nach oben

International Journal of Parallel Programming

Erschienen in:

20.11.2018

Covert Timing Channels Exploiting Cache Coherence Hardware: Characterization and Defense

verfasst von: Fan Yao, Miloš Doroslovački, Guru Venkataramani

Erschienen in: International Journal of Parallel Programming | Ausgabe 4/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Information leakage of sensitive data has become one of the fast growing concerns among computer users. With adversaries turning to hardware for exploits, caches are frequently a target for timing channels since they present different timing profiles for cache miss and hit latencies. Such timing channels operate by having an adversary covertly communicate secrets to a spy simply through modulating resource timing without leaving any physical evidence. In this article, we demonstrate a new vulnerability exposed by cache coherence protocols where adversaries could manipulate the coherence states on certain cache blocks to alter cache access timing and communicate secrets illegitimately. Our threat model assumes the trojan and spy can either exploit explicitly shared read-only physical pages (e.g., shared library code), or use memory deduplication feature to implicitly force create shared physical pages. We demonstrate a template that adversaries may use to construct covert timing channels through manipulating combinations of coherence states and data placement in different caches. We investigate several classes of cache coherence protocols, and observe that both directory-based and snoopy protocols can be subject to covert timing channel attacks. We identify that the root cause of the vulnerability to be the existence of access latency difference for cache lines in read-only cache coherence states: Exlusive and Shared. For defense, we propose a slightly modified cache coherence scheme that will enable the last level cache to directly respond to read data requests in these read-only coherence states, and avoid any latency difference that could enable timing channels.

Vorheriger Artikel PrODACT: Prefetch-Obfuscator to Defend Against Cache Timing Channels

Nächster Artikel Memory Tampering Attack on Binary GCD Based Inversion Algorithms

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Note that other coherence states such as M may also exhibit different latency profiles. However, change to M state will require writes to the cache blocks. Since writes to shared memory will annul silent page sharing (created using KSM), we do not consider these other states.

When the LLC holds a copy of the cache block, the coherence transactions on non-inclusive caches are similar to that of exclusive caches. Therefore, the coherence transactions we listed for non-inclusive caches in Table 3 may be applied to a strictly exclusive cache hierarchy as well.

Department of Defense Standard: Trusted computer system evaluation criteria. US Department of Defense (1983)

Venkataramani, G., Chen, J., Doroslovacki, M.: Detecting hardware covert timing channels. IEEE Micro 36, 17–27 (2016)CrossRef

Chen, A., Moore, W.B., Xiao, H., Haeberlen, A., Phan, L.T.X., Sherr, M., Zhou, W.: Detecting covert timing channels with time-deterministic replay. In: USENIX Symposium on Operating Systems Design and Implementation, pp. 541–554 (2014)

Acıiçmez, O., Brumley, B.B., Grabher, P.: New results on instruction cache attacks. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 110–124, Springer (2010)

Aciiçmez, O.: Yet another microarchitectural attack: exploiting I-cache. In: Proceedings of ACM Workshop on Computer Security Architecture, pp. 11–18, ACM (2007)

Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of L2 cache covert channels in virtualized environments. In: Proceedings of ACM Workshop on Cloud Computing Security, pp. 29–40, ACM (2011)

Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 605–622, IEEE (2015)

Yarom, Y., Falkner, K.: Flush + reload: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security Symposium, pp. 719–732 (2014)

Irazoqui, G., Eisenbarth, T., Sunar, B.: Cross processor cache attacks. In: Proceedings of ACM Asia Conference on Computer and Communications Security, pp. 353–364, ACM (2016)

10.

Yao, F., Doroslovacki, M., Venkataramani, G.: Are coherence protocol states vulnerable to information leakage? In: Proceedings of IEEE International Symposium on High Performance Computer Architecture, pp. 168–179, IEEE (2018)

11.

Liu, F., Lee, R.B.: Random fill cache architecture. In: Proceedings of IEEE/ACM International Symposium on Microarchitecture, pp. 203–215, IEEE (2014)

12.

Wang, Z., Lee, R.B.: New cache designs for thwarting software cache-based side channel attacks. ACM SIGARCH Comput. Archit. News 35(2), 494–505 (2007)CrossRef

13.

