protection framework against cache timing channel attacks is provided herein by leveraging commercial off-the-shelf (COTS) hardware support in processor caches, including last level caches (LLC), for cache monitoring and partitioning. This framework applies signal processing techniques on per-domain cache occupancy data to identify suspicious application contexts. Dynamic way partitioning is then used to disband domains that are involved in timing channels

公开(公告)号：US20200242275A1

公开(公告)日：2020-07-30

申请号：US16774826

申请日：2020-01-28

申请人： The George Washington University

发明人： Guru Prasadh V. Venkataramani ,  Milos Doroslovacki ,  Fan Yao ,  Hongyu Fang

IPC分类号： G06F21/75 ,  G06F12/0846 ,  G06F21/55 ,  G06N5/04

摘要： A system and method for defense against cache timing channel attacks using cache management hardware is provided. Sensitive information leakage is a growing security concern exacerbated by shared hardware structures in computer processors. Recent studies have shown how adversaries can exploit cache timing channel attacks to exfiltrate secret information. To effectively guard computing systems against such attacks, embodiments disclosed herein provide practical defense techniques that are readily deployable and introduce only minimal performance overhead. In this regard, a new protection framework against cache timing channel attacks is provided herein by leveraging commercial off-the-shelf (COTS) hardware support in processor caches, including last level caches (LLC), for cache monitoring and partitioning. This framework applies signal processing techniques on per-domain cache occupancy data to identify suspicious application contexts. Dynamic way partitioning is then used to disband domains that are involved in timing channels