AnC和Xlate攻击防御研究  被引量：2

作　　者：李小馨 侯锐 孟丹[1] Li Xiaoxin;Hou Rui;Meng Dan(State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049)

机构地区：[1]中国科学院信息工程研究所信息安全国家重点实验室,北京100093 [2]中国科学院大学网络空间安全学院,北京100049

出　　处：《高技术通讯》2020年第5期461-470,共10页Chinese High Technology Letters

基　　金：优秀青年科学基金(Y710051102)资助项目。

摘　　要：分析了AnC和Xlate类由内存管理单元(MMU)和中央处理单元(CPU)核共享高速缓存(cache)导致的侧信道攻击,指出防御的关键在于隔离cache中的页表项和普通数据。在操作系统层面,首先基于页面属性表(PAT)不缓存(uncache)全部页表项,进一步结合透明大页,将平均性能损失由82.35%降至26.95%。在芯片层面,首先在uncache全部页表项的基础上,改进了页表缓存(PTC)以缓存各级页表项,在PTC增大到256项时,平均性能损失为1.59%;然后在cache中按路分区缓存页表项和普通数据(页表项占一路),平均性能损失为6.61%;进一步探索了和各级页表项局部性相适应的混合隔离机制(高级页表项缓存在PTC中,最低级页表项缓存在分区cache中),在PTC大小为64项时,平均性能提升0.81%。The side channel attack caused by the memory management unit(MMU)and the central processing unit(CPU)core shared cache is analyzed.The key of defense is to isolate the page table entries and normal data in the cache.At the operating system level,the basic mechanism is to uncache all page table entries utilizing page attribute table(PAT).The average performance overhead is reduced from 82.35%to 26.95%by further assisted with the transparent huge pages.At the chip level,uncaching all page table entries is the basic scheme.Futher the page table cache(PTC)are improved to also cache the L1 page table entries.When the PTC is increased to 256 entries,the average performance overhead is 1.59%.Way-partitioned caches cache page table entries and normal data in different way(page table entries occupy one way),the average performance overhead is 6.61%.Further the hybrid isolation mechanism adapting to the locality divergence of page table entries at different levels is explored:the high level page table entries are stored in the PTC,and the lowest-level page table entries are stored in the way-partitioned cache.When the PTC size is 64,the average performance is increased by 0.81%.

关 键 词：高速缓存 内存管理单元(MMU) 侧信道攻击 地址随机化 加密算法 页面属性表(PAT) 分区 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]