At the same time it can thwart cache based software side channel attacks, providing both legacy and securityenhanced software a much higher degree of security. Lee, how secure is your cache against sidechannel attacks. Numerous attacks based on shared hardware and software resources have been carried in the past. Additional benefits that the proposed cache architecture can bring, like fault tolerance and hotspot mitigation, are also discussed briefly. We propose the nonmonopolizable nomo cache design, a lowcomplexity hardware ap. Combine controlflow randomization with diversifying transformation to counter cache based side channel attacks. To propose new cache design namely random permutation cache and partition lock cache. All caches today are susceptible to cache sidechannel attacks, despite software isolation of memory pages. We present new securityaware cache designs, the partitionlocked cache plcache and random permutation cache rpcache, analyze and prove their security, and evaluate their performance. Sidechannel attacks scas target microarchitectural fea.
New cache designs for thwarting software cache based side channel attacks. Cachebased sidechannel analysis is a new technique that uses the applicationspecific. His observation called for careful hardware designs and software. A novel cache architecture with enhanced performance and security. New cache designs for thwarting software cachebased side channel attacks. Software cache based side channel attacks are a serious new class of threats for computers. Probably most important side channel because of bandwith, size and central position in computer. We have extended and modi ed the existing work in the eld of cache based side channel attacks targeting the software implementation of advanced encryption standard. Unlike physical side channel attacks that mostly target embedded cryptographic devices, cachebased side channel attacks can also undermine general purpose systems.
Cachebased software sidechannel attacks represent one. While there are techniques to design software without addressbased infor. There is a large body of work on countermeasures against cache based side channel attacks. In proceedings of the 34th annual international symposium on computer architecture isca 07 pp. Researchers proposing countermeasures and adver saries findingout new. Software cachebased side channel attacks are a serious new class of threats for computers. Thus, a recent work identified cache interferences in general as the root cause and proposed two new cache designs, namely partitionlocked cache plcache and random permutation cache rpcache, to defeat cachebased side channel attacks by eliminatingobfuscating cache interferences. Deconstructing new cache designs for thwarting software.
Citeseerx citation query cachecollision timing attacks. Systemlevel protection against cachebased side channel attacks in the cloud. Preventing from crossvm sidechannel attack using new. In the last 10 years cache attacks on intel cpus have gained increasing attention among the scientific community. New cache designs for thwarting software cache based side channel attacks plcache and rpcache information leakage due to cache and processor architectures. Recent studies are still trying to find new ways to avoid cache based timing side channels to prevent different processes leaking information, which is the topic of this paper. Unlike physical side channel attacks that mostly target embedded. Previously proposed countermeasures were either too costly for practical use or only effective against particular attacks. We present a careful and detailed evaluation of applying diversity to protect cache side channels and report the. Cache side channel attacks are attacks enabled by the micro architecturual design of the cpu. For over the last decade these new trend of attacks, side channel attacks scas, are becoming increasingly popular and pose a serious threat to cryptogra phic devices.
Lee, new cache designs for thwarting software cachebased side channel attacks, in int. Thwarting cache sidechannel attacks through dynamic software diversity. Crossvm cachebased side channel attacks and proposed. Deconstructing new cache designs for thwarting software cache based side channel attacks. Diversification preserves the original program semantics while ensuring that each replica differs at the level of machine instructions. New cache designs for thwarting software cachebased side. Cachebased sidechannel attacks mikelangelo horizon. Leonid domnitser, state university of new york at binghamton. Cache sidechannels and secure caches palms princeton. Deconstructing new cache designs for thwarting software cache. To vary the side channel characteristics of replicas, authors employ diversifying transformations.
Side channel attacks exploit information gained from physical implementation or design rather than mathematical weaknesses of the cryptographic systems. Deconstructing new cache designs for thwarting software cachebased side channel attacks. In this paper, we analyze these new cache designs and identify signi. Lee, new cache designs for thwarting software cache based. Hardwarebased cache partitioning unable to prevent the attack which built either on cache collision or cache sharing need hardware. Eviction bit and inclusive cache based replacement policy for. University of central florida 2 outline background more details are in related papers security evaluation on previously proposed. New cache designs for thwarting software cachebased side channel attacks zhenghong wang and ruby b. Sep 05, 2016 however, cloud computing offers new opportunities for attackers. Recently those based on cpus cache memory turned out to be very effective, easy to implement and fast. Article crossref link 11 zhang y, reiter m k, duppel.
