Godfrey, on the prevention of cachebased sidechannel attacks in a cloud environment, masters thesis, queens university, 20. Defending against cachebased sidechannel attacks researchgate. New cache designs for thwarting software cachebased. Deconstructing new cache designs for thwarting software cache. However, cloud computing offers new opportunities for attackers. Researchers proposing countermeasures and adver saries findingout new. Our results show that our new cache designs with builtin security can defend against cachebased side channel attacks in general rather than only specific attacks on a given cryptographic algorithm with very little performance degradation and hardware cost. New cache designs for thwarting software cachebased side channel attacks. Because these side channels are part of hardware design they are notoriously difficult to defeat. Unlike physical side channel attacks that mostly target embedded. While there are techniques to design software without addressbased infor. Deconstructing new cache designs for thwarting software cachebased side channel attacks conference paper pdf available january 2008 with 84 reads how we measure reads.
Our results show that our new cache designs with builtin security can defend against cachebased side channel attacks in generalrather than only specific attacks on a given cryptographic. Cachebased sidechannel attacks mikelangelo horizon 2020. These techniques come under the class of side channel attacks sca and include power analysis, timing analysis, rf analysis, and template attacks, etc. Recently those based on cpus cache memory turned out to be very effective, easy to implement and fast.
In this section, we describe the classification of cache based side channel attacks. Side channel attacks exploit information gained from physical implementation or design rather than mathematical weaknesses of the cryptographic systems. The main directions include the design of new hardware. Thwarting cache sidechannel attacks through dynamic software diversity stephen crane, andrei homescu, stefan brunthaler, per larsen, and michael franz university of california, irvine sjcrane, ahomescu, s. Conference paper pdf available january 2008 with 84 reads how we measure reads a read is counted. Deconstructing new cache designs for thwarting software cachebased side channel attacks. Systemlevel protection against cachebased side channel attacks in the cloud. New cache designs for thwarting software cache based side channel attacks plcache and rpcache information leakage due to cache and processor architectures. New cache designs for thwarting software cachebased side. We present stealthmem, a systemlevel protection mechanism against cache based side channel attacks in the cloud. Additional benefits that the proposed cache architecture can bring, like fault tolerance and hotspot mitigation, are also discussed briefly.
Thus, a recent work identified cache interferences in general as the root cause and proposed two new cache designs, namely partitionlocked cache plcache and random permutation cache rpcache, to defeat cache based side. Lee, new cache designs for thwarting software cachebased side channel attacks, acmieee international symposium on computer architecture isca, june 2007. Crossvm cachebased side channel attacks and proposed. Unlike physical side channel attacks that mostly target embedded cryptographic devices, cache based side channel attacks can also undermine general purpose systems. More specifically, powerful techniques to exploit the cache side channel have been developed. Hardwarebased cache partitioning unable to prevent the attack which built either on cache collision or cache sharing need hardware. Thwarting cache sidechannel attacks through dynamic software diversity. Diversification preserves the original program semantics while ensuring that each replica differs at the level of machine instructions.
In cryptography, a sidechannel attack is an attack based on information gained. Lee, new cache designs for thwarting software cachebased side channel attacks, in int. There is a large body of work on countermeasures against cache based side channel attacks. The attacks are easy to perform, effective on most platforms, and do not require special instruments or excessive computation power. We present new securityaware cache designs, the partitionlocked cache plcache and random permutation cache rpcache, analyze and prove their security, and evaluate their performance. Stealthmem manages a set of locked cache lines per core, which are never evicted from the cache, and efficiently multiplexes them so that each vm can load its own sensitive data into the locked cache lines. In proceedings of the 34th annual international symposium on computer architecture isca 07 pp. Us85766b2 method, apparatus and system for resistance to. In this blog post we explore cache based side channel attacks, which are subtle, powerful and much more feasible in a cloud environment than in traditional networks. Software cache based side channel attacks are a serious new class of threats for computers. Cachebased sidechannel intrusion detection using hardware. Probably most important side channel because of bandwith, size and central position in computer. Sep 05, 2016 however, cloud computing offers new opportunities for attackers. We propose the nonmonopolizable nomo cache design, a lowcomplexity hardware ap.
