缓存侧信道攻击与防御  被引量：3

作　　者：张伟娟 白璐 凌雨卿 兰晓 贾晓启[1,2] Zhang Weijuan;Bai Lu;Ling Yuqing;Lan Xiao;Jia Xiaoqi(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049;Cyber Science Research Institute,Sichuan University,Chengdu 610207)

机构地区：[1]中国科学院信息工程研究所,北京100093 [2]中国科学院大学网络空间安全学院,北京100049 [3]四川大学网络空间安全研究院,成都610207

出　　处：《计算机研究与发展》2023年第1期206-222,共17页Journal of Computer Research and Development

基　　金：中国科学院战略性先导科技专项(C类)(XDC02010900);中国科学院网络测评技术重点实验室项目;北京市科学技术委员会项目(Z191100007119010);国家自然科学基金面上项目(61772078);网络安全防护技术北京市重点实验室项目。

摘　　要：近年来,随着信息技术的发展,信息系统中的缓存侧信道攻击层出不穷.从最早利用缓存计时分析推测密钥的想法提出至今,缓存侧信道攻击已经历了10余年的发展和演进.研究中梳理了信息系统中缓存侧信道攻击风险,并对缓存侧信道攻击的攻击场景、实现层次、攻击目标和攻击原理进行了总结.系统分析了针对缓存侧信道攻击的防御技术,从缓存侧信道攻击防御的不同阶段出发,分析了攻击检测和防御实施2部分研究工作,并基于不同防御原理对防御方法进行分类和分析.最后,总结并讨论了互联网生态体系下缓存侧信道攻击与防御的研究热点,指出缓存侧信道攻击与防御未来的研究方向,为想要在这一领域开始研究工作的研究者提供参考.In recent years,with the development of information technology,cache side-channel attack threats in information system has a rapid growth.It has taken more than 10 years for cache side channel attacks to evolve and develop since cache-timing analysis was proposed to speculate encryption keys.In this survey,we comb the cache side-channel attack threats in the information system by analyzing the vulnerabilities in the design characteristics of software and hardware.Then we summarize the attacks from attack scene,cache levels,attack targets and principles.Further more,we compare the attack conditions,advantages and disadvantages of 7 typical cache side-channel attacks in order to better understand their principles and applications.We also make a systematic analysis of the defense technology against cache side channel attack from detection stage and prevention stage,classify and analyze the defence technology based on different defense principles.Finally,we summarize the work of this paper,discuss the research hotspots and the development trend of cache side-channel attack and defense under the Internet ecosystem,and point out the future research direction of cache side-channel attack and defense,so as to provide reference for researchers who want to start research in this field.

关 键 词：信息系统安全 CPU缓存 缓存侧信道攻击 攻击检测 防御策略 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]