Dataset for Machine Learning Based Cache Timing Attacks and Mitigation

Kalidasan, Vishnu Kumar

05 June 2024

Cache side-channel attacks have evolved alongside increasingly complex microprocessor architectural designs. The attacks and their prevention mechanisms, such as cache partitioning, OS kernel isolation, and various hardware/operating system enhancements, have similarly progressed. Nonetheless, side-channel attacks necessitate effective and efficient prevention mechanisms or alterations to hardware architecture. Recently, machine learning (ML) is an emerging method for detecting and defending such attacks. However, The effectiveness of machine learning relies on the dataset it is trained on. The datasets for training these ML models today are not vast enough to enhance the robustness and consistency of the model performance. This thesis aims to enhance the ML method for exploring various cache side-channel attacks and defenses by offering a more reasonable and potentially realistic dataset to distinguish between the attacker and the victim process. The dataset is gathered through a computer system simulation model, which is subsequently utilized to train both the attacker and detector agents of the model. Different ways to collect datasets using the system simulation are explored. A New Dataset for training and detecting cache side-channel attacks is also explored and methodized. Lastly, the effectiveness of the dataset is studied by training a Flush+Reload attacker and detector model performance. / Master of Science / Imagine a spy trying to steal secret information from a computer by listening to its clicks and whirs. That's kind of what a side-channel attack is. The computer uses a special memory called a cache to speed things up, but attackers can spy on this cache to learn bits and pieces of what the computer is working on. Numerous ways to mitigate such attacks have been proposed, but they were either costly to implement in terms of resources or the performance offset of the computer is large. New types of attacks are also being researched and discovered. More recently, Machine learning (ML) models are used for detecting or defending cache side-channel attacks. Currently the training ground truth or the input dataset for the ML models is not vast enough to enhance the robustness and consistency of the model performance. This thesis project aims to enhance the ML approach for exploring and detecting existing and unknown Cache side-channel attacks by offering a more reasonable and potentially realistic training ground (dataset). The dataset is gathered through a computer system simulation model, which is subsequently utilized to train the ML models. Different ways to collect datasets using the computer system simulation are explored. A New Dataset for training and detecting Cache side-channel attacks is also explored and methodised. Lastly, the effectiveness of the dataset is studied by training a Flush+Reload attacker performance.

Cache timing-attack

Cache side-channel

gem5

Autocat

Macta

Algorithms and Frameworks for Accelerating Security Applications on HPC Platforms

Yu, Xiaodong

09 September 2019

Typical cybersecurity solutions emphasize on achieving defense functionalities. However, execution efficiency and scalability are equally important, especially for real-world deployment. Straightforward mappings of cybersecurity applications onto HPC platforms may significantly underutilize the HPC devices' capacities. On the other hand, the sophisticated implementations are quite difficult: they require both in-depth understandings of cybersecurity domain-specific characteristics and HPC architecture and system model. In our work, we investigate three sub-areas in cybersecurity, including mobile software security, network security, and system security. They have the following performance issues, respectively: 1) The flow- and context-sensitive static analysis for the large and complex Android APKs are incredibly time-consuming. Existing CPU-only frameworks/tools have to set a timeout threshold to cease the program analysis to trade the precision for performance. 2) Network intrusion detection systems (NIDS) use automata processing as its searching core and requires line-speed processing. However, achieving high-speed automata processing is exceptionally difficult in both algorithm and implementation aspects. 3) It is unclear how the cache configurations impact time-driven cache side-channel attacks' performance. This question remains open because it is difficult to conduct comparative measurement to study the impacts. In this dissertation, we demonstrate how application-specific characteristics can be leveraged to optimize implementations on various types of HPC for faster and more scalable cybersecurity executions. For example, we present a new GPU-assisted framework and a collection of optimization strategies for fast Android static data-flow analysis that achieve up to 128X speedups against the plain GPU implementation. For network intrusion detection systems (IDS), we design and implement an algorithm capable of eliminating the state explosion in out-of-order packet situations, which reduces up to 400X of the memory overhead. We also present tools for improving the usability of Micron's Automata Processor. To study the cache configurations' impact on time-driven cache side-channel attacks' performance, we design an approach to conducting comparative measurement. We propose a quantifiable success rate metric to measure the performance of time-driven cache attacks and utilize the GEM5 platform to emulate the configurable cache. / Doctor of Philosophy / Typical cybersecurity solutions emphasize on achieving defense functionalities. However, execution efficiency and scalability are equally important, especially for the real-world deployment. Straightforward mappings of applications onto High-Performance Computing (HPC) platforms may significantly underutilize the HPC devices’ capacities. In this dissertation, we demonstrate how application-specific characteristics can be leveraged to optimize various types of HPC executions for cybersecurity. We investigate several sub-areas, including mobile software security, network security, and system security. For example, we present a new GPU-assisted framework and a collection of optimization strategies for fast Android static data-flow analysis that achieve up to 128X speedups against the unoptimized GPU implementation. For network intrusion detection systems (IDS), we design and implement an algorithm capable of eliminating the state explosion in out-of-order packet situations, which reduces up to 400X of the memory overhead. We also present tools for improving the usability of HPC programming. To study the cache configurations’ impact on time-driven cache side-channel attacks’ performance, we design an approach to conducting comparative measurement. We propose a quantifiable success rate metric to measure the performance of time-driven cache attacks and utilize the GEM5 platform to emulate the configurable cache.

Cybersecurity

HPC

GPU

Intrusion Detection

Automata Processor

Android Program Analysis

Cache Side-Channel Attack