Skip to Main content Skip to Navigation
New interface
Theses

Détection dynamique d’attaques logicielles et matérielles basée sur l’analyse de signaux microarchitecturaux

Yuxiao Mao 1 
1 LAAS-TSF - Équipe Tolérance aux fautes et Sûreté de Fonctionnement informatique
LAAS - Laboratoire d'analyse et d'architecture des systèmes
Abstract : In recent years, computer systems have evolved quickly. This evolution concerns different layers of the system, both software (operating systems and user programs) and hardware (microarchitecture design and chip technology). While this evolution allows to enrich the functionalities and improve the performance, it has also increased the complexity of the systems. It is difficult, if not impossible, to fully understand a particular modern computer system, and a greater complexity also stands for a larger attack surface for hackers. While most of the attacks target software vulnerabilities, over the past two decades, attacks exploiting hardware vulnerabilities have emerged and demonstrated their serious impact. For example, in 2018, the Spectre and Meltdown attacks have been disclosed, that exploited vulnerabilities in the microarchitecture layer to allow powerful arbitrary reads, and highlighted the security issues that can arise from certain optimizations of system microarchi! tecture. Detecting and preventing such attacks is not intuitive and there are many challenges to deal with: (1) the great difficulty in identifying sources of vulnerability implied by the high level of complexity and variability of different microarchitectures; (2) the significant impact of countermeasures on overall performance and on modifications to the system's hardware microarchitecture generally not desired; and (3) the necessity to design countermeasures able to adapt to the evolution of the attack after deployment of the system. To face these challenges, this thesis focuses on the use of information available at the microarchitecture level to build efficient attack detection methods. In particular, we describe a framework allowing the dynamic detection of attacks that leave fingerprints at the system's microarchitecture layer. This framework proposes: (1) the use microarchitectural information for attack detection, which can effectively cover attacks targeting microarchitectural vulnerabilities; (2) a methodology that assists designers in selecting relevant microarchitectural information to extract; (3) the use of dedicated connections for the transmission of information extracted, in order to ensure high transmission bandwidth and prevent data loss; and (4) the use of reconfigurable hardware in conjunction with software to implement attack detection logic. This combination (composing to the so-called detection module) reduces the performance overhead through hardware acceleration, and allows updating detection logic during the system lifetime with reconfiguration in order to adapt to the evolution of attacks. We present in detail the proposed architectu! re and modification needed on the operating system, the methodology for selecting appropriate microarchitectural information and for integrating this framework into a specific computer system, and we describe how the final system integrating our detection module is able to detect attacks and adapt to attack evolution. This thesis also provides two use-case studies implemented on a prototype (based on a RISC-V core with a Linux operating system) on an FPGA. It shows that, thanks to the analysis of microarchitectural information, relatively simple logic implemented in the detection module is sufficient to detect different classes of attacks (cache side-channel attack and ROP attack).
Document type :
Theses
Complete list of metadata

https://hal.laas.fr/tel-03783728
Contributor : LAAS HAL-LAAS Connect in order to contact the contributor
Submitted on : Wednesday, September 14, 2022 - 11:00:00 AM
Last modification on : Tuesday, October 25, 2022 - 11:58:11 AM

File

These Yuxiao MAO.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : tel-03783728, version 1

Citation

Yuxiao Mao. Détection dynamique d’attaques logicielles et matérielles basée sur l’analyse de signaux microarchitecturaux. Informatique [cs]. INSA Toulouse, 2022. Français. ⟨NNT : 2022ISAT0015⟩. ⟨tel-03783728v1⟩

Share

Metrics

Record views

37

Files downloads

15