Framework on Cache Side-channel Attack Detection Using Real-time Monitoring

㔺

㔺㔲Ṛ

⳾┞䎆Ⱇ㦚 㧊㣿䞲 䃦㔲 ⿖㺚⍦ Ὃỿ 䌦㰖

䝚⩞㧚㤢䋂

ὧ㤊╖䞯ᾦ 䅊䜾䎆㩫⽊Ὃ䞯⿖ 㩫⽊ ⹥ ㌂㧊⻚⽊㞞 㡆ῂ㔺 e-mail: [email protected], [email protected], [email protected]

G

Framework on Cache Side-channel Attack Detection Using

Real-time Monitoring

Miok Im, Soojin Kim, Youngjoo Shin

Information and Cyber Security Lab, School of Computer and Information Engineering Kwangwoon University 殚 檃檃 䃦㔲 ⿖㺚⍦ Ὃỿ㦖 䃦㔲 ₆⹮㦮 Ὃỿ ₆⻫㦒⪲ Ṳ㧎㩫⽊ 㥶㿲㠦 ╖䞲 㥚䠮㎇㧊 䋆 ⽊㞞 䀾㟓 㩦㧊┺. 䟊╏ 䀾㟓㩦㦚 Ⱏ₆ 㥚䟊 㔺㔲Ṛ Ὃỿ 䌦㰖 ₆⻫㠦 ὖ䞲 㡆ῂ✺㧊 㰚䟟♮ἶ 㧞㰖Ⱒ ㌂㣿㧦 㠦Ợ 㧊⻺䔎Ṩὒ 䌦㰖 ἆὒ⯒ ザ⯊ἶ 䘎Ⰲ䞮Ợ ⽊㡂㭚 䞚㣪㎇㧊 㧞┺. ⽎ ⏒ⶎ㦖 䣾㥾㩗㧎 䃦㔲 ⿖ 㺚⍦ Ὃỿ 䌦㰖⯒ 㥚䟊 Intel PCM ὒ ₆㫊㦮 䌦㰖䝚⪲⁎⧾㦚 Ṳ㍶䞮㡂 䌦㰖㠦 䞚㣪䞲 ◆㧊䎆✺㦚 㔺 㔲Ṛ㦒⪲ ⳾┞䎆Ⱇ ⹥ ἓἶ⯒ ⽊⌊㭒⓪ 䝚⩞㧚㤢䋂⯒ 㩲㧧䟞┺. 䟊╏ 䝚⩞㧚㤢䋂⓪ 䃦㔲 ⿖㺚⍦ Ὃ ỿ㦚 㔺㔲Ṛ 䌦㰖 ⹥ ὖ⩾ ◆㧊䎆✺㦚 ╖㔲⽊✲⪲ ⽊㡂㭖┺. 1. 昢嵦 䝚⪲㎎㍲⓪ 䃦㔲⯒ ㌂㣿䞮㡂 CPU Ṗ Ⲫ⳾Ⰲ㠦 㩖 㧻♲ ◆㧊䎆⯒ 㧓㠊㢂 ➢ ザ⯊Ợ 㩧⁒䞶 㑮 㧞┺. 䃦 㔲⓪ 䝚⪲㎎㍲㦮 ㎇⓻ 䟻㌗㠦 ₆㡂䞮Ⳇ 㡺⓮⋶ ╖⿖ ⿚㦮 䝚⪲㎎㍲㠦㍲ ㌂㣿♮ἶ 㧞┺. 䞮㰖Ⱒ 䃦㔲 䀾㟓 㩦㦖 䃦㔲 ⿖㺚⍦ Ὃỿ㠦 㧊㣿♮㠊 Ṳ㧎㩫⽊⯒ 㥶㿲 䞶 㑮 㧞┺⓪ ⶎ㩲㩦㧊 㧞┺. 䃦㔲 ⿖㺚⍦ Ὃỿ㦖 䃦 㔲 ₆⹮㦮 Ὃỿ ₆⻫㦒⪲ Ὃỿ㧦㢖 䧂㌳㧦Ṗ Ὃ㥶䞮 ⓪ LLC(Last Level Cache)⯒ ㌂㣿䞲┺. 䟊╏ Ὃỿ㦚 Ⱏ ₆ 㥚䟊 䌦㰖 ₆⻫㠦 ὖ䞲 Ⱔ㦖 㡆ῂṖ 㰚䟟♦㰖Ⱒ ㌂㣿㧦㠦Ợ 㧊⻺䔎 Ṩ(Cache Miss, IPC, Branch ❇)ὒ 㠊 ⟶䞲 Ὃỿ㧊 ✺㠊㢪⓪㰖 㔲ṗ㩗㦒⪲ ⽊㡂㭚 䞚㣪㎇㧊 㧞┺. 㤆Ⰲ⓪ Intel PCM ὒ ₆㫊㦮 䌦㰖 䝚⪲⁎⧾[7]㦚 䢲 㣿䞮㡂 㧊⻺䔎Ṩὒ 䌦㰖 ἆὒ⯒ 㔺㔲Ṛ ⳾┞䎆Ⱇ䞾㦒 ⪲㖾 䃦㔲 ⿖㺚⍦ Ὃỿ 㡂⿖⯒ 㓓Ợ 䢫㧎䞶 㑮 㧞☚ ⪳ 䝚⩞㧚㤢䋂⯒ 㩲㧧䟞┺. 䟊╏ 䝚⩞㧚㤢䋂⓪ ◆㧊 䎆 㑮㰧☚ῂ㧎 Telegraf ⯒ 䐋䞮㡂 㧊⻺䔎 Ṩὒ 䌦㰖 䝚⪲⁎⧾ ἆὒṨ㦚 㑮㰧䞲 䤚 㔲Ἒ㡊 ◆㧊䎆⻶㧊㓺 Influxdb 㠦 㩖㧻䞾㦒⪲㖾 㾲㫛㩗㦒⪲ Grafana ╖㔲⽊ ✲㠦 ⁎⧮䝚⪲ ⽊㡂㭒☚⪳ Ⱒ✺㠞┺. ₆㫊 䌦㰖 䝚⪲ ⁎⧾㠦㍲ ⳾┞䎆Ⱇ ⹥ ἓἶ 㑮┾㦚 㿪Ṗ䞮㡂 ㌂㣿㧦 Ṗ 䘎Ⰲ䞮ἶ ザ⯊Ợ Ὃỿ 㡂⿖⯒ 䢫㧎䞶 㑮 㧞㠞┺. ⽎ ⏒ⶎ㦮 ῂ㎇㦖 ┺㦢ὒ ṯ┺. 2 㧻㠦㍲⓪ Grafana, PCM, 䃦㔲 ⿖㺚⍦ Ὃỿ, Softmax Classification 㠦 ╖䞲 ⺆ἓ㰖㔳㦚 ㍺ⳛ䞲┺. 3 㧻㠦㍲⓪ 䝚⩞㧚㤢䋂 㩲㧧 ⹿ ⻫㠦 ╖䟊㍲ ◆㧊䎆 㑮㰧 ⹥ 㩖㧻, ╖㔲⽊✲ ㍺㩫 ⹥ 㞢⧢㠦 ╖䟊 Ⱖ䞲┺. 4 㧻㠦㍲⓪ 3 㧻㦮 㔺䠮ὒ ἆὒ⯒ ㍺ⳛ䞲┺. 5 㧻㠦㍲⓪ 䟻䤚 Ἒ䣣, Ⱎ㰖Ⱏ 6 㧻㠦㍲⓪ ἆ ⪶㠦 ╖䟊 ₆㑶䞲┺. 2. 愶凃滆柣 2.1 Grafana

