Fangfei Liu
ABSTRACT
Information leakage through cache side channels is a serious threat in computer systems. The leak of secret cryptographic keys voids the protections provided by strong cryptography and software virtualization. Past cache side channel defenses focused almost entirely on data caches. Recently, instruction cache based side-channel attacks have been demonstrated to be practical -- even in a Cloud Computing environment across two virtual machines. Unlike data caches, instruction caches leak information through secret-dependent execution paths. In this paper, we propose to use a classification matrix to quantitatively characterize the vulnerability of an instruction cache to software side channel attacks. We use this quantitative analysis to answer the open question: can randomized mapping proposed for thwarting data cache side channel attacks secure instruction caches? We further study the performance impact of the randomized mapping approach for the instruction cache.
- Apache. http://www.apache.org/.Google Scholar
- ffserver. https://www.ffmpeg.org/ffserver.html.Google Scholar
- libgcrypt. http://www.gnu.org/software/libgcrypt/.Google Scholar
- libsvm. http://www.csie.ntu.edu.tw/ cjlin/libsvm/.Google Scholar
- openRTSP. http://www.live555.com/openRTSP/.Google Scholar
- SPEC CPU 2006. http://www.spec.org/cpu2006/.Google Scholar
- The gem5 Simulator System. http://www.gem5.org.Google Scholar
- tomcat. http://tomcat.apache.org/.Google Scholar
- O. Aciiçmez. Yet Another Microarchitectural Attack: Exploiting I-cache. In ACM Workshop on Computer Security Architecture, pages 11--18, October 2007. Google ScholarDigital Library
- O. Aciiçmez, B. B. Brumley, and P. Grabher. New Results on Instruction Cache Attacks. In Proceedings of the 12th International Conference on Cryptographic Hardware and Embedded Systems (CHES'10), pages 110--124, 2010. Google ScholarDigital Library
- D. J. Bernstein. Cache-timing Attacks on AES. Technical report, 2005.Google Scholar
- J. Bonneau and I. Mironov. Cache-Collision Timing Attacks against AES. In Proceedings of Cryptographic Hardware and Embedded Systems (CHES'06), pages 201--215, 2006. Google ScholarDigital Library
- B. E. Boser, I. M. Guyon, and V. N. Vapnik. A training algorithm for optimal margin classifiers. In Proceedings of the Fifth Annual Workshop on Computational Learning Theory, COLT '92, pages 144--152, New York, NY, USA, 1992. ACM. Google ScholarDigital Library
- C. Cortes and V. Vapnik. Support-vector networks. Mach. Learn., 20(3): 273--297, Sept. 1995. Google ScholarDigital Library
- D. Gullasch, E. Bangerter, and S. Krenn. Cache Games --- Bringing Access-Based Cache Attacks on AES to Practice. In Proceedings of IEEE Symposium on Security and Privacy (SP'11), pages 490--505, 2011. Google ScholarDigital Library
- D. A. Osvik, A. Shamir, and E. Tromer. Cache Attacks and Countermeasures: the Case of AES. In Proceedings of The Cryptographers' Track at the RSA conference on Topics in Cryptology (CT-RSA'06), pages 1--20, 2006. Google ScholarDigital Library
- D. Page. Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel. IACR Cryptology ePrint Archive, page 169, 2002.Google Scholar
- C. Percival. Cache Missing for Fun and Profit. In Proc. of BSDCan, 2005.Google Scholar
- Z. Wang and R. B. Lee. New Cache Designs for Thwarting Software Cache-based Side Channel Attacks. In Proceedings of ACM/IEEE International Symposium on Computer Architecture (ISCA'07), pages 494--505, 2007. Google ScholarDigital Library
- Z. Wang and R. B. Lee. A Novel Cache Architecture with Enhanced Performance and Security. In Proceedings of IEEE/ACM International Symposium on Microarchitecture (MICRO'08), pages 83--93, 2008. Google ScholarDigital Library
- Y. Yarom and K. Falkner. Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack. Cryptology ePrint Archive, Report 2013/448, 2013.Google Scholar
- Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-vm side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pages 305--316, 2012. Google ScholarDigital Library
- Y. Zhang and M. K. Reiter. Duppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In Proceedings of ACM SIGSAC Conference on Computer and Communications Security (CCS'13), pages 827--838, 2013. Google ScholarDigital Library
Index Terms
- Can randomized mapping secure instruction caches from side-channel attacks?
Recommendations
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityModern operating systems use hardware support to protect against control-flow hijacking attacks such as code-injection attacks. Typically, write access to executable pages is prevented and kernel mode execution is restricted to kernel code pages only. ...
How secure is your cache against side-channel attacks?
MICRO-50 '17: Proceedings of the 50th Annual IEEE/ACM International Symposium on MicroarchitectureSecurity-critical data can leak through very unexpected side channels, making side-channel attacks very dangerous threats to information security. Of these, cache-based side-channel attacks are some of the most problematic. This is because caches are ...
Comments