Capturing and Obscuring Ping-Pong Patterns to Mitigate Continuous Attacks

Kai Wang1, Fengkai Yuan2, Rui Hou2, Zhenzhou Ji1,a and Dan Meng2

1Department of Computer Science and Technology, Harbin Institute of Technology, Harbin, China
2State Key Laboratory of Information Security, Institute of Information Engineering, Beijing, China
ajizhenzhou@hit.edu.cn

ABSTRACT

In this paper, we observed Continuous Attacks are one kind of common side channel attack scenarios, where an adversary frequently probes the same target cache lines in a short time. Continuous Attacks cause target cache lines to go through multiple load-evict processes, exhibiting Ping-Pong Patterns. Identifying and obscuring Ping-Pong Patterns effectively interferes with the attacker’s probe and mitigates Continuous Attacks. Based on the observations, this paper proposes Ping- Pong Regulator to identify multiple Ping-Pong Patterns and block them with different strategies (Preload or Lock). The Preload proactively loads target lines into the cache, causing the attacker to mistakenly infer that the victim has accessed these lines; the Lock fixes the attacked lines’ directory entries on the last level cache directory until they are evicted out of caches, making an attacker’s observation of the locked lines is always the L2 cache miss. The experimental evaluation demonstrates that the Ping- Pong Regulator efficiently identifies and secures attacked lines, induces negligible performance impacts and storage overhead, and does not require any software support.

Keywords: Security, Side Channel Attacks, Computer Architecture, Ping-pong Regulator.



Full Text (PDF)