Unlike physical side channel attacks that mostly target embedded cryptographic devices, cache based side. Cis601001, special topics in computer architecture. The attacks are easy to perform, effective on most platforms, and do not require spe. Cachebased sidechannel attacks mikelangelo horizon. Deconstructing new cache designs for thwarting software cache based side channel attacks j kong, o aciicmez, jp seifert, h zhou proceedings of the 2nd acm workshop on computer security architectures, 2534, 2008. Lee, new cache designs for thwarting software cache based. Each time the system is powered up, a new random key is generated. New cache designs for thwarting software cachebased side channel attacks z wang, rb lee ieeeacm international symposium on computer architecture isca. Newcache uses a novel dynamic, randomized memorytocache mapping to thwart contentionbased sidechannel attacks.
Ieeeacm international symposium on computer architecture. Software cachebased side channel attacks are a serious new class of threats for computers. In the last 10 years cache attacks on intel cpus have gained increasing attention among the scientific community. Unlike physical side channel attacks that mostly target embedded cryptographic devices, cachebased side channel attacks can also undermine general purpose systems. One example of an attack is a power analysis attack that measures the current consumed by a device, which correlates to the computation being performed within it. A novel cache architecture with enhanced performance and security. To thwart such an attack, we propose the nonmonopolizable cache nomo cache in the rest. Unlike physical side channel attacks that mostly target embedded cryptographic devices, cachebased side. Eviction bit and inclusive cache based replacement policy for. The main focus of modern cryptanalysis is on breaking the implementation of cryptographic algorithms as opposed to traditional attacks which primarily target on mathemati cally breaking the algorithms.
Architectural support for improving computer security. Combine controlflow randomization with diversifying transformation to counter cache based side channel attacks. Lee, how secure is your cache against sidechannel attacks. We present a careful and detailed evaluation of applying diversity to protect cache side channels and report the. Real time detection of cachebased sidechannel attacks using. B new cache designs for thwarting software cachebased. Lowcomplexity mitigation of cache side channel attacks. Cachebased sidechannel analysis is a new technique that uses the applicationspecific.
Previously proposed countermeasures were either too costly for practical use or only effective against particular attacks. Article crossref link 11 zhang y, reiter m k, duppel. Preventing from crossvm sidechannel attack using new. To propose new cache design namely random permutation cache and partition lock cache. New cache designs for thwarting software cachebased side channel attacks zhenghong wang and ruby b. His observation called for careful hardware designs and software. Side channel attacks secure computation laboratory university.
We have extended and modi ed the existing work in the eld of cache based side channel attacks targeting the software implementation of advanced encryption standard. For over the last decade these new trend of attacks, side channel attacks scas, are becoming increasingly popular and pose a serious threat to cryptogra phic devices. Numerous attacks based on shared hardware and software resources have been carried in the past. Cache sidechannels and secure caches palms princeton. All caches today are susceptible to cache sidechannel attacks, despite software isolation of memory pages. Cache side channel attacks are attacks enabled by the micro architecturual design of the cpu.
Deconstructing new cache designs for thwarting software. To vary the side channel characteristics of replicas, authors employ diversifying transformations. Sidechannel attacks scas target microarchitectural fea. In our third approach, we deconstruct two previously proposed secure cache designs against software data cache based side channel attacks and demonstrate their weaknesses. Recent studies are still trying to find new ways to avoid cache based timing side channels to prevent different processes leaking information, which is the topic of this paper. Citeseerx citation query cachecollision timing attacks. Deconstructing new cache designs for thwarting software cache based side channel attacks. In this paper, we analyze these new cache designs and identify signi. Leonid domnitser, state university of new york at binghamton. Thus, a recent work identified cache interferences in general as the root cause and proposed two new cache designs, namely partitionlocked cache plcache and random permutation cache rpcache, to defeat cachebased side channel attacks by eliminatingobfuscating cache interferences. In proceedings of the 2nd acm workshop on computer security architectures alexandria, virginia, usa, october 31 31, 2008.
Deconstructing new cache designs for thwarting software cachebased side channel attacks jingfei kong university of central florida onur ac. In this blog post we explore cachebased side channel attacks, which are subtle, powerful and much more feasible in a cloud environment than in traditional networks. New cache designs for thwarting software cache based side channel attacks. We propose three hardware software integrated approaches as secure protections against those data cache attacks. Our results show that our new cache designs with builtin security can defend against cachebased side channel attacks in generalrather than only specific attacks on a given cryptographic algorithmwith very little performance degradation and hardware cost. Cachebased software sidechannel attacks represent one.
1360 723 224 1463 1290 289 747 356 1332 524 1135 887 1007 1030 984 701 1285 1009 441 276 943 199 542 185 429 3 725 894 143 748 1207 951 168 921 1255