Liu, F., Ge, Q., Yarom, Y., Mckeen, F., Rozas, C., Heiser, G., Lee, R.B.: CATalyst: Defeating last-level cache side channel attacks in cloud computing. In: Proceedings of IEEE International Symposium on High Performance Computer Architecture, pp. 406–418, IEEE (2016)

14.

Wang, Y., Ferraiuolo, A., Zhang, D., Myers, A.C., Suh, G.E.: Secdcp: secure dynamic cache partitioning for efficient timing channel protection. In: Proceedings of IEEE Design Automation Conference, pp. 1–6, IEEE (2016)

15.

Intel QuickPath Architecture. http://www.intel.com/pressroom/archive/reference/whitepaper_QuickPath.pdf (2012). Accessed Jan 2018

16.

Conway, P., Kalyanasundharam, N., Donley, G., Lepak, K., Hughes, B.: Cache hierarchy and memory subsystem of the AMD Opteron processor. IEEE Micro 30(2), 16–29 (2010)CrossRef

17.

Sorin, D.J., Hill, M.D., Wood, D.A.: A primer on memory consistency and cache coherence. Synth. Lect. Comput. Archit. 6(3), 1–212 (2011)CrossRef

18.

Waldspurger, C .A.: Memory resource management in VMware ESX server. ACM SIGOPS Operat. Syst. Rev. 36(SI), 181–194 (2002)CrossRef

19.

Barresi, A., Razavi, K., Payer, M., Gross, T.R.: CAIN: silently breaking ASLR in the cloud. In: USENIX Workshop on Offensive Technologies (2015)

20.

Using Intel VTune Amplifier. https://goo.gl/E9Fp2m (2013). Accessed Jan 2018

21.

Gallager, R.: Low-density parity-check codes. IRE Trans. Inf. Theory 8(1), 21–28 (1962)MathSciNetCrossRefMATH

22.

Binkert, N., Beckmann, B., Black, G., Reinhardt, S .K., Saidi, A., Basu, A., Hestness, J., Hower, D .R., Krishna, T., Sardashti, S., et al.: The gem5 simulator. ACM SIGARCH Comput. Archit. News 39(2), 1–7 (2011)CrossRef

23.

Bienia, C., Kumar, S., Singh, J.P., Li, K.: The parsec benchmark suite: characterization and architectural implications. In: Proceedings of ACM International Conference on Parallel Architectures and Compilation Techniques, pp. 72–81, ACM (2008)

24.

Gruss, D., Spreitzer, R., Mangard, S.: Cache template attacks: automating attacks on inclusive last-level caches. In: USENIX Security Symposium, pp. 897–912 (2015)

25.

Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of ACM Conference on Computer and Communications Security, pp. 199–212, ACM (2009)

26.

Yao, F., Venkataramani, G., Doroslovacki, M.: Covert timing channels exploiting non-uniform memory access based architectures. In: Proceedings of ACM Great Lakes Symposium on VLSI, pp. 155–160, ACM (2017)

27.

Aciicmez, O., Seifert, J.-P.: Cheap hardware parallelism implies cheap security. In: Proceedings of IEEE Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 80–91, IEEE (2007)

28.

Evtyushkin, D., Ponomarev, D.: Covert channels through random number generator: mechanisms, capacity estimation and mitigations. In: Proceedings of ACM Conference on Computer and Communications Security, pp. 843–857, ACM (2016)

29.

Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: USENIX Security Symposium, pp. 159–173 (2012)

30.

Alagappan, M., Rajendran, J.J., Doroslovacki, M., Venkataramani, G.: DFS covert channels on multi-core platforms. In: Proceedings of IEEE International Conference on Very Large Scale Integration, IEEE (2017)

31.

Aciiçmez, O., Koç, C.K., Seifert, J.-P.: On the power of simple branch prediction analysis. In: Proceedings of ACM Symposium on Information, Computer and Communications Security, pp. 312–320, ACM (2007)

32.

Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Understanding and mitigating covert channels through branch predictors. ACM Trans. Archit. Code Optim. 13(1), 10 (2016)CrossRef

33.

