Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices

Authors:
Xiaokuan Zhang

The Ohio State University, Columbus, OH, USA

The Ohio State University, Columbus, OH, USA
View Profile

,
Yuan Xiao

The Ohio State University, Columbus, OH, USA

The Ohio State University, Columbus, OH, USA
View Profile

,
Yinqian Zhang

The Ohio State University, Columbus, OH, USA

The Ohio State University, Columbus, OH, USA
View Profile

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityOctober 2016Pages 858–870https://doi.org/10.1145/2976749.2978360

Published:24 October 2016Publication History

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 858–870

ABSTRACT

Cache side-channel attacks have been extensively studied on x86 architectures, but much less so on ARM processors. The technical challenges to conduct side-channel attacks on ARM, presumably, stem from the poorly documented ARM cache implementations, such as cache coherence protocols and cache flush operations, and also the lack of understanding of how different cache implementations will affect side-channel attacks. This paper presents a systematic exploration of vectors for flush-reload attacks on ARM processors. flush-reload attacks are among the most well-known cache side-channel attacks on x86. It has been shown in previous work that they are capable of exfiltrating sensitive information with high fidelity. We demonstrate in this work a novel construction of flush-reload side channels on last-level caches of ARM processors, which, particularly, exploits return-oriented programming techniques to reload instructions. We also demonstrate several attacks on Android OS (e.g., detecting hardware events and tracing software execution paths) to highlight the implications of such attacks for Android devices.

