하이퍼바이저 권한의 공격자로부터 안전한 신뢰 실행 환경을 제공하기 위한 부채널 공격 실시간 탐지 기법

Vol. 34, No. 5, pp. 993-1006, 10월. 2024
10.13089/JKIISC.2024.34.5.993, Full Text:
Keywords: Page fault side-channel attack, TEE(Truested Execution Environment), real-time detection
Abstract

The recent increase in public cloud usage has led to various security issues. In response, CPU manufacturers have introduced Trusted Execution Environment (TEE) technology, allowing secure service usage even with potentially untrustworthy cloud service providers. For instance, AMD offers VM-level TEE through SEV(Secure Encrypted Virtualization). However, it has been raised that confidential information can be leaked via page fault-based side-channel attacks on VMs protected by SEV. To address this, this paper proposes a method for real-time detection of such attacks in SEV environments. Nonetheless, since attackers can have hypervisor-level privileges under the SEV threat model, realizing this is challenging. To overcome this, we propose two approaches. First, using VMPL(Virtual Machine Privileged Level) to protect the detection program from untrusted hypervisors. Second, utilizing vPMU(virtual Performance Monitoring Unit) to derive new features for detecting page side-channel attacks. The designed and implemented detection program achieved a 95.38% accuracy in detecting page fault side-channel attacks.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
김상엽, 신영주, 김태훈, "A Real-Time Detection Method for Side-Channel Attacks to Ensure a Secure Trusted Execution Environment Against Hypervisor-Privileged Adversaries," Journal of The Korea Institute of Information Security and Cryptology, vol. 34, no. 5, pp. 993-1006, 2024. DOI: 10.13089/JKIISC.2024.34.5.993.

[ACM Style]
김상엽, 신영주, and 김태훈. 2024. A Real-Time Detection Method for Side-Channel Attacks to Ensure a Secure Trusted Execution Environment Against Hypervisor-Privileged Adversaries. Journal of The Korea Institute of Information Security and Cryptology, 34, 5, (2024), 993-1006. DOI: 10.13089/JKIISC.2024.34.5.993.