DRsam: Detection of Fault-Based Microarchitectural Side-Channel Attacks in RISC-V Using Statistical Preprocessing and Association Rule Mining

Abstract

DRsam is a novel detection method addressing the vulnerability of RISC-V processors to fault-based microarchitectural side-channel attacks, a security area often neglected compared to x86 and ARM. This approach combines statistical preprocessing and association rule mining (ARM) to improve upon existing machine learning detection models. DRsam achieves significant performance gains—up to 5.15% higher accuracy and 7% higher precision—while offering flexibility, reconfiguration capabilities, and human-interpretable insights into malicious behavior.

Report

Key Highlights

• Novel Detection Method: Proposes DRsam for detecting flush+fault-based microarchitectural side-channel attacks specifically in RISC-V processors.
• Enhanced Performance: Achieves substantial performance improvements over state-of-the-art detection models, including up to a 5.15% increase in accuracy and a 7% rise in precision.
• Interpretability and Generalization: Leverages association rules for human-interpretable results, offering deep insights into microarchitectural behavior during attacks, and features reconfiguration capabilities for detecting new attack variants.

Technical Details

• Target Architecture: RISC-V processors.
• Attack Focus: Fault-based microarchitectural side-channel attacks, specifically targeting the "flush+fault" variant.
• Methodology: The DRsam method combines two techniques: Statistical Preprocessing and Association Rule Mining (ARM).
• Simulation Environment: The proposed method was evaluated using the gem5 simulation tool.
• Evaluation Workloads: Performance comparisons were conducted under cryptographic, computational, and memory-intensive workloads.
• Specific Results: Reported improvements include 5.15% increase in accuracy, 7% increase in precision, and 3.91% improvement in recall.

Implications

• Securing RISC-V: This research addresses a critical and relatively underexplored security concern in the rapidly expanding RISC-V ecosystem, positioning it to better compete with security features prevalent in x86 and ARM architectures.
• Robust Attack Mitigation: The use of association rule mining provides a distinct advantage over traditional machine learning detection, as the resulting rules are human-interpretable, enhancing transparency and aiding in the development of future targeted defenses.
• Future-Proofing Defenses: The inherent flexibility and reconfiguration capabilities of DRsam allow the defense mechanism to generalize effectively, potentially enabling the detection of previously unseen or modified variants of flush+fault attacks.