Fight Hardware with Hardware: System-wide Detection and Mitigation of Side-Channel Attacks using Performance Counters

arXiv:2402.13281v1 Announce Type: new
Abstract: We present a kernel-level infrastructure that allows system-wide detection of malicious applications attempting to exploit cache-based side-channel attacks to break the process confinement enforced by standard operating systems. This infrastructure relies on hardware performance counters to collect information at runtime from all applications running on the machine. High-level detection metrics are derived from these measurements to maximize the likelihood of promptly detecting a malicious application. Our experimental assessment shows that we can catch a large …

applications arxiv attacks cache channel collect cs.cr csos detection exploit hardware information infrastructure kernel malicious mitigation operating systems performance process runtime side-channel side-channel attacks standard system systems