SoK: Can We Really Detect Cache Side-Channel Attacks by Monitoring Performance Counters?

Abstract

Sharing microarchitectural components between co-resident programs leads to potential information leaks, with devastating implications on security. Over the last decade, multiple proposals suggested monitoring hardware performance counters as a method for detecting such attacks.

In this work we investigate these proposals and find that the promising results presented in most are unlikely to carry over to realistic use scenarios. We identify four main shortcomings affecting many of the proposals: implications of detection accuracy, unaccounted performance overheads, undocumented or slow detection speed and a weak threat model. We further find that research artifacts for the vast majority of proposals are not available, significantly hampering the reproducibility and scientific validation of the results.

To overcome the reproducibility issue, we implement a detection scheme similar to those proposed in literature, achieving results similar to those in the literature. We then focus on the last shortcoming—the weak threat model. We observe that the threat model in existing proposals assumes that the attacker uses some variants of published proof-of-concept attacks, without trying to hide the attack. Instead, we propose an attack that modifies a benign program. We demonstrate that such attacks remain feasible, yet display no statistically significant variations in performance counter values. Hence, such attacks cannot be detected by monitoring performance counters. We therefore conclude that despite the large number of proposals, side-channel attack detection with hardware performance counters is not yet ready for real-world deployment.