Jiang, Z.H., Fei, Y., Kaeli, D.: A complete key recovery timing attack on a GPU. In: Proceeding of IEEE International Symposium on High Performance Computer Architecture, pp. 394–405, IEEE (2016)

34.

Demme, J., Martin, R., Waksman, A., Sethumadhavan, S.: Side-channel vulnerability factor: a metric for measuring information leakage. ACM SIGARCH Comput. Archit. News 40(3), 106–117 (2012)CrossRef

35.

Chen, J., Venkataramani, G.: An algorithm for detecting contention-based covert timing channels on shared hardware. In: Proceedings of ACM Workshop on Hardware and Architectural Support for Security and Privacy, ACM (2014)

36.

Chen, J., Venkataramani, G.: Cc-hunter: uncovering covert timing channels on shared processor hardware. In: Proceedings of IEEE/ACM International Symposium on Microarchitecture, pp. 216–228, IEEE Computer Society (2014)

37.

Hunger, C., Kazdagli, M., Rawat, A., Dimakis, A., Vishwanath, S., Tiwari, M.: Understanding contention-based channels and using them for defense. In: Proceedings of IEEE International Symposium on High Performance Computer Architecture, pp. 639–650, IEEE (2015)

38.

Yan, M., Shalabi, Y., Torrellas, J.: ReplayConfusion: detecting cache-based covert channel attacks using record and replay. In: Proceedings of IEEE/ACM International Symposium on Microarchitecture, pp. 1–14, IEEE (2016)

39.

Fang, H., Dayapule, S.S., Yao, F., Doroslovački, M., Venkataramani, G.: Prefetch-guard: leveraging hardware prefetchers to defend against cache timing channels (short paper). In: Proceedings of IEEE Symposium on Hardware Oriented Security and Trust, IEEE (2018)

40.

Venkataramani, G., Doudalis, I., Solihin, Y., Prvulovic, M.: Memtracker: an accelerator for memory debugging and monitoring. ACM Trans. Archit. Code Optim. 6, 5 (2009)CrossRef

41.

Shen, J., Venkataramani, G., Prvulovic, M.: Tradeoffs in fine-grained heap memory protection. In: Proceedings of ACM Workshop on Architectural and System Support for Improving Software Dependability, ACM (2006)

42.

Ferraiuolo, A., Wang, Y., Zhang, D., Myers, A.C., Suh, G.E.: Lattice priority scheduling: low-overhead timing-channel protection for a shared memory controller. In: Proceedings of IEEE International Symposium on High Performance Computer Architecture, pp. 382–393, IEEE (2016)

43.

Zhou, Y., Wagh, S., Mittal, P., Wentzlaff, D.: Camouflage: memory traffic shaping to mitigate timing attacks. In: Proceedings of International Symposium on High Performance Computer Architecture, pp. 337–348, IEEE (2017)

44.

Awad, A., Wang, Y., Shands, D., Solihin, Y.: Obfusmem: a low-overhead access obfuscation for trusted memories. In: Proceedings of ACM International Symposium on Computer Architecture, pp. 107–119, ACM (2017)

Titel: Covert Timing Channels Exploiting Cache Coherence Hardware: Characterization and Defense
verfasst von: Fan Yao
Miloš Doroslovački
Guru Venkataramani
Publikationsdatum: 20.11.2018
Verlag: Springer US
Erschienen in: International Journal of Parallel Programming / Ausgabe 4/2019
Print ISSN: 0885-7458
Elektronische ISSN: 1573-7640
DOI: https://doi.org/10.1007/s10766-018-0608-4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 4/2019

Memory Tampering Attack on Binary GCD Based Inversion Algorithms

Soundness Analytics of Composed Logical Workflow Nets

Against Signed Graph Deanonymization Attacks on Social Networks

Editorial: Special Issue on Side-Channel and Fault Analysis of High-Performance Computing Platforms

An Intrusion Detection Framework Based on Hybrid Multi-Level Data Mining

Analysis for Behavioral Economics in Social Networks: An Altruism-Based Dynamic Cooperation Model