Runtime Randomized Relocation of Crypto Libraries for Mitigating Cache Attacks
- Authors
- Shin, Youngjoo; Yun, Joobeom
- Issue Date
- 2021
- Publisher
- IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
- Keywords
- Cache side-channel attack; Cloud computing; Computer bugs; Cryptography; Libraries; Runtime; Security; Side-channel attacks; attack mitigation; crypto library; moving target defence; secure cloud computing
- Citation
- IEEE ACCESS, v.9, pp.108851 - 108860
- Indexed
- SCIE
SCOPUS
- Journal Title
- IEEE ACCESS
- Volume
- 9
- Start Page
- 108851
- End Page
- 108860
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/138702
- DOI
- 10.1109/ACCESS.2021.3101638
- ISSN
- 2169-3536
- Abstract
- Crypto libraries such as OpenSSL and Libgcrypt are essential building blocks for implementing secure cloud services. Unfortunately, these libraries are subject to cache side-channel attacks, which are more devastating in cloud environments where inevitable cache contention among different tenants occurs. Previous approaches for mitigating cache side-channel attacks have limitations in terms of the deployability and security; these hinder utilization in cloud services. In this paper, we propose an R2-relocator, a novel library protection technique based on moving target defence. When injected into a running process, the R2-relocator performs randomized relocation of the library during runtime. By doing this, it transforms a vulnerable crypto library into one that randomly changes its memory (cache) location, thereby preventing the delivery of cache side-channel attacks against the library. The proposed technique achieves robust protection against cache side-channel attacks for all crypto libraries, even those containing unpatched critical vulnerabilities, without the need for reconfiguration of the library. Extensive evaluations of security, performance, and deployability of the R2-relocator demonstrate its effectiveness for secure cloud services.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - School of Cyber Security > Department of Information Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.