Grafana ⓪ ◆㧊䎆㏢㓺(e.g., Cache Miss)⯒ ⳾┞䎆Ⱇ ⹥ ὖ㺆䞮₆ 㥚䞲 㡺䝞 ㏢㓺 䝢⨁䙒㧊Ⳇ 㔲ṗ䢪⯒ 㥚 䟊 Graphite, Prometheus, Elasticsearch, OpenTSDB ⹥ Influxdb ❇㦚 㰖㤦䞲┺[1]. 䔏䧞, ⽎ ⏒ⶎ㠦㍲⓪ 㔺㔲 Ṛ 㔲ṗ䢪⯒ 㥚䟊 Ṗ㧻 ⍦Ⰲ ㌂㣿♮⓪ 㔲Ἒ㡊 ◆㧊䎆 ⻶㧊㓺 Influxdb 㢖 ◆㧊䎆 㑮㰧 ⹿⻫㦒⪲ 㧛⩻ 䝢⩂⁎ 㧎(e.g., MySQL)ὒ 㿲⩻ 䝢⩂⁎㧎(e.g., Influxdb)㦚 Ṛ┾ 䞲 ㍺㩫㦒⪲ ㌂㣿 Ṗ⓻䞲 Telegraf ⯒ 䢲㣿䞮㡖┺[2]. 㯟, Telegraf 㠦㍲ ◆㧊䎆 㑮㰧䞲 ộ㦚 Influxdb 㠦 㩖㧻 䞮㡂 Grafana ╖㔲⽊✲㠦 ⋮䌖⌒ 㑮 㧞┺. ⡦䞲, Grafana ⓪ 㔲ṗ䢪㈦Ⱒ 㞚┞⧒ 䔏㩫 㰖䚲㠦 ╖䞲 ἓἶ ′䂯㦚 㩫㦮䞮ἶ, 㰖㏣㩗㦒⪲ Slack, SMS 㢖 Email ṯ 㦖 㔲㓺䎲㠦 㞢Ⱂ㦚 ⽊⌒ 㑮 㧞┺.

2.2 Performance Counter Monitor (PCM)

Performance Counter Monitor(PCM)⓪ 㧎䎪 䝚⪲㎎㍲ ⌊⿖㦮 䔏㑮 ⩞㰖㓺䎆⯒ 㧊㣿䞮㡂 㧊⻺䔎 Ṩ(e.g., Cache Miss)㦚 㔺㔲Ṛ㦒⪲ ὖ㺆䞶 㑮 㧞⓪ ☚ῂ㧊┺[3].

142

䝚⪲㎎㓺㦮 㧊⻺䔎 ⼖䢪㥾㦖 䃦㔲 ⿖㺚⍦ Ὃỿ㦚 䌦 㰖䞮⓪ ◆ ㌂㣿♲┺. Intel PCM 㦖 䅊䕢㧒♮㰖 㞠㦖 ㏢ 㓺䆪✲⯒ 㩲Ὃ䞮₆ ➢ⶎ㠦 ⌊⿖ ☯㧧㦚 ㌂㣿㧦Ṗ ⼖ ἓ䞶 㑮 㧞㦒Ⳇ Ṛ┾䞮Ợ 䅊䕢㧒䞮㡂 㔺䟟䕢㧒⪲ 㧊 㣿䞶 㑮 㧞┺.

