TLTracer: Dynamically Detecting Cache Side Channel Attacks with a Timing Loop Tracer

• Published in: ICC 2024 - IEEE International Conference on Communications pp. 109 - 114
• Main Authors: Wang, Mingyu, Meng, Lingjia, Zheng, Fangyu, Lin, Jingqiang, Jia, Shijie, Ma, Yuan, Fan, Haoling
• Format: Conference Proceeding
• Language: English
• Published: IEEE 09.06.2024
• Subjects: Cache side-channel attacks; Data security; Dynamic binary analysis; Hardware; Intel Pin; Performance analysis; Prototypes; Runtime; Side-channel attacks; Timing
• ISSN: 1938-1883
• DOI: 10.1109/ICC51166.2024.10622283

Recently, cache side-channel attacks have gained increasing attention due to the significant threat they pose to data security. As research advances, these attacks have become more covert and their impact has been widened. To mitigate the threat posed by cache side-channel attacks, numerous de-tection approaches have been proposed. However, they struggle to capture runtime features or depend heavily on hardware performance counters (HPCs), resulting in a significant number of false negatives or false positives. To address this issue, this paper proposes a broadly applicable runtime feature for identifying cache side-channel attack programs and introduces a dynamic binary analysis approach, TLTracer. TLTracer is runtime trace-based, independent of HPCs and capable of scanning and detecting whether a binary program is malicious before it is deployed in the real world. We implement a prototype of TLTracer and evaluate it with a set of malicious and benign programs. The results show that it can effectively detect the latest cache side-channel attacks without false positives, and offer increased resilience against adversarial evasion compared to other detection tools.