Ghost Thread: Effective User-Space Cache Side Channel Protection

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Cache-based side channel attacks pose a serious threat to computer security. Numerous cache attacks have been demonstrated, highlighting the need for effective and efficient defense mechanisms to shield systems from this threat. In this paper, we propose a novel application-level protection mechanism, called Ghost Thread. Ghost Thread is a flexible library that allows a user to protect cache accesses to a requested sensitive region to mitigate cache-based side channel attacks. This is accomplished by injecting random cache accesses to the sensitive cache region by separate threads. Compared with prior work that injects noise in a modified OS and hardware, our novel approach is applicable to commodity OS and hardware. Compared with other user-space mitigation mechanisms, our novel approach does not require any special hardware support, and it only requires slight code changes in the protected application making it readily deployable. Evaluation results on an Apache server show that Ghost Thread provides both strong protection and negligible overhead on real-world applications where only a fragment requires protection. In the worst-case scenario where the entire application requires protection, Ghost Thread still incurs negligible overhead when a system is under utilized, and moderate overhead when a system is fully utilized.

Original languageEnglish (US)
Title of host publicationCODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages233-244
Number of pages12
ISBN (Electronic)9781450381437
DOIs
StatePublished - Apr 26 2021
Event11th ACM Conference on Data and Application Security and Privacy, CODASPY 2021 - Virtual, Online, United States
Duration: Apr 26 2021Apr 28 2021

Publication series

NameCODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy

Conference

Conference11th ACM Conference on Data and Application Security and Privacy, CODASPY 2021
Country/TerritoryUnited States
CityVirtual, Online
Period4/26/214/28/21

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Information Systems
  • Software

Fingerprint

Dive into the research topics of 'Ghost Thread: Effective User-Space Cache Side Channel Protection'. Together they form a unique fingerprint.

Cite this