处理器时间侧信道攻防技术综述

唐博文; 武成岗; 王喆

文章摘要

唐博文,武成岗,王喆.处理器时间侧信道攻防技术综述[J].高技术通讯(中文),2024,34(5):439~452

处理器时间侧信道攻防技术综述

A survey of timing-based side channel attacks and defenses

DOI：10. 3772 / j. issn. 1002-0470. 2024. 05. 001

中文关键词: 处理器微架构；时间侧信道攻击；隐蔽信道；瞬态执行攻击；投机执行；防御技术

英文关键词: microarchitecutre, timing-based side channel attack, covert channel, transient execution attack, speculative execution, defense mechanism

基金项目:

作者	单位
唐博文	（中国科学院计算技术研究所处理器芯片全国重点实验室北京 100190）（中国科学院大学北京 100049）
武成岗
王喆

摘要点击次数: 96

全文下载次数: 88

中文摘要:

现代处理器优化机制众多，设计人员在追求性能提升时，往往忽略背后的安全风险。时间侧信道攻击因其影响面广且隐蔽性好已成为最主要的安全威胁之一。随着瞬态执行攻击的出现，时间侧信道攻击的能力被进一步扩展，计算系统的安全基础被动摇。为此，处理器厂商及安全人员提出了大量防御机制。这些机制具有不同的防护能力及性能开销。与此同时，新的瞬态执行漏洞和隐蔽信道也不断被发现，已提出的防御机制被不断突破。围绕处理器时间侧信道攻防技术的博弈日益激烈。本文从基本攻击原理出发，对现有时间侧信道攻击进行了归纳总结，并在此基础上进一步分析了相关防御机制的保护能力和性能瓶颈，从而梳理出时间侧信道攻防技术的发展趋势，为未来软硬件系统开发和安全技术探索提供参考。

英文摘要:

The designers of modern processors have proposed a variety of optimizations to pursuit extreme performace, yet they often underestimate the hidden security risk behind them. Timing-based side channel attacks are the most famous type of security threats. With the emergence of transient execution attacks, the capability of timing-based side channel attacks is further extended so that the foundation of many upper defenses is shaken. To defeating these attacks, a large number of defenses have been proposed by processor vendors and developers. They have different protection scopes and performance overheads. Meantime, newer transient execution vulnerabilities and covert channels are being discovered continuously to bypass these mechanisms. The war between attacks and defenses of timing-based side channels is ignited. This work will introduce the principles of various attack and defense techniques, and review the protection scopes and performance overheads of the representative defense work. This work aims to provide a comprehensive roadmap for new hardware and software development, and also inspire the following security technology exploration.

查看全文查看/发表评论下载PDF阅读器

关闭