Coherence-based attack detection
US-12147528-B2 · Nov 19, 2024 · US
Method and apparatus for detecting side-channel attack
US2019102546A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2019102546-A1 |
| Application number | US-201715722834-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 2, 2017 |
| Priority date | Oct 2, 2017 |
| Publication date | Apr 4, 2019 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of the present disclosure disclose a method and apparatus for detecting a side channel attack. An embodiment of the method comprises: clearing data in a state save area of a target enclave; sequentially executing an instruction sequence in the target enclave; acquiring data in the state save area; and in response to determining that the acquired data in the state save area indicates that an asynchronous enclave exit with a cause of exception exit happens to the target enclave, determining that the side-channel attack to the target enclave exists. The embodiment implements detecting a side channel attack to the enclave without additional hardware.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method for detecting a side-channel attack, comprising: clearing data in a state save area of a target enclave; sequentially executing an instruction sequence in the target enclave; acquiring data in the state save area; and in response to determining that the acquired data in the state save area indicates that an asynchronous enclave exit with a cause of exception exit happens to the target enclave, determining that the side-channel attack to the target enclave exists. 2 . The method according to claim 1 , wherein before sequentially executing the instruction sequence in the target enclave, the method further comprises: acquiring a value of a timestamp counter in a processor that executes the instruction sequence in the target enclave as an initial timestamp count; and subsequent to sequentially executing the instruction sequence in the target enclave, and wherein the method further comprises: acquiring a value of the timestamp counter as an end timestamp count; and in response to determining that a difference between the end timestamp count and the initial timestamp count is greater than a preset total execution timestamp count threshold value corresponding to the target enclave, determining that the side-channel attack to the target enclave exists. 3 . The method according to claim 2 , wherein the instruction sequence includes at least one critical instruction sub-sequence. 4 . The method according to claim 3 , wherein the sequentially executing the instruction sequence in the target enclave comprises: for each critical instruction sub-sequence in the at least one critical instruction sub-sequence, executing a detecting step comprising: acquiring a value of the timestamp counter as a pre-execution timestamp count corresponding to the critical instruction sub-sequence; executing the critical instruction sub-sequence; acquiring a value of the timestamp counter as a post-execution timestamp count corresponding to the critical instruction sub-sequence; and in response to determining that an execution timestamp count corresponding to the critical instruction sub-sequence is greater than the preset execution timestamp count threshold value corresponding to the critical instruction sub-sequence, determining that the side-channel attack to the target enclave exists, wherein the execution timestamp count corresponding to the critical instruction sub-sequence is a difference resulting from the post-execution timestamp count corresponding to the critical instruction sub-sequence minus the pre-execution timestamp count corresponding to the critical instruction sub-sequence. 5 . The method according to claim 4 , wherein the detecting step further comprises: acquiring data in the state save area after executing the critical instruction sub-sequence, and in response to determining that the acquired data in the state save area indicates that an asynchronous enclave exit with a cause of exception exit happens to the target enclave, determining that the side-channel attack to the target enclave exists. 6 . The method according to claim 5 , wherein: after clearing the data in the state save area of the target enclave, setting an amount of exits to a preset number; and wherein the detecting step further comprises: after acquiring the data in the state save area, in response to determining that the acquired data in the state save area indicates that an asynchronous enclave exit with a cause of interrupt exit happens to the target enclave, clearing the data in the state save area, and updating the amount of exits using a sum of the amount of exits and a preset increment; and in response to determining that the updated amount of exits is greater than a preset amount-of-exits threshold value corresponding to the target enclave, determining that the side-channel attack to the target enclave exists. 7 . The method according to claim 6 , wherein the detecting step further comprises: after updating the amount of exits using the sum of the amount of exits and the preset increment, in response to determining that a ratio resulting from dividing the updated amount of exits by a timestamp count of exits is greater than a preset exit frequency threshold value corresponding to the target enclave, determining that the side-channel attack to the target enclave exists, wherein the timestamp count of exits is a difference resulting from the post-execution timestamp count corresponding to the critical instruction sub-sequence minus the initial timestamp count. 8 . The method according to claim 7 , wherein the target enclave stores protected data, and wherein the method further comprises: in response to determining that the side-channel attack to the target enclave exists, deleting the protected data stored in the target enclave, re-generating protected data, and storing the regenerated protected data in the target enclave. 9 . The method according to claim 7 , wherein the method further comprises: in response to determining that the side-channel attack to the target enclave exists, generating and outputting prompt information, wherein the prompt information is for indicating that the side-channel attack to the target enclave exists. 10 . An apparatus for detecting a side-channel attack, comprising: a clearing unit configured to clear data in a state save area of a target enclave; an executing unit configured to sequentially execute an instruction sequence in the target enclave; a first acquiring unit configured to acquire data in the state save area; and a first determining unit configured to, in response to determining that the acquired data in the state save area indicates that an asynchronous enclave exit with a cause of exception exit happens to the target enclave, determine that the side-channel attack to the target enclave exists. 11 . The apparatus according to claim 10 , further comprises: a second acquiring unit configured to, before sequentially executing the instruction sequence in the target enclave, acquire a value of a timestamp counter in a processor that executes the instruction sequence in the target enclave as an initial timestamp count; a third acquiring unit configured to, subsequent to sequentially executing the instruction sequence in the target enclave, acquire a value of the timestamp counter as an end timestamp count; and a second determining unit configured to, in response to determining that a difference between the end timestamp count and the initial timestamp count is greater than a preset total execution timestamp count threshold value corresponding to the target enclave, determine that the side-channel attack to the target enclave exists. 12 . The apparatus according to claim 11 , wherein the instruction sequence includes at least one critical instruction sub-sequence. 13 . The apparatus according to claim 12 , wherein the executing unit is further configured to, for each critical instruction sub-sequence in the at least one critical instruction sub-sequence, execute a detecting step comprising: acquiring a value of the timestamp counter as a pre-execution timestamp count corresponding to the critical instruction sub-sequence; executing the critical instruction sub-sequence; acquiring a value of the timestamp counter as a post-execution timestamp count corresponding to the critical instruction sub-sequence; and in response to determining that an execution timestamp count corresponding to the critical instruction sub-sequence is greater than the preset execution timestamp count threshold value corresponding to the critical instruction sub-sequence, determining that the side-channel attack to
Assignees
Inventors
Classifications
- G06F21/556Primary
involving covert channels, i.e. data leakage between processes (inhibiting the analysis of circuitry or operation with measures against power attack G06F21/755) · CPC title
Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks · CPC title
Test or assess a computer or a system · CPC title
operating in dual or compartmented mode, i.e. at least one secure mode · CPC title
- G06F21/53Primary
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2019102546A1 cover?
- Embodiments of the present disclosure disclose a method and apparatus for detecting a side channel attack. An embodiment of the method comprises: clearing data in a state save area of a target enclave; sequentially executing an instruction sequence in the target enclave; acquiring data in the state save area; and in response to determining that the acquired data in the state save area indicates…
- Who is the assignee on this patent?
- Baidu Usa Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/556. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Apr 04 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).