Ghost Thread: Effective User-Space Cache Side Channel Protection

Cache-based side channel attacks pose a serious threat to computer security. Numerous cache attacks have been demonstrated, highlighting the need for effective and efficient defense mechanisms to shield systems from this threat. In this paper, we propose a novel application-level protection mechanism, called Ghost Thread. Ghost Thread is a flexible library that allows a user to protect cache accesses to a requested sensitive region to mitigate cache-based side channel attacks. This is accomplished by injecting random cache accesses to the sensitive cache region by separate threads. Compared with prior work that injects noise in a modified OS and hardware, our novel approach is applicable to commodity OS and hardware. Compared with other user-space mitigation mechanisms, our novel approach does not require any special hardware support, and it only requires slight code changes in the protected application making it readily deployable. Evaluation results on an Apache server show that Ghost Thread provides both strong protection and negligible overhead on real-world applications where only a fragment requires protection. In the worst-case scenario where the entire application requires protection, Ghost Thread still incurs negligible overhead when a system is under utilized, and moderate overhead when a system is fully utilized.

Files

  • codaspy21.pdf

    size: 474 KB | mime_type: application/pdf | date: 2022-09-27 | sha256: 03ba9ae

Metadata

Work Title Ghost Thread: Effective User-Space Cache Side Channel Protection
Access
Open Access
Creators
  1. Robert Brotzman
  2. Danfeng Zhang
  3. Mahmut Kandemir
  4. Gang Tan
Keyword
  1. Side-channel
  2. Cache
  3. Mitigation
License In Copyright (Rights Reserved)
Work Type Conference Proceeding
Publisher
  1. CODASPY '21: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy
Publication Date April 26, 2021
Publisher Identifier (DOI)
  1. https://doi.org/10.1145/3422337.3447846
Deposited September 27, 2022

Versions

Analytics

Collections

This resource is currently not in any collection.

Work History

Version 1
published

  • Created
  • Added codaspy21.pdf
  • Added Creator Robert Brotzman
  • Added Creator Danfeng Zhang
  • Added Creator Mahmut Kandemir
  • Added Creator Gang Tan
  • Published
  • Updated Keyword, Publisher Show Changes
    Keyword
    • side-channel, cache, mitigation
    Publisher
    • CODASPY '21: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy
  • Updated Keyword Show Changes
    Keyword
    • side-channel, cache, mitigation
    • Side-channel, Cache, Mitigation