基于原子混淆的通用侧信道漏洞修补方法

doi:10.11959/j.issn.2096-109x.2022014

网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (2): 100-111.doi: 10.11959/j.issn.2096-109x.2022014

基于原子混淆的通用侧信道漏洞修补方法

邹德清¹^,²^,³^,⁴, 张盼¹^,²^,³^,⁴, 刘伟⁵, 陈维杰¹^,²^,³^,⁴, 陆弈帆¹^,²^,³^,⁴

¹ 大数据技术与系统国家地方联合工程研究中心，湖北武汉 430074
² 服务计算技术与系统教育部重点实验室，湖北武汉 430074
³ 大数据安全湖北省工程研究中心，湖北武汉 430074
⁴ 华中科技大学网络空间安全学院，湖北武汉 430074
⁵ 北京京航计算通讯研究所，100089 北京

修回日期:2021-11-22 出版日期:2022-04-15 发布日期:2022-04-01
作者简介:邹德清（1975− ），男，湖南长沙人，博士，华中科技大学教授、博士生导师，主要研究方向为虚拟化安全与云安全、网络攻防与漏洞检测、大数据安全、容错计算
张盼（1991− ），男，湖北仙桃人，华中科技大学博士生，主要研究方向为系统安全、虚拟化安全、编译器安全、模糊测试、侧信道防御
刘伟（1980− ），男，江苏扬州人，北京京航计算通讯研究所研究员，主要研究方向为软件安全性设计与验证、信息安全、软件及FPGA工程化及测试
陈维杰（1999− ），男，江苏泰州人，华中科技大学硕士生，主要研究方向为系统安全，侧信道防御
陆弈帆（1998− ），男，江苏苏州人，华中科技大学硕士生，主要研究方向为系统安全、模糊测试、漏洞检测
基金资助:
国家自然科学基金(62172168)

Universal patching method for side-channel vulnerabilities based on atomic obfuscation

Deqing ZOU¹^,²^,³^,⁴, Pan ZHANG¹^,²^,³^,⁴, Wei LIU⁵, Weijie CHEN¹^,²^,³^,⁴, Yifan LU¹^,²^,³^,⁴

¹ National Engineering Research Center for Big Data Technology and System, Wuhan 430074, China
² Services Computing Technology and System Lab, Wuhan 430074, China
³ Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Wuhan 430074, China
⁴ Huazhong University of Science and Technology, Wuhan 430074, China
⁵ Beijing Jinghang Research Institute of Computing and Communication, Beijing 100089, China

Revised:2021-11-22 Online:2022-04-15 Published:2022-04-01
Supported by:
The National Natural Science Foundation of China(62172168)

摘要/Abstract

摘要：

包含侧信道漏洞的代码在程序被执行时会表现出与输入有关的非功能性行为，攻击者利用微架构的侧信道攻击可获取这些行为，并通过分析行为与输入之间的关联模式恢复应用数据内容，达到窃取用户机密数据的目的。软件层的侧信道漏洞修补方法带给程序的性能损耗较低，并且因为无须修改硬件或系统，可实现快速修补和大范围部署，成为密码算法实现采用的主流策略。现有修补方案与程序的具体实现深度绑定，需要人工介入，存在实现难度大、不通用的问题。针对以上问题，提出了一种结合动态混淆技术和硬件原子事务特性的通用侧信道漏洞修补方法。所提方法向侧信道漏洞代码中插入动态混淆访存操作，以达到隐藏真实访存地址的目的，并将漏洞代码和混淆访存封装为硬件原子事务，保障被封装的代码在运行时连续执行而不被中断，避免攻击者利用细粒度的侧信道攻击区分真实的访存操作和混淆的访存操作。基于LLVM编译器实现了原型系统SC-Patcher，引入了包括安全跳板和原子事务聚合等在内的多种设计，提高了方法的安全性和实用性。安全与性能测试结果表明，使用所提方法完成侧信道漏洞修补的程序，在几乎未增加额外性能开销的同时，能够有效抵抗侧信道攻击，防范攻击者从漏洞处还原有效的机密数据内容。

关键词: 侧信道防御, 漏洞修补, 原子事务, 混淆执行

Abstract:

