ABSTRACT
A program's use of CPU caches may reveal its memory access pattern and thus leak sensitive information when the program performs secret-dependent memory accesses. In recent studies, it has been demonstrated that cache side-channel attacks that extract secrets by observing the victim program's cache uses can be conducted under a variety of scenarios, among which the most concerning are cross-VM attacks and those against SGX enclaves. In this paper, we propose a mechanism that leverages hardware transactional memory (HTM) to enable software programs to defend themselves against various cache side-channel attacks. We observe that when the HTM is implemented by retrofitting cache coherence protocols, as is the case of Intel's Transactional Synchronization Extensions, the cache interference that is necessary in cache side-channel attacks will inevitably terminate hardware transactions. We provide a systematic analysis of the security requirements that a software-only solution must meet to defeat cache attacks, propose a software design that leverages HTM to satisfy these requirements and devise several optimization techniques in our implementation to reduce performance impact caused by transaction aborts. The empirical evaluation suggests that the performance overhead caused by the HTM-based solution is low.
- Gorka Irazoqui Apecechea, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar. 2014. Fine grain Cross-VM attacks on Xen and VMware are possible! Cryptology ePrint Archive.Google Scholar
- Daniel J. Bernstein. 2005. Cache-timing attacks on AES. Technical Report.Google Scholar
- Joseph Bonneau and Ilya Mironov. 2006. Cache-Collision timing attacks against AES. In Proceedings of Cryptographic Hardware and Embedded Systems (CHES'06). Google ScholarDigital Library
- Intel Corporation. 2014. Intel 64 and IA-32 Architectures Software Developer's Manual, Combined Volumes: 1, 2A, 2B, 2C, 3A, 3B and 3C. (2014).Google Scholar
- Stephen Crane, Andrei Homescu, Stefan Brunthaler, Per Larsen, and Michael Franz. 2015. Thwarting cache side-channel attacks through dynamic software diversity ISOC Network and Distributed System Security Symposium.Google Scholar
- The Apache Software Foundation. 2017. ApacheBench: Apache HTTP server benchmarking tool. (2017).Google Scholar
- Daniel Gruss, Julian Lettner, Felix Schuster, Olya Ohrimenko, Istvan Haller, and Manuel Costa. 2017. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory 26th USENIX Security Symposium.Google Scholar
- David Gullasch, Endre Bangerter, and Stephan Krenn. 2011. Cache games -- bringing access-based cache attacks on AES to practice 32nd IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. S$A: A shared cache attack that works across cores and defies VM sandboxing--and its application to AES. In 36th IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud 21st USENIX Security Symposium. Google ScholarDigital Library
- Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser, and Ruby B. Lee. 2016. CATalyst: Defeating last-level cache side channel attacks in cloud computing 22nd IEEE Symposium on High Performance Computer Architecture.Google Scholar
- Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-level cache side-channel attacks are practical 36th IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Yutao Liu, Yubin Xia, Haibing Guan, Binyu Zang, and Haibo Chen. 2014. Concurrent and consistent virtual machine introspection with hardware transactional memory. In 20th International Symposium on High Performance Computer Architecture.Google ScholarCross Ref
- David Molnar, Matt Piotrowski, David Schultz, and David Wagner. 2005. The program counter security model: Automatic detection and removal of control-flow side channel attacks. In 8th International Conference on Information Security and Cryptology. Google ScholarDigital Library
- David Mosberger and Tai Jin. 1998. Httperf -- A tool for measuring web server performance. ACM SIGMETRICS Performance Evaluation Review (1998). Google ScholarDigital Library
Recommendations
Countermeasures for timing-based side-channel attacks against shared, modern computing hardware
There are several vulnerabilities in computing systems hardware that can be exploited by attackers to carry out devastating microarchitectural timing-based side-channel attacks against these systems and as a result compromise the security of the users of ...
Hardware Transactional Memory with Delayed-Committing
ACIT-CSI '15: Proceedings of the 2015 3rd International Conference on Applied Computing and Information Technology/2nd International Conference on Computational Science and IntelligenceTransactional Memory (TM) is promising to make parallel programming easier. There have been many hardware implementations of transactional memory (HTM) proposed to improve the performance, but they still suffer from some overheads when a transaction ...
Strong and efficient cache side-channel protection using hardware transactional memory
SEC'17: Proceedings of the 26th USENIX Conference on Security SymposiumCache-based side-channel attacks are a serious problem in multi-tenant environments, for example, modern cloud data centers. We address this problem with Cloak, a new technique that uses hardware transactional memory to prevent adversarial observation ...
Comments