Flush-Detector: More Secure API Resistant to Flush-Based Spectre Attacks on ARM Cortex-A9.

ARM series processors are increasingly used in IoT and cloud services because of their high performance and flexibility of hardware design, especially Cortex-A9 MPCore processor. However, they also suffer from various types of security threats, typically such as flush-based cache attacks. Among these attacks, flush-based Spectre attacks(using Flush + Reload for Spectre attacks) represent a serious threat to system. They usually induce the victim to speculatively perform operations that would not occur during the correct program execution, and then leak the victim’s confidential information to the adversary via cache side channel attacks. So far, there is no widely accepted solution to defend against Spectre attacks. The proposed solutions either lead to large performance losses or sacrifice transparency. In this paper, we propose a secure flush operation API named Flush-Detector to mitigate flush-based Spectre attacks. We present the design and implement of Flush-Detector to detect and defend against flush-based Spectre attacks on ARM Cortex-A9 MPCore. The attack experimental results show that Flush-Detector can detect flush-based Spectre attacks in real time and reduce the attack success rate to less than 1%. Moreover, performance test results demonstrate that the time consumption of Flush-Detector API is about 17.7% longer than the original cache flush API.