Executing code containing side-channel vulnerabilities exhibits different non-functional behaviors related to inputs.Attackers can obtain these behaviors by leveraging micro architecture side-channel attacks and then analyze the pattern between the behaviors and the inputs to access sensitive data.Vulnerability repairing at the software layer brings low overheads to a program’s execution.Besides, it does not require modifying hardware or system, which enables fast patching and widespread deployment.It becomes the mainstream strategy applied to the current cryptographic implementations.However, existing solutions are deeply bound to the program’s implementation and requires manual intervention.This brings challenge to implement and is not versatile enough.A general patching method was proposed for side-channel vulnerabilities that combined dynamic obfuscated execution with hardware atomic transaction.To hide the real accesses of the side-channel vulnerabilities of a program, the proposed method inserted dynamic confusing accesses into the vulnerabilities.To avoid an attacker using fine-grained side-channel attack to distinguish the real access and the confusing access, both of them were encapsulated as transactions and they were guaranteed to be uninterrupted during the running period.In addition, a prototype system called SC-Patcher was implemented based on the LLVM compiler.Various optimization strategies were supported, including secure springboard and transaction aggregation, to further improve system security and performance.Experimental results show that the proposed method makes it impossible for an attacker to restore accurate sensitive data through side-channel attack, and it also brings almost no additional performance overhead to the program.

Key words: side-channel defense, vulnerability repair, atomic transaction, obfuscated execution

中图分类号:

TP393

邹德清, 张盼, 刘伟, 陈维杰, 陆弈帆. 基于原子混淆的通用侧信道漏洞修补方法[J]. 网络与信息安全学报, 2022, 8(2): 100-111.

Deqing ZOU, Pan ZHANG, Wei LIU, Weijie CHEN, Yifan LU. Universal patching method for side-channel vulnerabilities based on atomic obfuscation[J]. Chinese Journal of Network and Information Security, 2022, 8(2): 100-111.