Cachebased sidechannel attacks mikelangelo horizon 2020. Godfrey, on the prevention of cachebased sidechannel attacks in a cloud environment, masters thesis, queens university, 20. B new cache designs for thwarting software cachebased. The attacks are easy to perform, effective on most platforms, and do not require spe. In this section, we describe the classification of cache based side channel attacks. Newcache uses a novel dynamic, randomized memorytocache mapping to thwart contentionbased sidechannel attacks. The main focus of modern cryptanalysis is on breaking the implementation of cryptographic algorithms as opposed to traditional attacks which primarily target on mathemati cally breaking the algorithms.
Defending against cachebased sidechannel attacks researchgate. Our results show that our new cache designs with builtin security can defend against cachebased side channel attacks in generalrather than only specific attacks on a given cryptographic. The attacks are easy to perform, effective on most platforms, and do not require special instruments or excessive computation power. Stealthmem manages a set of locked cache lines per core, which are never evicted from the cache, and efficiently multiplexes them so that each vm can load its own sensitive data into the locked cache lines. Thus, a recent work identified cache interferences in general as the root cause and proposed two new cache designs, namely partitionlocked cache plcache and random permutation cache rpcache, to defeat cache based side. Unlike physical side channel attacks that mostly target embedded cryptographic devices, cache based side. In this blog post we explore cachebased side channel attacks, which are subtle, powerful and much more feasible in a cloud environment than in traditional networks. Deconstructing new cache designs for thwarting software cachebased side channel attacks jingfei kong university of central florida onur ac. In our third approach, we deconstruct two previously proposed secure cache designs against software data cache based side channel attacks and demonstrate their weaknesses. New cache designs for thwarting software cachebased. Cis601001, special topics in computer architecture. Lee, new cache designs for thwarting software cachebased side channel attacks, acmieee international symposium on computer architecture isca, june 2007.
Thwarting cache sidechannel attacks through dynamic software diversity stephen crane, andrei homescu, stefan brunthaler, per larsen, and michael franz university of california, irvine sjcrane, ahomescu, s. Unlike physical side channel attacks that mostly target embedded cryptographic devices, cachebased side. Cachebased sidechannel intrusion detection using hardware. For example, attackers can detect the existence of sshd and apache2 via a side channel that results from memory deduplication in the cloud 38. New cache designs for thwarting software cachebased side channel attacks z wang, rb lee ieeeacm international symposium on computer architecture isca. Deconstructing new cache designs for thwarting software cache based side channel attacks j kong, o aciicmez, jp seifert, h zhou proceedings of the 2nd acm workshop on computer security architectures, 2534, 2008. We present stealthmem, a systemlevel protection mechanism against cache based side channel attacks in the cloud. Our results show that our new cache designs with builtin security can defend against cachebased side channel attacks in generalrather than only specific attacks on a given cryptographic algorithmwith very little performance degradation and hardware cost. Conference paper pdf available january 2008 with 84 reads how we measure reads a read is counted. These techniques come under the class of side channel attacks sca and include power analysis, timing analysis, rf analysis, and template attacks, etc.
Architectural support for improving computer security. Deconstructing new cache designs for thwarting software cachebased side channel attacks conference paper pdf available january 2008 with 84 reads how we measure reads. More specifically, powerful techniques to exploit the cache side channel have been developed. However, cloud computing offers new opportunities for attackers. In proceedings of the 2nd acm workshop on computer security architectures alexandria, virginia, usa, october 31 31, 2008. Ieeeacm international symposium on computer architecture. Lowcomplexity mitigation of cache side channel attacks.
Real time detection of cachebased sidechannel attacks using. We propose three hardware software integrated approaches as secure protections against those data cache attacks. Because these side channels are part of hardware design they are notoriously difficult to defeat. In cryptography, a sidechannel attack is an attack based on information gained. Cloud computing achieves significant saving in costs by sharing expensive hardware resources among many customers.
135 913 382 500 817 1594 874 763 1201 282 887 1501 194 283 1443 651 966 574 148 864 831 128 1024 1316 611 532 1003 285 451 716 1318 553 1366