Security and privacy issues have been a concern and have become one of the main factors hindering the promotion and popularization of cloud computing. In recent years, cache side channel attack are presented by many researchers to crack cryptographic algorithms (e.g., AES, RSA), bypass ASLR and etc. Cache side channel had been considered as a hacking tool to conduct harmful activities on victim systems. However, from a defender’s perspective, cache side channel can also be employed to explore valuable information. Our paper employs cache side channel to obtain a deep insight on what kind of behaviors kernel malware may conduct. In specific, we propose a novel approach to conduct kernel malware attack investigation with Flush+Reload cache side channel. We have built a proof-of-concept prototype and designed some case studies to conduct extensive experiments. The evaluation results show that our system is capable of understanding what kind of behaviors kernel malware may conduct correctly.
CITATION STYLE
Yin, L., Wang, C., Li, J., Yin, R., Jiao, Y., & Jiang, H. (2019). When Side Channel Becomes Good: Kernel Malware Attack Investigation. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11633 LNCS, pp. 571–583). Springer Verlag. https://doi.org/10.1007/978-3-030-24265-7_49
Mendeley helps you to discover research relevant for your work.