图/表 6

图1

表1

图2

图3

表2

表3

参考文献 39

[1]	ANDRYSCO M , KOHLBRENNER D , MOWERY K ,et al. On subnormal floating point and abnormal timing[C]// Proceedings of IEEE Symposium on Security and Privacy(S＆P’15). 2015: 623-639.
[2]	LEE S , SHIH MW , GERA P ,et al. Inferring fine-grained control flow inside SGX enclaves with branch shadowing[C]// Proceedings of 26th USENIX Security Symposium (USENIX Security’17). 2017: 557-574.
[3]	LIU F , YAROM Y , GE Q ,et al. Last-level cache side-channel attacks are practical[C]// Proceedings of IEEE Symposium on Security and Privacy(S＆P’15). 2015: 605-622.
[4]	GRUSS D , SPREITZER R , MANGARD S . Cache template attacks:Automating attacks on inclusive last-level caches[C]// Proceedings of 24th USENIX Security Symposium (USENIX Security’15). 2015: 897-912.
[5]	GRUSS D , MAURICE C , WAGNER K ,et al. Flush+ Flush:a fast and stealthy cache attack[C]// Proceedings of Detection of Intrusions and Malware,and Vulnerability Assessment (DIMVA’ 16). 2016: 279-299.
[6]	OSVIK DA , SHAMIR A , TROMER E . Cache attacks and countermeasures:the case of AES[C]// Proceedings of Cryptographers’ Track at the RSA Conference (CT-RSA’06). 2006: 1-20.
[7]	GRAS B , RAZAVI K ,, BOS H , GIUFFRIDA C ,et al. Translation leak-aside buffer:defeating cache side-channel protections with TLB attacks[C]// Proceedings of 27th USENIX Security Symposium (USENIX Security’18). 2018: 955-972.
[8]	SHINDE S , CHUA ZL , NARAYANAN V ,et al. Preventing page faults from telling your secrets[C]// Proceedings of 11th ACM on Asia Conference on Computer and Communications Security (AsiaCCS’16),Xi'an,China. 2016: 317-328.
[9]	XU Y , CUI W , PEINADO M . Controlled-channel attacks:Deterministic side channels for untrusted operating systems[C]// Proceedings of IEEE Symposium on Security and Privacy(S＆P’15). 2015: 640-656.
[10]	PESSL P , GRUSS D , MAURICE C ,et al. DRAMA:exploiting DRAM addressing for cross-cpu attacks[C]// Proceedings of 25th USENIX Security Symposium (USENIX Security’16). 2016: 565-581.
[11]	HE Z , LEE RB . How secure is your cache against side-channel attacks?[C]// Proceedings of Annual IEEE/ACM International Symposium on Microarchitecture (MICRO’17). 2017: 341-353.
[12]	ZHANG D , ASKAROV A , MYERS AC . Language-based control and mitigation of timing channels[C]// Proceedings of 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’12). 2012: 99-110.
[13]	WANG Y , FERRAIUOLO A , ZHANG D ,et al. SecDCP:secure dynamic cache partitioning for efficient timing channel protection[C]// Proceedings of 53nd ACM/EDAC/IEEE Design Automation Conference (DAC’16). 2016: 1-6.
[14]	KIRIANSKY V , LEBEDEV I , AMARASINGHE S ,et al. DAWG:a defense against cache timing attacks in speculative execution processors[C]// Proceedings of 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO’18). 2018: 974-987.
[15]	DENG S , XIONG W , SZEFER J . Secure tlbs[C]// Proceedings of 46th Annual International Symposium on Computer Architecture (ISCA’19). 2019: 346-359.
[16]	SHI J , SONG X , CHEN H ,et al. Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring[C]// Proceedings of 41st International Conference on Dependable Systems and Networks Workshops (DSN-W’11). 2011: 194-199.
[17]	KIM T , PEINADO M , MAINAR-RUIZ G , . STEALTHMEM:system-level protection against cache-based side channel attacks in the cloud[C]// Proceedings of 21st USENIX Security Symposium (USENIX Security’12). 2012: 189-204.
[18]	ZHANG Y , REITER MK . Du?Ppel:retrofitting commodity operating systems to mitigate cache side channels in the cloud[C]// Proceedings of 2013 ACM SIGSAC Conference on Computer ＆ Communications Security (CCS’13). 2013: 827-838.
[19]	VATTIKONDA BC , DAS S , SHACHAM H . Eliminating fine grained timers in xen[C]// Proceedings of 3rd ACM Workshop on Cloud Computing Security Workshop. 2011: 41-46.
[20]	LI P , GAO D , REITER MK . StopWatch:A Cloud Architecture for Timing Channel Mitigation[J]. ACM Transaction Information System Security, 2014(17): 1-28.
[21]	MARTIN R , DEMME J , SETHUMADHAVAN S . TimeWarp:rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks[C]// Proceedings of 39th Annual International Symposium on Computer Architecture (ISCA’12). 2012: 118-129.
[22]	ZHANG T , ZHANG Y , LEE R B . Cloudradar:a real-time side-channel attack detection system in clouds[C]// Proceedings of Research in Attacks,Intrusions,and Defenses (RAID’16). 2016: 118-140.
[23]	CHEN S , ZHANG X , REITER MK ,et al. Detecting privileged side-channel attacks in shielded execution with Déjá Vu[C]// Proceedings of 2017 ACM on Asia Conference on Computer and Communications Security (AsiaCCS’17). 2017: 7-18.
[24]	SHIH MW , LEE S , KIM T ,et al. T-SGX:eradicating controlled-channel attacks against enclave programs[C]// Proceedings of 24th Network and Distributed System Security Symposium (NDSS’17). USA, 2017.
[25]	DOYCHEV G , K?PF B , MAUBORGNE L ,et al. CacheAudit:a tool for the static analysis of cache side channels[J]. ACM Transactions on Information and System Security. 2015(18): 1-32.
[26]	ALMEIDA JB , BARBOSA M , BARTHE G ,et al. Verifying constant-time implementations[C]// Proceedings of 25th USENIX Security Symposium (USENIX Security’16). 2016: 53-70.
[27]	BARTHE G , BETARTE G , CAMPO J ,et al. System-level non-interference for constant-time cryptography[C]// Proceedings of 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS’14). 2014: 1267-1279.
[28]	REPARAZ O , BALASCH J , VERBAUWHEDE I . Dude,is my code constant time[C]// Proceedings of the Conference on Design,Automation ＆ Test in Europe (DATE’17). 2017: 1701-1706.
[29]	WANG S , WANG P , LIU X ,et al. Cached:Identifying cache-based timing channels in production software[C]// Proceedings of 26th USENIX Security Symposium (USENIX Security’17). 2017: 235-252.
[30]	WICHELMANN J , MOGHIMI A , EISENBARTH T ,et al. Microwalk:a framework for finding side channels in binaries[C]// Proceedings of 34th Annual Computer Security Applications Conference (ACSAC’18). 2018: 161-173.
[31]	WU M , GUO S , SCHAUMONT P ,et al. Eliminating timing side-channel leaks using program repair[C]// Proceedings of 27th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’18). 2018: 15-26.
[32]	CORON J S , . Resistance against differential power analysis for elliptic curve cryptosystems[C]// Proceedings of 1th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’99). 1999: 292-302.
[33]	VAN B J , PIESSENS F , STRACKX R . SGX-Step:A practical attack framework for precise enclave execution control[C]// Proceedings of 2nd Workshop on System Software for Trusted Execution (SysTEX'17). 2017: 1-6.
[34]	WEISER S , ZANKL A , SPREITZER R ,et al. DATA-differential address trace analysis:finding address-based side-channels in binaries[C]// Proceedings of 27th USENIX Security Symposium (USENIX Security’18). 2018: 603-620.
[35]	GENKIN D , PIPMAN I , TROMER E . Get your hands off my laptop:Physical side-channelkey-extraction attacks on PCs[C]// Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems (CHES’14),Busan,South Korea. 2014: 242-260.
[36]	LIPP M , SCHWARZ M , GRUSS D ,et al. Meltdown:reading kernel memory from user space[C]// Proceedings of 27th USENIX Security Symposium (USENIX Security’18). 2018: 973-990.
[37]	KOCHER P , HORN J , FOGH A ,et al. Spectre attacks:exploiting speculative execution[C]// Proceedings of 2019 IEEE Symposium on Security and Privacy (S＆P’19). 2019: 1-19.
[38]	VAN BULCK J , MINKIN M , WEISSE O ,et al. Foreshadow:extracting the keys to the intel SGX kingdom with transient out-of-order execution[C]// Proceedings of 27th USENIX Security Symposium (USENIX Security’18). 2018: 991-1008.
[39]	Mastik:a micro-architectural side-channel toolkit[EB].