2.3 䃦㔲 ⿖㺚⍦ Ὃỿ(Cache Side Channel Attack) 2.3.1 FLUSH+RELOAD Ὃỿ FLUSH+RELOAD[4] Ὃỿ㦖 Ὃỿ㧦㢖 䧂㌳㧦Ṗ Ὃ 㥶䞮⓪ L3 䃦㔲 ⧒㧎㦚 ╖㌗㦒⪲ 䞮⓪ Ὃỿ㧊┺. Ὃ ỿ㦖 䋂Ợ 3 ┾Ἒ⪲ 㧊⬾㠊㪎 㧞┺. 㼁 ⻞㱎⪲, Ὃỿ㧦 ⓪ Ὃỿ㧦㢖 䧂㌳㧦Ṗ Ὃ㥶䞮⓪ 䃦㔲 ⧒㧎㦚 clflush ⳛ⪏㠊⯒ ㌂㣿䞮㡂 L1, L2, L3 䃦㔲㠦㍲ ⳾⚦ ゚㤢㭖 ┺. ⚦ ⻞㱎⪲, Ὃỿ㧦⓪ 䧂㌳㧦Ṗ 䟊╏ 䃦㔲 ⧒㧎㠦 㩧⁒䞶 ➢₢㰖 ₆┺Ⰶ┺. Ⱎ㰖Ⱏ㦒⪲, Ὃỿ㧦⓪ ┺㔲 䟊╏ 䃦㔲 ⧒㧎㠦 㩧⁒䞮㡂 ◆㧊䎆⯒ ⪲✲ 䞲┺.ٻ 䝚 ⪲㎎㍲⓪ٻ 㾲⁒㠦ٻ ㌂㣿䞲ٻ ◆㧊䎆⯒ٻ 䃦㔲㠦ٻ 㩖㧻䞲┺ډٻ ◆㧊䎆Ṗٻ䃦㔲ٻⲪ⳾Ⰲ㠦ٻ㫊㨂䞲┺Ⳋٻ䝚⪲㎎㍲⓪ٻⲪ㧎ٻ Ⲫ⳾Ⰲ㠦ٻ 㩧⁒䞮㰖ٻ 㞠ἶٻ 䃦㔲ٻ Ⲫ⳾Ⰲ㠦㍲ٻ ◆㧊䎆⯒ٻ ⹪⪲ٻ Ṗ㪎㢂ٻ㑮ٻ㧞┺ډٻ ➆⧒㍲ٻ ◆㧊䎆⯒ٻ Ṗ㪎㡺⓪ٻ◆ٻ 㧞㠊㍲ٻⲪ㧎ٻⲪ⳾Ⰲ⽊┺ٻ▪ٻ㰽㦖ٻ㔲Ṛٻ⌊㠦ٻṖ㪎㡾┺ډٻ Ὃỿ㧦Ṗٻ ◆㧊䎆⯒ٻ ⪲✲ٻ 䞮⓪ٻ 㔲Ṛ㧊ٻ ⓦⰂ┺Ⳋٻ 䧂㌳ 㧦Ṗٻ 䟊╏ٻ䃦㔲ٻ⧒㧎㠦ٻ㩧⁒䞲ٻộ㧊ἶڇٻ⹮╖⪲ٻ㔲Ṛ 㧊ٻ ザ⯊┺Ⳋٻ 䧂㌳㧦Ṗٻ 㩧⁒䞮㰖ٻ 㞠㦖ٻ ộ㧊┺ډٻ FLUSH+RELOAD Ὃỿ㦖 㧊⩂䞲 㔲Ṛ 㹾㧊⯒ 䐋䞮㡂 䧂㌳㧦㦮 ◆㧊䎆⯒ 㞢㞚⌒ 㑮 㧞┺. 2.3.2 FLUSH+FLUSH Ὃỿ FLUSH+FLUSH[5] Ὃỿ㦖 FLUSH+RELOAD Ὃỿὒ ⹿㔳㧊 㥶㌂䞮┺. 䞮㰖Ⱒ ㎎ ⻞㱎 ┾Ἒ㠦㍲ ⪲✲⯒ 䞮⓪ ╖㔶 ┺㔲 clflush ⳛ⪏㠊⯒ 㔺䟟䞮㡂 䃦㔲 ⧒㧎 㦚 ゚㤢㭖┺. 䃦㔲 ⧒㧎㠦 ◆㧊䎆Ṗ 㫊㨂䞲┺Ⳋ ◆㧊 䎆Ṗ 㫊㨂䞮㰖 㞠㦚 ➢⽊┺ 䃦㔲⯒ ゚㤆⓪ ◆ 㡺⧲ 㔲Ṛ㧊 ỎⰆ┺. ➆⧒㍲ ㎎ ⻞㱎 ┾Ἒ㠦㍲ 㔲Ṛ㧊 㡺 ⧮ ỎⰆ┺Ⳋ 䧂㌳㧦Ṗ 䟊╏ 䃦㔲 ⧒㧎㠦 㩧⁒䞲 ộ㧊 ἶ, 㔲Ṛ㧊 㡺⧮ ỎⰂ㰖 㞠⓪┺Ⳋ 䧂㌳㧦Ṗ 㩧⁒䞮㰖 㞠㦖 ộ㧊┺. FLUSH+FLUSH Ὃỿ☚ 㧊⩂䞲 㔲Ṛ㹾⯒ 䐋䞮㡂 䧂㌳㧦㦮 ◆㧊䎆⯒ 㞢㞚⌒ 㑮 㧞┺. 