2024年7月,国科大密码学院郑昉昱副教授作为通信作者指导学生,在IEEE Transactions on Information Forensics and Security(TIFS)期刊发表了题为“ZeroShield: Transparently Mitigating Code Page Sharing Attacks With Zero-Cost Stand-By”的研究论文。论文中提出了一种通过处理器硬件机制来高效防护侧信道攻击的方案,该研究工作得到国家重点研发计划(2023YFB3105802)的支持。
Abstract:Numerous cache side-channel attack techniques enable attackers to execute a cross-VM cache side-channel attack through the sharing of code pages with the targeted victim. Nonetheless, most prior defense solutions fall short of efficiency and ease of deployment, thus restricting their practicality for real-world implementation. This paper introduces ZeroShield, an adaptive and transparent approach implemented at the hypervisor layer, designed to counteract the code page sharing attack, a subset of cache side-channel attacks, occurring within a single virtual machine (VM) or spanning across multiple VMs.
By thoroughly scrutinizing the ``by-products'' resulting from a code page sharing attack, we meticulously track the attacker's access to security-sensitive code pages. This is achieved through harnessing hardware virtualization features, such as the Intel extended page table, in conjunction with the CR3 register. Utilizing this information, ZeroShield continuously monitors security-sensitive code pages, adeptly navigating complex OS and hypervisor behaviors. The architecture of ZeroShield exhibits an attack-aware design, enabling it to deploy protection measures on demand. Consequently, the system theoretically experiences negligible overhead in the absence of attackers. Empirical evidence confirms the effectiveness of ZeroShield in thwarting code page sharing attacks. It achieves this without imposing any performance penalties in the absence of attackers, and with a minimal overhead of less than 3.8\% when attackers are active. Significantly, ZeroShield boasts a cost-free standby state and necessitates no adjustments to upper applications, guest OS, or hardware configurations. This attribute positions ZeroShield as an optimal default solution in real-world cloud environments to effectively counter code page sharing attacks.
论文信息:Mingyu Wang, Fangyu Zheng, Jingqiang Lin, Fangjie Jiang, Yuan Ma: "ZeroShield: Transparently Mitigating Code Page Sharing Attacks With Zero-Cost Stand-By," in IEEE Transactions on Information Forensics and Security, doi: 10.1109/TIFS.2024.3435062.(CCF-A)
