Skip to main content
SpringerLink
Log in

Feasibility Analysis and Performance Optimization of the Conflict Test Algorithms for Searching Eviction Sets

  • Conference paper
  • First Online:
Information Security and Cryptology – ICISC 2023 (ICISC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14562))

Included in the following conference series:

  • 48 Accesses

Abstract

Cache side-channel attacks have been widely utilized as an intermediate step in some comprehensive attacks. Eviction sets, especially the minimal eviction sets, are essential components of the conflict-based cache side-channel attacks. It is important to develop efficient search algorithms that incur the lowest latency with the highest success rate. Several fast search algorithms have been proposed in recent years, among which conflict test (CT) achieves the highest success rate with the lowest latency. In this paper, we have conducted the first systematic feasibility analysis of the CT algorithm. Besides failing on the commonly known cache architectures where the last-level cache (LLC) is exclusive or non-inclusive, CT is also found and verified failing on two inclusive LLC architectures if it is running in single-core mode. We have further explored three optimizations for improving the speed performance of the CT algorithm, two of which are newly proposed in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Many reasons can cause the mismatch in access order. The filter effect itself is a potential cause as soon shown in Fig. 3b. The imperfect pseudo-LRU used in hardware and the RRIP derivative policies used in L2 and LLC [31] also cause mismatching replacement order and access order. Finally, the L2 in this case (also in modern Intel processor) is exclusive, whose replacement order is also affected by the block swapping between L2 and L1 when a block hits in L2.

References

  1. Acıiçmez, O., Schindler, W., Koç, Ç.K.: Cache based remote timing attack on the AES. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 271–286. Springer, Heidelberg (2006). https://doi.org/10.1007/11967668_18

    Chapter  Google Scholar 

  2. Alfs, G., Knupffer, N.: Intel fact sheet: Intel corporation’s multicore architecture briefing (2008). https://www.intel.com/pressroom/archive/releases/2008/20080317fact.htm

  3. Amid, A., et al.: Chipyard: integrated design, simulation, and implementation framework for custom SoCs. IEEE Micro 40(4), 10–21 (2020)

    Article  Google Scholar 

  4. Asanović, K., et al.: The Rocket chip generator. Technical report. UCB/EECS-2016-17, University of California, Berkeley (2016)

    Google Scholar 

  5. Berg, C.: PLRU cache domino effects. In: Proceedings of the International Workshop on Worst-Case Execution Time Analysis (WCET) (2006)

    Google Scholar 

  6. Bernstein, D.J.: Cache-timing attacks on AES (2005). https://cr.yp.to/antiforgery/cachetiming-20050414.pdf

  7. Genkin, D., Pachmanov, L., Tromer, E., Yarom, Y.: Drive-by key-extraction cache attacks from portable code. In: Preneel, B., Vercauteren, F. (eds.) ACNS 2018. LNCS, vol. 10892, pp. 83–102. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93387-0_5

    Chapter  Google Scholar 

  8. Gras, B., Razavi, K., Bosman, E., Bos, H., Giuffrida, C.: ASLR on the line: practical cache attacks on the MMU. In: Proceedings of the Network and Distributed System Security Symposium (NDSS). Internet Society (2017)

    Google Scholar 

  9. Gruss, D., Maurice, C., Mangard, S.: Rowhammer.js: a remote software-induced fault attack in JavaScript. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 300–321. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_15

    Chapter  Google Scholar 

  10. İnci, M.S., Gulmezoglu, B., Irazoqui, G., Eisenbarth, T., Sunar, B.: Cache attacks enable bulk key recovery on the cloud. In: Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems (CHES), pp. 368–388. ICAR (2016)

    Google Scholar 

  11. Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! a fast, cross-VM attack on AES. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 299–319. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_15

    Chapter  Google Scholar 

  12. Jaleel, A., Borch, E., Bhandaru, M., Steely, S.C., Jr., Emer, J.: Achieving non-inclusive cache performance with inclusive caches: temporal locality aware (TLA) cache management policies. In: Proceedings of the Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE (2020)

    Google Scholar 

  13. Jaleel, A., Theobald, K.B., Steely, Jr., S.C., Emer, J.S.: High performance cache replacement using re-reference interval prediction (RRIP). In: Proceedings of the International Symposium on Computer Architecture (ISCA), pp. 60–71. ACM (2010)

    Google Scholar 

  14. Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: Proceedings of the IEEE Symposium on Security and Privacy (S &P), pp. 19–37 (2019)

    Google Scholar 

  15. Lipp, M., et al.: Meltdown: reading kernel memory from user space. In: Proceedings of the USENIX Security Symposium (Security), pp. 973–990. USENIX Association (2018)

    Google Scholar 

  16. Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: Proceedings of the IEEE Symposium on Security and Privacy (S &P). IEEE (2015)

    Google Scholar 

  17. Maurice, C., Le Scouarnec, N., Neumann, C., Heen, O., Francillon, A.: Reverse engineering intel last-level cache complex addressing using performance counters. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 48–65. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26362-5_3