2.3.3 PRIME+PROBE Ὃỿ PRIME+PROBE[6] Ὃỿ㦖 㞴㍲ ㍺ⳛ䞲 2 Ṳ㦮 Ὃỿ ὒ ╂Ⰲ Ὃỿ㧦㢖 䧂㌳㧦Ṗ Ὃ㥶䞮⓪ L3 Cache Set 㦚 ╖㌗㦒⪲ Ὃỿ䞲┺. PRIME+PROBE Ὃỿ㦖 䋂Ợ 3 ┾ Ἒ⪲ 㧊⬾㠊㪎 㧞┺. 㼁 ⻞㱎⪲, Ὃỿ㧦⓪ 㧦㔶㦮 ◆ 㧊䎆⪲ Ὃ㥶 Cache Set ✺㦚 㺚㤊┺. ⚦ ⻞㱎⪲, Ὃỿ㧦 ⓪ 䧂㌳㧦Ṗ 㔺䟟䞮⓪ ☯㞞 ₆┺Ⰶ┺. Ⱎ㰖Ⱏ㦒⪲, Ὃ ỿ㧦⓪ ┺㔲 㧦㔶㦮 ◆㧊䎆⯒ 㔺䟟䞮㡂 ⪲✲ 䞮⓪ 㔲 Ṛ㦚 䁷㩫䞲┺. 㧊➢ 䧂㌳㧦Ṗ Cache Set 㠦 㩧⁒䟞┺ Ⳋ Cache Set 㦖 䧂㌳㧦㦮 ◆㧊䎆⪲ 㺚㤢㰖Ⳋ㍲ Ὃỿ㧦 㦮 ◆㧊䎆⓪ evict ♲┺. ➆⧒㍲ Ὃỿ㧦Ṗ ┺㔲 ⪲✲ 䞮㡖㦚 ➢ 㔲Ṛ㧊 㡺⧮ ỎⰆ┺. ⹮Ⳋ㠦 䧂㌳㧦Ṗ 㩧 ⁒䞮㰖 㞠㞮┺Ⳋ 㔲Ṛ㧊 㡺⧮ ỎⰂ㰖 㞠⓪┺. PRIME+PROBE Ὃỿ㦖 㧊⩂䞲 㔲Ṛ 㹾㧊⯒ 䐋䞮㡂 䧂㌳㧦㦮 ◆㧊䎆⯒ 㞢㞚⌒ 㑮 㧞┺. 2.4 Softmax Classification 㡂⩂ Ὃỿ 㭧㠦㍲ 㠊⟶䞲 Ὃỿ㧊 㰚䟟♮㠞⓪㰖 䕦 ┾䞮₆ 㥚䟊 ┺㭧 䋊⧮㓺 ⿚⮮㧎 Softmax Classification 㦚 ㌂㣿䞮㡖┺. Softmax Classification 㦮 Ṗ㍺ 䞾㑮 H(x) ⓪ 㧛⩻ ◆㧊䎆 x 㠦 ╖䞮㡂 Ṗ㭧䂮(W)⯒ ὇䞮ἶ 䘎 䟻(b)㦚 ▪䞲 Ṩ㧊┺. H(x)Ṗ Softmax 䞾㑮 ܵ௜㦮 㧛⩻ Ṩ㧊 ♮㠊 ⋮㡾 Ṩ㧊 㡞䁷Ṩ㧊 ♲┺. Softmax 䞾㑮⧖ ⿚⮮䟊㟒 䞮⓪ 䋊⧮㓺㦮 㽳 Ṳ㑮⯒ k ⧒ἶ 䞮Ⳋ, k 㹾 㤦㦮 ⻷䎆⯒ 㧛⩻⹱㞚 ṗ 䋊⧮㓺㠦 ╖䞲 0~1 ㌂㧊㦮 䢫⮶Ṩ㦚 ῂ䞲┺. 㧊㢖 ṯ㧊 䢫⮶㩗㧎 ἆὒ Ṩ㦚 Ṗ 㰖ἶ ⏨㦖 䢫⮶㦚 Ṗ㰖⓪ 䋊⧮㓺Ṗ 㡞䁷Ṩ㧊 ♲┺. Ṗ㍺ 䞾㑮⯒ 䐋䞮㡂 ῂ䞲 㡞䁷Ṩὒ 㔺㩲 Ṩ㦚 ₆⹮㦒 ⪲ ゚㣿 䞾㑮 Cost(W)⯒ ῂ䞲┺. Softmax Classification 㦮 ゚㣿 䞾㑮⓪ ṗ 䋊⧮㓺㠦 ╖䞲 㡞䁷Ṩὒ 㔺㩲Ṩ㦮 㹾㧊⯒ ⳾⚦ ▪䞲┺. ➆⧒㍲ ゚㣿 䞾㑮⓪ 㡞䁷Ṩ㧊