类型	分类标识的原因
D	包含数据访问依赖的漏洞代码
B	包含控制选择依赖的漏洞代码
U	会导致其他类型的代码的访问信息泄露
S	安全代码，不会产生机密数据泄露

	测试内容		准确率
	原生AES		100.00%
	T-SGX		100.00%
SC-Patcher		静态混淆	78.60%
SC-Patcher		动态混淆	7.10%

测试内容	算法			二进制文件大小
测试内容	DES	AES	SHA-1	二进制文件大小
未漏洞修补	8.591 ms	6.360 ms	11.618 ms	3.138MB
漏洞修补后	8.719 ms	6.508 ms	12.261 ms	3.150MB
开销	1.42%	2.32%	5.53%	0.38%

基于原子混淆的通用侧信道漏洞修补方法

Universal patching method for side-channel vulnerabilities based on atomic obfuscation

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 39

相关文章 15

Metrics

推荐阅读 0

[1]	陈先意, 顾军, 颜凯, 江栋, 许林峰, 付章杰. 针对车牌识别系统的双重对抗攻击[J]. 网络与信息安全学报, 2023, 9(3): 16-27.
[2]	叶天鹏, 林祥, 李建华, 张轩凯, 许力文. 面向雾计算的个性化轻量级分布式网络入侵检测系统[J]. 网络与信息安全学报, 2023, 9(3): 28-37.
[3]	祖立军, 曹雅琳, 门小骅, 吕智慧, 叶家炜, 李泓一, 张亮. 基于隐私风险评估的脱敏算法自适应方法[J]. 网络与信息安全学报, 2023, 9(3): 49-59.
[4]	夏锐琪, 李曼曼, 陈少真. 基于机器学习的分组密码结构识别[J]. 网络与信息安全学报, 2023, 9(3): 79-89.
[5]	袁静怡, 李子川, 彭国军. EN-Bypass：针对邮件代发提醒机制的安全评估方法[J]. 网络与信息安全学报, 2023, 9(3): 90-101.
[6]	余锋, 林庆新, 林晖, 汪晓丁. 基于生成对抗网络的隐私增强联邦学习方案[J]. 网络与信息安全学报, 2023, 9(3): 113-122.
[7]	朱春陶, 尹承禧, 张博林, 殷琪林, 卢伟. 基于多域时序特征挖掘的伪造人脸检测方法[J]. 网络与信息安全学报, 2023, 9(3): 123-134.
[8]	李晓萌, 郭玳豆, 卓训方, 姚恒, 秦川. 载体独立的抗屏摄信息膜叠加水印算法[J]. 网络与信息安全学报, 2023, 9(3): 135-149.
[9]	蔡召, 荆涛, 任爽. 以太坊钓鱼诈骗检测技术综述[J]. 网络与信息安全学报, 2023, 9(2): 21-32.
[10]	潘雁, 林伟, 祝跃飞. 渐进式的协议状态机主动推断方法[J]. 网络与信息安全学报, 2023, 9(2): 81-93.
[11]	杨盼, 康绯, 舒辉, 黄宇垚, 吕小少. 基于函数摘要的二进制程序污点分析优化方法[J]. 网络与信息安全学报, 2023, 9(2): 115-131.
[12]	肖天, 江智昊, 唐鹏, 黄征, 郭捷, 邱卫东. 基于深度强化学习的高性能导向性模糊测试方案[J]. 网络与信息安全学报, 2023, 9(2): 132-142.
[13]	袁承昊, 李勇, 任爽. 多关键词动态可搜索加密方案[J]. 网络与信息安全学报, 2023, 9(2): 143-153.
[14]	侯泽洲, 任炯炯, 陈少真. 基于神经网络区分器的SIMON-like算法参数安全性评估[J]. 网络与信息安全学报, 2023, 9(2): 154-163.
[15]	郭学镜, 方毅翔, 赵怡, 张天助, 曾文超, 王俊祥. 基于传统引导机制的深度鲁棒水印算法[J]. 网络与信息安全学报, 2023, 9(2): 175-183.