PerSpectron: Detecting Invariant Footprints of Microarchitectural Attacks with Perceptron
| Autor: | Samira Mirbagher-Ajorpaz, Nael Abu-Ghazaleh, Daniel A. Jimenez, Esmaeil Mohammadian-Koruyeh, Gilles Pokam, Elba Garza |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
010302 applied physics
Hardware security module Artificial neural network Computer science business.industry Feature extraction 02 engineering and technology Branch predictor Perceptron 01 natural sciences 020202 computer hardware & architecture Microarchitecture Embedded system 0103 physical sciences 0202 electrical engineering electronic engineering information engineering Anomaly detection business |
| Zdroj: | MICRO |
| DOI: | 10.1109/micro50266.2020.00093 |
| Popis: | Detecting microarchitectural attacks is critical given their proliferation in recent years. Many of these attacks exhibit intrinsic behaviors essential to the nature of their operation, such as creating contention or misspeculation. This study systematically investigates the microarchitectural footprints of hardware-based attacks and shows how they can be detected and classified using an efficient hardware predictor. We present a methodology to use correlated microarchitectural statistics to design a hardware-based neural predictor capable of detecting and classifying microarchitectural attacks before data is leaked. Once a potential attack is detected, it can be proactively mitigated by triggering appropriate countermeasures.Our hardware-based detector, PerSpectron, uses perceptron learning to identify and classify attacks. Perceptron-based prediction has been successfully used in branch prediction and other hardware-based applications. PerSpectron has minimal performance overhead. The statistics being monitored have similar overhead to already existing performance monitoring counters. Additionally, PerSpectron operates outside the processor’s critical paths, offering security without added computation delay. Our system achieves a usable detection rate for detecting attacks such as SpectreV1, SpectreV2, SpectreRSB, Meltdown, breakingKSLR, Flush+Flush, Flush+Reload, Prime+Probe as well as cache-attack calibration programs. We also believe that the large number of diverse microarchitectural features offers both evasion resilience and interpretability—features not present in previous hardware security detectors. We detect these attacks early enough to avoid any data leakage, unlike previous work that triggers countermeasures only after data has been exposed. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|