(⁎⁎Ⱂ 1) ⳾┞䎆Ⱇ 㔲㓺䎲 ῂ㫆

143

㔺㩲Ṩὒ 㥶㌂䞶㑮⪳ 0 㠦 Ṗ₢㤢㰖ἶ, ┺⯒㑮⪳ Ṩ㧊 䄺㰖Ợ ♲┺. ゚㣿 䞾㑮Ṗ 㾲㏢Ṗ ♮☚⪳ W, b 㦮 Ṩ㦚 㺔㦢㦒⪲㖾 Ṗ㧻 㩗㩞䞲 㡞䁷㦚 䞶 㑮 㧞⓪ Ṗ㍺ 䞾 㑮⯒ ῂ䞶 㑮 㧞┺. ܪሺݔሻ ൌ  ܹݔ ൅ ܾٻ ܵ௜ൌ  ݁௬_೔ σ௡ ݁௬ೕ ௝ୀଵ  ݂݋ݎ ݅ ൌ ͳǡʹǡ ǥ ǡ ݇ 3. 稊稊崎沊毒畲 䣾㥾㩗㦒⪲ 䃦㔲 ⿖㺚⍦ Ὃỿ 䌦㰖⯒ 㥚䟊 Intel PCM ὒ ₆㫊㦮 䌦㰖 䝚⪲⁎⧾[7]㦚 Ṳ㍶䞮ἶ Telegraf, Influxdb, Grafana ⯒ ㌂㣿䞮㡂 㔺㔲Ṛ ⳾┞䎆Ⱇ㧊 Ṗ⓻ 䞮☚⪳ 䝚⩞㧚㤢䋂⯒ 㩲㧧䞮㡖┺. (⁎Ⱂ 1)ὒ ṯ㧊 ὖⰂ㧦 ㍲⻚⓪ Ṗ㌗ Ⲏ㔶㧊Ⳇ Influxdb 㢖 Grafana ⪲ 㧊⬾㠊㪎 㧞ἶ, ㌂㣿㧦 ㍲⻚⓪ MySQL, Telegraf, Intel PCM ⁎Ⰲἶ 䌦㰖 䝚⪲⁎⧾㦒⪲ ῂ㎇♮㠊 㧞┺. 䝚⩞㧚㤢䋂⓪ ㌂㣿㧦㢖 ὖⰂ㧦 ㍲⻚ ⪲ ῂ⿚♮Ⳇ, ὖⰂ㧦 ㍲⻚⯒ 䐋䟊 䢎㓺䔎Ṛ 㩧⁒㧊 ⿞Ṗ䞮㡂 ⽊㞞㌗ 㞞㩚䞮┺. 3.1 ◆㧊䎆 㑮㰧 ⹥ 㩖㧻 ⹿⻫ 䌦㰖 䝚⪲⁎⧾㦖 PCM 㦚 ☯㧧㔲䋺ἶ, (⁎Ⱂ 1)ὒ ṯ 㧊 MySQL ⪲⿖䎆 㧊⻺䔎Ṩ✺㦚 㧓㠊㢖 㠊⟶䞲 Ὃỿ 㦚 ⹱㞮⓪㰖㠦 ╖䞲 ἆὒ⯒ MySQL 㠦 㩖㧻䞲┺. ῂ㼊 㩗㦒⪲ 䌦㰖 䝚⪲⁎⧾㧊 PCM 㦚 㔺䟟㔲䋺Ⳋ MySQL 㦮 ತCounterಥ 䎢㧊な㠦 㧊⻺䔎Ṩ✺㧊 㩖㧻♲┺. 䌦 㰖 䝚⪲⁎⧾㦖 䌦㰖㠦 䞚㣪䞲 ◆㧊䎆✺㦚 㧓㠊 㡺₆ 㥚䟊 ⹮⽋ⶎ㦚 䐋䞮㡂 ತ Counter ಥ 䎢㧊な㠦㍲ 㔺㔲 Ṛ㦒⪲ Ṩ㦚 Ṗ㪎㡾┺. 䟊╏ ◆㧊䎆✺㦖 Softmax Classification ₆⻫㦒⪲ 䤞⩾♲ Ⲏ㔶⩂┳ ⳾◎㦮 㧛⩻ Ṩ㦒⪲ ⍹㠊 㭒㠊 㡞䁷 ἆὒ⯒ 㿲⩻䞲┺. ⳾◎㦖 㧊 ⻺䔎Ṩ✺㦚 䏶╖⪲ 㠊⟶䞲 Ὃỿ☚ 䞮㰖 㞠㦖 ㌗䌲⯒ 0, FLUSH+RELOAD Ὃỿ㦖 1, FLUSH+FLUSH Ὃỿ㦖 2, PRIME+PROBE Ὃỿ㧊 㰚䟟♲ ἓ㤆⓪ 3 㦒⪲ 㿲⩻ 䞮Ⳇ 㧊⯒ MySQL 㦮 ತAttackಥ 䎢㧊な㠦 㩖㧻䞲┺. 㾲㫛㩗㦒⪲ MySQL 㦖 㩖㧻♲ Ṩ✺(Attack, Counter)㦚 Telegraf ⯒ 䐋䞮㡂 ╖㔲⽊✲㠦 ⋮䌖⌒ ◆㧊䎆✺㦚 㑮 㰧䞲┺.