References

Android source code. https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/widget/Editor.java. Retrieved in May 2016.Google Scholar
ARM architecture reference manual. http://infocenter.arm.com/. ARMv8, for ARMv8-A architecture profile, beta.Google Scholar
ARM architecture reference manual. http://infocenter.arm.com/. ARMv7, for ARMv7-A architecture profile.Google Scholar
ARM CoreLink CCI-400 Cache Coherent Interconnect Technical Reference Manual. http://infocenter.arm.com/. Revision: r1p5.Google Scholar
ARM Cortex-A15 MPCore Processor. http://infocenter.arm.com/. Revision: r4p0.Google Scholar
ARM Cortex-A57 MPCore Processor. http://infocenter.arm.com/. Revision: r1p3.Google Scholar
Event codes. https://www.kernel.org/doc/Documentation/input/event-codes.txt. event codes - The Linux Kernel Archives.Google Scholar
GDB documentation. http://www.gnu.org/software/gdb/documentation/.Google Scholar
pagemap: do not leak physical addresses to non-privileged userspace. https://lwn.net/Articles/642074/. Retrieved in May 2016.Google Scholar
Programmer's Guide for ARMv8-A. http://infocenter.arm.com/. Version 1.0.Google Scholar
Upstream: pagemap: do not leak physical addresses to non-privileged userspace. https://android-review.googlesource.com/#/c/182766/. Retrieved in Aug. 2016.Google Scholar
O. Aciiçmez. Yet another microarchitectural attack: exploiting I-Cache. In 2007 ACM workshop on Computer security architecture, 2007. Google ScholarDigital Library
O. Aciiçmez, B. B. Brumley, and P. Grabher. New results on instruction cache attacks. In 12th international conference on Cryptographic hardware and embedded systems, 2010. Google ScholarDigital Library
V. Afonso, A. Bianchi, Y. Fratantonio, A. Doupe, M. Polino, P. de Geus, C. Kruegel, and G. Vigna. Going native: Using a large-scale analysis of android apps to create a practical native-code sandboxing policy. In 2016 ISOC Network and Distributed System Security Symposium, 2016.Google ScholarCross Ref
A. J. Aviv, B. Sapp, M. Blaze, and J. M. Smith. Practicality of accelerometer side channels on smartphones. In 28th Annual Computer Security Applications Conference, 2012. Google ScholarDigital Library
N. Benger, J. van de Pol, N. P. Smart, and Y. Yarom. "Ooh Aah... Just a Little Bit": A small amount of side channel can go a long way. In 16th International Workshop on Cryptographic Hardware and Embedded Systems, 2014. Google ScholarDigital Library
L. Cai and H. Chen. Touchlogger: Inferring keystrokes on touch screen from smartphone motion. In 6th USENIX Conference on Hot Topics in Security, 2011. Google ScholarDigital Library
S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In 17th ACM Conference on Computer and Communications Security, 2010. Google ScholarDigital Library
Q. A. Chen, Z. Qian, and Z. M. Mao. Peeking into your app without actually seeing it: UI state inference and novel Android attacks. In 23th USENIX Security Symposium, 2014. Google ScholarDigital Library
R. Delgado. Arm-based servers: The next evolution of the cloud? http://www.cloudcomputing-news.net/news/2015/apr/17/arm-based-servers-next-evolution-cloud/.Google Scholar
W. Diao, X. Liu, Z. Li, and K. Zhang. No pardon for the interruption: New inference attacks on android through interrupt timing analysis. In 37th IEEE Symposium on Security and Privacy, 2016.Google ScholarCross Ref
D. Gruss, R. Spreitzer, and S. Mangard. Cache template attacks: Automating attacks on inclusive last-level caches. In 24th USENIX Security Symposium, 2015. Google ScholarDigital Library
D. Gullasch, E. Bangerter, and S. Krenn. Cache games -- bringing access-based cache attacks on AES to practice. In 32nd IEEE Symposium on Security and Privacy, 2011. Google ScholarDigital Library
R. Hund, C. Willems, and T. Holz. Practical timing side channel attacks against kernel space ASLR. In 34th IEEE Symposium on Security and Privacy, 2013. Google ScholarDigital Library
M. S. Inci, B. Gulmezoglu, G. Irazoqui, T. Eisenbarth, and B. Sunar. Seriously, get off my cloud! cross-vm rsa key recovery in a public cloud. Cryptology ePrint Archive, Report 2015/898, 2015. http://eprint.iacr.org/.Google Scholar
G. Irazoqui, T. Eisenbarth, and B. Sunar. S\$A: A shared cache attack that works across cores and defies VM sandboxing--and its application to AES. In 36th IEEE Symposium on Security and Privacy, 2015. Google ScholarDigital Library
G. Irazoqui, T. Eisenbarth, and B. Sunar. Cross processor cache attacks. In 11th ACM Asia Conference on Computer and Communications Security, 2016. Google ScholarDigital Library
G. Irazoqui, M. S. Inci, T. Eisenbarth, and B. Sunar. Wait a minute! a fast, cross-vm attack on AES. In 17th International Symposium Research in Attacks, Intrusions and Defenses, 2014.Google ScholarCross Ref
A. Jaleel, E. Borch, M. Bhandaru, S. C. Steely Jr., and J. Emer. Achieving non-inclusive cache performance with inclusive caches: Temporal locality aware (tla) cache management policies. In 43rd Annual IEEE/ACM International Symposium on Microarchitecture. Google ScholarDigital Library
S. Jana and V. Shmatikov. Memento: Learning secrets from process footprints. In 33rd IEEE Symposium on Security and Privacy, 2012. Google ScholarDigital Library
C.-C. Lin, H. Li, X. Zhou, and X. Wang. Screenmilker: How to milk your Android screen for secrets. In 21st ISOC Network and Distributed System Security Symposium, 2014.Google ScholarCross Ref
M. Lipp, D. Gruss, R. Spreitzer, C. Maurice, and S. Mangard. ARMageddon: Cache attacks on mobile devices. In 25th USENIX Security Symposium, 2016.Google Scholar
F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee. Last-level cache side-channel attacks are practical. In 36th IEEE Symposium on Security and Privacy, 2015. Google ScholarDigital Library
Y. Michalevsky, D. Boneh, and G. Nakibly. Gyrophone: Recognizing speech from gyroscope signals. In 23rd USENIX Security Symposium, 2014. Google ScholarDigital Library
M. Neve and J.-P. Seifert. Advances on access-driven cache attacks on AES. In 13th international conference on selected areas in cryptography, 2007. Google ScholarDigital Library
Y. Oren, V. P. Kemerlis, S. Sethumadhavan, and A. D. Keromytis. The spy in the sandbox: Practical cache attacks in javascript and their implications. In 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015. Google ScholarDigital Library
D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: the case of AES. In 6th Cryptographers' track at the RSA conference on Topics in Cryptology, 2006. Google ScholarDigital Library
C. Percival. Cache missing for fun and profit. In 2005 BSDCan, 2005.Google Scholar
Z. Qian, Z. M. Mao, and Y. Xie. Collaborative TCP sequence number inference attack: How to crack sequence number under a second. In 19th ACM Conference on Computer and Communications Security, 2012. Google ScholarDigital Library
H. Rydberg. Multi-touch (mt) protocol. Linux kernel documentation. https://www.kernel.org/doc/Documentation/input/multi-touch-protocol.txt.Google Scholar
H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In 14th ACM Conference on Computer and Communications Security, 2007. Google ScholarDigital Library
A. L. Shimpi. Answered by the experts: Arm's cortex a53 lead architect, peter greenhalgh. http://www.anandtech.com/show/7591/answered-by-the-experts-arms-cortex-a53-lead-architect -peter-greenhalgh.Google Scholar
R. Spreitzer and B. Gérard. Towards more practical time-driven cache attacks. In 8th IFIP International Workshop on Information Security Theory and Practice, Securing the Internet of Things, 2014. Google ScholarDigital Library
R. Spreitzer and T. Plos. In 4th International Workshop on Constructive Side-Channel Analysis and Secure Design, 2013.Google Scholar
R. Spreitzer and T. Plos. On the applicability of time-driven cache attacks on mobile devices. In 7th International Conference on Network and System Security, 2013.Google ScholarCross Ref
E. Tromer, D. A. Osvik, and A. Shamir. Efficient cache attacks on AES, and countermeasures. J. Cryptol., 23(2):37--71, Jan. 2010.Google ScholarDigital Library
M. Weiß, B. Heinz, and F. Stumpf. A cache timing attack on AES in virtualization environments. In 16th International Conference on Financial Cryptography and Data Security, 2012.Google ScholarCross Ref
J. C. Wray. An analysis of covert timing channels. In 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 1991.Google ScholarCross Ref
Y. Yarom and N. Benger. Recovering OpenSSL ECDSA nonces using the FLUSHGoogle Scholar
RELOAD cache side-channel attack. In Cryptology ePrint Archive, 2014.Google Scholar
Y. Yarom and K. E. Falkner. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In 23rd USENIX Security Symposium, 2014. Google ScholarDigital Library
N. Zhang, K. Yuan, M. Naveed, X. Zhou, and X. Wang. Leave me alone: App-level protection against runtime information gathering on android. In 36th IEEE Symposium on Security and Privacy, 2015. Google ScholarDigital Library
Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-VM side channels and their use to extract private keys. In 19th ACM Conference on Computer and Communications Security, 2012. Google ScholarDigital Library
Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-tenant side-channel attacks in PaaS clouds. In 21st ACM Conference on Computer and Communications Security, 2014. Google ScholarDigital Library
X. Zhou, S. Demetriou, D. He, M. Naveed, X. Pan, X. Wang, C. A. Gunter, and K. Nahrstedt. Identity, location, disease and more: Inferring your secrets from Android public resources. In 20th ACM Conference on Computer and Communications Security, 2013. Google ScholarDigital Library
Z. Zhou, M. K. Reiter, and Y. Zhang. A software approach to defeating side channels in last-level caches. In 23rd ACM Conference on Computer and Communications Security, 2016. Google ScholarDigital Library