Telegraf ⓪ input plugin 㦒⪲ MySQL 㦚 ㌂㣿䞮㡂 Intel PCM 㦮 㧊⻺䔎 Ṩὒ 䌦㰖 䝚⪲⁎⧾㦮 ἆὒṨ㦚 㑮㰧䞮㡖┺. 㧊➢, Telegraf 㦮 ㍺㩫䕢㧒㦚 䐋䟊 ◆㧊䎆 㑮㰧 㭒₆ 1 㽞, ◆㧊䎆 㩚㏷㭒₆ 1 㽞⪲ 㩫䟊㭒㠞㦒Ⳇ 㑮㰧䞲 ◆㧊䎆⯒ 㩖㧻䞮₆ 㥚䟊 output plugin 㦖 㔲Ἒ 㡊 ◆㧊䎆⻶㧊㓺 Influxdb ⪲ ㍺㩫䟊㭒㠞┺. ṗ ㌂㣿㧦 ㍲⻚⓪ (⁎Ⱂ 1)ὒ ṯ㧊 Telegraf ⡦⓪ ◆ 㧊䎆 㑮㰧㠦 䞚㣪䞲 䝚⪲⁎⧾ ❇㦚 ⺇⁎⧒㤊✲⪲ 㔺 䟟䞮㡂 ⳾┞䎆Ⱇ ㍲⻚㦮 Influxdb 㠦 ◆㧊䎆⯒ ⽊⌎┺. Influxdb ⓪ ◆㧊䎆⯒ HTTP ⪲ ⹱㞚✺㧊₆ ➢ⶎ㠦 Telegraf ㍺㩫 䕢㧒 㭧 output plugin 㦮 URL ⿖⿚㦚 Influxdb 㭒㏢⪲ ⼖ἓ䟊㭒㠊㟒 䞲┺. ὖⰂ㧦 ㍲⻚⓪ Ṗ㌗ Ⲏ㔶㧊₆ ➢ⶎ㠦 ぢⰕ㰖⯒ 䐋䟊 ⍺䔎㤢䋂 ╖㡃 㦚 㨂㍺㩫䟊㭖 䤚 ⳾✶ ㌂㣿㧦Ṗ ◆㧊䎆⯒ 㩚㏷䞶 㑮 㧞☚⪳ 䙂䔎 䙂㤢❿㧊 䞚㣪䞮┺. 3.2 ╖㔲⽊✲ ㍺㩫 ⹥ 㞢⧢ Grafana ⓪ ◆㧊䎆㏢㓺⪲ Influxdb ⯒ ㍶䌳䞾㦒⪲㖾 (⁎Ⱂ 2) Grafana ⯒ 䐋䞲 ṗ 䢎㓺䔎 ⼚ 䃦㔲 ⿖㺚⍦ Ὃỿ 㩚ὒ 䤚㦮 㧊⻺䔎 Ṩ✺ὒ 䌦㰖 ἆὒṨ ⼖䢪

144

㧊⻺䔎Ṩὒ 䌦㰖䝚⪲⁎⧾ [7] ἆὒṨ㦚 ╖㔲⽊✲㠦 ⋮ 䌖⌒ 㑮 㧞┺. (⁎Ⱂ 2)㢖 ṯ㧊 㡂⩂ 䉒Ⰲ⯒ Ⱒ✺㠊 㭒 㠊 ┺㟧䞲 Ṩ✺㦚 ╖㔲⽊✲㠦 ⁎⧮䝚⪲ ⋮䌖⌊ 㭒㠞 ┺. 䞮⋮㦮 䢎㓺䔎╏ 4 Ṳ㦮 ╖㔲⽊✲⯒ Ṗ㰖☚⪳ ῂ ㎇䞮㡖㦒Ⳇ Grafana 㦮 alert ₆⓻㦚 ㌂㣿䞮㡂 䃦㔲 ⿖ 㺚⍦ Ὃỿ㧊 ✺㠊㢪㦚 ➢ ㌂㣿㧦 Ⲫ㧒⪲ ὖⰂ㧦 ㍲⻚ 㠦㍲ ἓἶ Ⲫ㔲㰖⯒ ⽊⌊☚⪳ ㍺㩫䟞┺. ⡦䞲, ὖⰂ㧦 ㍲⻚㦮 Grafana ╖㔲⽊✲⯒ ⳾✶ ㌂㣿㧦Ṗ 㥏 ぢ⧒㤆 㩖⪲ 䢫㧎䞶 㑮 㧞☚⪳ ぢⰕ㰖 ㍺㩫ὒ 䙂䔎 䙂㤢❿䟊 㭒㠞┺. 4. 柪柪竞 4.1 䃦㔲 ⿖㺚⍦ Ὃỿ㠦 ➆⯎ PCM Ṩ㦮 ⼖䢪 Intel PCM Ṩ✺㦮 ⼖䢪⯒ 䐋䞮㡂 䃦㔲 ⿖㺚⍦ Ὃỿ ✺㦚 䌦㰖䞶 㑮 㧞㠞┺. 䃦㔲 ⿖㺚⍦ Ὃỿ✺㦖 㑮䟟 䞮⓪ ⳛ⪏㠊㠦 ゚䟊 Ⱔ㦖 cycle 㧊 ㏢㣪♮₆ ➢ⶎ㠦 IPC(Instruction Per Cycle) Ṩ㧊 Ṧ㏢䞮㰖Ⱒ Ὃỿ 䆪✲Ṗ 㑮䟟䞮⓪ ⹮⽋ⶎ㦒⪲ 㧎䟊 Branch Ṩ㦖 㯳Ṗ䞲┺. 䞮 㰖Ⱒ 䃦㔲 ⿖㺚⍦ Ὃỿ✺㦖 Cache Miss ⪲ ῂ⿚♶ 㑮 㧞┺. 㼁 ⻞㱎, FLUSH+RELOAD Ὃỿ㦖 Ὃỿ㧦Ṗ 䧂 ㌳㧦㢖 Ὃ㥶䞮⓪ L3 䃦㔲 ⧒㧎㦚 ゚㤆ἶ reload ⯒ ⹮ ⽋䞲┺. ➆⧒㍲ Ὃỿ㧊 㰚䟟♮⓪ ☯㞞 ⳾✶ Cache Miss Ṩ✺㧊  ỿ䞮Ợ 㯳Ṗ䞲┺. ⚦ ⻞㱎, PRIME+PROBE Ὃỿ㦖 PROBE 㔲 ╖⿖⿚ 㧦㔶㦮 䆪✲ 㢖 ◆㧊䎆✺⪲ 㧊⬾㠊㰚 Cache Set ✺㦚 reload 䞮₆ ➢ ⶎ㠦 L3 Cache Miss Ṩ ⼖䢪⓪ 䋂Ợ 㠜┺. 䞮㰖Ⱒ L1, L2 Cache ⓪ ῂ㫆㌗ L3 㠦㍲ reload 䞮ἶ㧦 䞮⓪ Cache Set ✺㦚 䞲 ⻞㠦 Ṗ㪎㢂 㑮 㠜㦒⸖⪲ L1, L2 Cache Miss Ṩ㦖  ỿ䞮Ợ 㯳Ṗ䞲┺. Ⱎ㰖Ⱏ FLUSH+FLUSH Ὃỿ㦖 Ὃỿ㧦Ṗ 䧂㌳㧦㢖 Ὃ㥶䞮⓪ L3 䃦㔲 ⧒㧎㦚 reload 䞮㰖 㞠ἶ ゚㤢㭒₆Ⱒ 䞮⸖⪲ Cache Miss Ṩ㠦 ⓪ 䋆 ⼖䢪Ṗ 㠜┺. ➆⧒㍲ 䟊╏ 㧊⻺䔎Ṩ✺⪲ Ὃỿ 㦚 䌦㰖䞮ἶ Cache Miss ⯒ 䐋䟊 ⿚⮮䞶 㑮 㧞┺.

4.2 㔺䠮 ἆὒ ⹥ ὖ㺆

Intel® ‘”‡୘୑ _{i5-7400, Intel® Xeon® E5-2620, Intel®} ‘”‡୘୑ i9-9900KF 㽳 3 Ṳ㦮 䝚⪲㎎㍲㠦㍲ ṗṗ Intel PCM Ṩ✺㦚 㧓㠊㢖 䌦㰖 䝚⪲⁎⧾㦮 㧛⩻ Ṩ㦒⪲ ⍹ 㠊㭒ἶ, 䌦㰖 䝚⪲⁎⧾㧊 㿲⩻䞲 Ṩ㦚 Ṗ㰖ἶ 㠊⟶䞲 Ὃỿ㧊 ✺㠊㢪⓪㰖⯒ 䌦㰖䞮㡖┺. (⁎Ⱂ 2)⓪ 䃦㔲 ⿖ 㺚⍦ Ὃỿ 㩚ὒ 䤚㦮 PCM Ṩ✺ὒ 䌦㰖 ἆὒ⯒ ṗṗ 㦮 䢎㓺䔎⼚⪲ Grafana 㠦㍲ ⋮䌖⌎ ộ㦒⪲ Ὃỿ㧊 10 㽞Ṛ 㰖㏣♮⓪ ἓ㤆 ゾṚ㌟ ⧒㧎㧊 ㌳₆Ⳇ, 㧊⯒ ₆ 㭖㦒⪲ Ὃỿ 㩚ὒ 䤚⯒ ῂ⿚䞶 㑮 㧞┺. E5-2620 䝚⪲ ㎎㍲⓪ FLUSH+RELOAD Ὃỿ㦚, i9-9900KF 䝚⪲㎎㍲ ⓪ FLUSH+FLUSH Ὃỿ㦚, i5-7400 䝚⪲㎎㍲⓪ PRIME+PROBE Ὃỿ㦚 㰚䟟䞮㡖┺. (⁎Ⱂ 2)㠦㍲ E5-2620 䝚⪲㎎㍲⯒ ⽊Ⳋ FLUSH+RELOAD Ὃỿ㧊 㰚䟟 ♮⓪ ☯㞞 ⳾✶ Cache Miss Ṩ✺㧊  ỿ䞮Ợ 㯳Ṗ䞮⓪ ộ㦚 ⽒ 㑮 㧞┺. ⡦䞲 i5-7400 䝚⪲㎎㍲⯒ ⽊Ⳋ PRIME+PROBE Ὃỿ㧊 㰚䟟♮⓪ ☯㞞 L3 䃦㔲㢖 ╂ Ⰲ L1, L2 㦮 Cache Miss Ṩ㧊 㯳Ṗ䞮⓪ ộ㦚 ⽒ 㑮 㧞 ┺. 䞮㰖Ⱒ i9-9900KF 䝚⪲㎎㍲⓪ FLUSH+FLUSH Ὃ ỿ㧊 㰚䟟♮⓪ ☯㞞 Cache Miss Ṩ㦖 ⼖䢪Ṗ 㠜⓪ ộ 㦚 ⽒ 㑮 㧞┺. ⡦䞲 ⳾✶ 䃦㔲 ⿖㺚⍦ Ὃỿ✺㧊 㰚 䟟♮⓪ ☯㞞 Branch Ṩ㦖 㯳Ṗ, IPC Ṩ㦖 Ṧ㏢䞮⓪ ộ 㦚 ⽒ 㑮 㧞㦒Ⳇ Attack Ṩ㦮 ἓ㤆 FLUSH+RELOAD Ὃỿ㧊 㰚䟟♲ ἓ㤆 1, FLUSH+FLUSH Ὃỿ㧊 㰚䟟♲ ἓ㤆 2, PRIME+PROBE Ὃỿ㧊 㰚䟟♲ ἓ㤆 3 㦒⪲ ⼖ ἓ♮⓪ ộ㦚 䢫㧎䞶 㑮 㧞┺. 㧊⯒ ₆⹮㦒⪲ Counter Ṩ✺㦮 ⼖䢪㠦 ➆⧒㍲ 㠊⟶䞲 Ὃỿ㦚 ⹱㞮⓪㰖⯒ 㞢 㞚⌒ 㑮 㧞㠞┺. (⁎Ⱂ 2)㠦㍲㢖 ṯ㧊 䢎㓺䔎⼚⪲ Intel PCM Ṩ✺ὒ 䌦㰖䞲 Ὃỿ㦚 Grafana 㠦㍲ 㔺㔲Ṛ㦒⪲ ⋮䌖⌊ 㭒ἶ Ὃỿ㧊 䌦㰖♶ ἓ㤆 ㌂㣿㧦㠦Ợ ἓἶ Ⲫ 㧒㦚 ⽊⌊㭖┺. 5. 窫篊凊箓 䡚㨂 䌦㰖 䝚⪲⁎⧾㦖 L1, L2, L3 Cache Miss Ṩ✺㦚 ₆⹮㦒⪲ 䃦㔲 ⿖㺚⍦ Ὃỿ✺㦚 䌦㰖䞮₆ ➢ⶎ㠦 㔺 㩲⪲ Ὃỿ㦚 䞮㰖 㞠㞚☚ Cache Miss Ṩ㧊 㯳Ṗ䞮Ⳋ Ὃỿ㦒⪲ 䌦㰖䞮⓪ ἓ㤆Ṗ 㧞┺. ➆⧒㍲ 㧊⩂䞲 㡺䌦 ⮶㦚 㭚㧒 㑮 㧞☚⪳ 䡚㨂 䌦㰖 䝚⪲⁎⧾㦚 Ṳ㍶䞮⩺ 䞲┺. 6. 