Index Terms

Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices
1. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security
      1. Mobile platform security

Recommendations

A Software Approach to Defeating Side Channels in Last-Level Caches
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

We present a software approach to mitigate access-driven side-channel attacks that leverage last-level caches (LLCs) shared across cores to leak information between security domains (e.g., tenants in a cloud). Our approach dynamically manages physical ...
Read More
FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack
SEC'14: Proceedings of the 23rd USENIX conference on Security Symposium

Sharing memory pages between non-trusting processes is a common method of reducing the memory footprint of multi-tenanted systems. In this paper we demonstrate that, due to a weakness in the Intel X86 processors, page sharing exposes processes to ...
Read More
Flush+Flush: A Fast and Stealthy Cache Attack
DIMVA 2016: Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment - Volume 9721

Research on cache attacks has shown that CPU caches leak significant information. Proposed detection mechanisms assume that all cache attacks cause more cache hits and cache misses than benign applications and use hardware performance counters for ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
October 2016
1924 pages
ISBN:9781450341394
DOI:10.1145/2976749
General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 24 October 2016
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
cache side channels
flush-reload
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '16 Paper Acceptance Rate137of831submissions,16%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 36
  Total Citations
  View Citations
- 1,828
  Total Downloads
- Downloads (Last 12 months)204
- Downloads (Last 6 weeks)28
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

A Software Approach to Defeating Side Channels in Last-Level Caches

FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack

Flush+Flush: A Fast and Stealthy Cache Attack