冶嵦 ⽎ ⏒ⶎ㠦㍲⓪ ṗ 䢎㓺䔎⼚⪲ Intel PCM Ṩ✺ὒ FLUSH+RELOAD, FLUSH+FLUSH, PRIME+PROBE 㭧 㠦㍲ 㠊⟶䞲 䃦㔲 ⿖㺚⍦ Ὃỿ㧊 㔺䟟♮㠞⓪㰖㠦 ╖ 䞲 ◆㧊䎆✺㦚 㔺㔲Ṛ㦒⪲ Grafana ⯒ 䐋䞮㡂 ⋮䌖⌊ 㠊 㭒ἶ Ὃỿ㦚 ⹱㦖 䢎㓺䔎㠦Ợ Ⲫ㧒㦚 䐋䞮㡂 㞢⩺ 㭒⓪ ⹿⻫㠦 ╖䟊㍲ ㍺ⳛ䞮㡖┺. ⡦䞲 Intel PCM Ṩ✺ 㦚 ₆⹮㦒⪲ 㠊⟶䞲 䃦㔲 ⿖㺚⍦ Ὃỿ㧊 㔺䟟♮㠞⓪ 㰖⯒ Ⲏ㔶⩂┳㦚 䐋䞮㡂 䌦㰖䞮⓪ ₆㑶㠦 ╖䞮㡂 ㍺ ⳛ䞮㡖┺. Acknowledgement 㧊 ⏒ⶎ㦖 2019 ⎚☚ 㩫⿖ (ὒ䞯₆㑶㩫⽊䐋㔶⿖)㦮 㨂㤦㦒⪲ 㩫⽊䐋㔶₆㑶㰚䦻㎒䎆㦮 㰖㤦㦚 ⹱㞚 㑮䟟 ♲ 㡆ῂ㧚 (2019-0-00533, 䅊䜾䎆 䝚⪲㎎㍲㦮 ῂ㫆㩗 ⽊㞞 䀾㟓㩦 Ỗ㯳 ⹥ Ὃỿ 䌦㰖 ╖㦧) 焾処怾竒

[1] https://grafana.com/oss/grafana/ - Grafana Labs [2] https://github.com/influxdata/telegraf/ - telegraf

[3] Intel® Performance Counter Monitor - A Better Way to Measure CPU Utilization

[4] Yarom Yuval, and Katrina E. Falkner. “Flush+Reload : a High Resolution, Low Noise, L3 Cache Side-Channel Attack”. USENIX Security, 2014.

[5] Daniel Gruss, Clémentine Maurice, Klaus Wagner, Stefan Mangard. “Flush+Flush : A Fast and Stealthy Cache Attack”. DIMVA, 2016.

[6] Liu, F.; Yarom, Y.; Ge, Q.; Lee, R.B. “Last-Level Cache Side-Channel Attacks are Practical”. IEEE Symposium on Security and Privacy, 2015.

[7] Jonghyen Cho, Taehun Kim, Soojin Kim, Miok Im, Taehyun Kim, and Youngjoo Shin “Real-Time Detection for Cache Side Channel Attack using Performance Counter Monitor”. Applied Sciences-Basel, 2020.

145