    Chapter  Google Scholar 

  18. Percival, C.: Cache missing for fun and profit (2005)

    Google Scholar 

  19. Purnal, A., Giner, L., Gruß, D., Verbauwhede, I.: Systematic analysis of randomization-based protected cache architectures. In: Proceedings of the IEEE Symposium on Security and Privacy (S &P), pp. 987–1002. IEEE (2021)

    Google Scholar 

  20. Purnal, A., Turan, F., Verbauwhede, I.: Prime+Scope: overcoming the observer effect for high-precision cache contention attacks. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 2906–2920. ACM (2021)

    Google Scholar 

  21. Purnal, A., Turan, F., Verbauwhede, I.: Double trouble: combined heterogeneous attacks on non-inclusive cache hierarchies. In: Proceedings of the USENIX Security Symposium (Security), pp. 3647–3664. USENIX Association (2022)

    Google Scholar 

  22. Purnal, A., Verbauwhede, I.: Advanced profiling for probabilistic Prime+Probe attacks and covert channels in ScatterCache. arXiv cs.CR (2019)

    Google Scholar 

  23. Qureshi, M.K.: New attacks and defense for encrypted-address cache. In: Proceedings of the International Symposium on Computer Architecture (ISCA), pp. 360–371. ACM (2019)

    Google Scholar 

  24. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp. 199–212. ACM (2009)

    Google Scholar 

  25. Savage, J.E., Zubair, M.: A unified model for multicore architectures. In: Proceedings of the International Forum on Next-Generation Multicore/Manycore Technologies (IFMT), p. 12. ACM (2008)

    Google Scholar 

  26. Shen, S., Li, Z., Song, W.: Methods of extracting parameters of the processor caches. In: Cheng, C.M., Akiyama, M. (eds.) IWSEC 2022. LNCS, vol. 13504, pp. 47–65. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15255-9_3

    Chapter  Google Scholar 

  27. Song, W., Liu, P.: Dynamically finding minimal eviction sets can be quicker than you think for side-channel attacks against the LLC. In: Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID), pp. 427–442. USENIX Association (2019)

    Google Scholar 

  28. Thoma, J.P., Güneysu, T.: Write me and I’ll tell you secrets – write-after-write effects on Intel CPUs. In: Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID). ACM (2022)

    Google Scholar 

  29. Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)

    Article  MathSciNet  Google Scholar 

  30. Tóth, R., Faigl, Z., Szalay, M., Imre, S.: An advanced timing attack scheme on RSA. In: Networks 2008 - The 13th International Telecommunications Network Strategy and Planning Symposium, vol. Supplement, pp. 1–9 (2008)

    Google Scholar 

  31. Vila, P., Ganty, P., Guarnieri, M., Köpf, B.: CacheQuery: learning replacement policies from hardware caches. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). ACM (2020)

    Google Scholar 

  32. Vila, P., Köpf, B., Morales, J.F.: Theory and practice of finding eviction sets. In: Proceedings of the IEEE Symposium on Security and Privacy (S &P), pp. 39–54. IEEE (2019)

    Google Scholar 

  33. Wong, H.: Intel Ivy Bridge cache replacement policy (2013). https://blog.stuffedcow.net/2013/01/ivb-cache-replacement/

  34. Yan, M., Gopireddy, B., Shull, T., Torrellas, J.: Secure hierarchy-aware cache replacement policy (SHARP): defending against cache-based side channel attacks. In: Proceedings of the Annual International Symposium on Computer Architecture (ISCA), pp. 347–360. ACM (2017)

    Google Scholar 

  35. Yan, M., Sprabery, R., Gopireddy, B., Fletcher, C.W., Campbell, R.H., Torrellas, J.: Attack directories, not caches: side-channel attacks in a non-inclusive world. In: Proceedings of the IEEE Symposium on Security and Privacy (S &P), pp. 888–904. IEEE (2019)

    Google Scholar 

  36. Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: Proceedings of the USENIX Security Symposium (Security), pp. 719–732. USENIX Association (2014)

    Google Scholar 

  37. Zhou, Y., Feng, D.: Side-channel attacks: ten years after its publication and the impacts on cryptographic module security testing (2005). https://eprint.iacr.org/2005/388

Download references

Acknowledgements

This research was supported by the National Natural Science Foundation of China (No. 62172406) and the CAS Pioneer Hundred Talents Program. Any opinions, findings, conclusions, and recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding parties.

Author information

Authors and Affiliations

  1. Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Zhenzhen Li, Zihan Xue & Wei Song

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Zhenzhen Li, Zihan Xue & Wei Song

Authors
  1. Zhenzhen Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zihan Xue
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wei Song
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wei Song .

Editor information

Editors and Affiliations

  1. Hansung University, Seoul, Korea (Republic of)

    Hwajeong Seo

  2. Sungshin Women's University, Seoul, Korea (Republic of)

    Suhri Kim

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, Z., Xue, Z., Song, W. (2024). Feasibility Analysis and Performance Optimization of the Conflict Test Algorithms for Searching Eviction Sets. In: Seo, H., Kim, S. (eds) Information Security and Cryptology – ICISC 2023. ICISC 2023. Lecture Notes in Computer Science, vol 14562. Springer, Singapore. https://doi.org/10.1007/978-981-97-1238-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-1238-0_12

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-1237-3

  • Online ISBN: 978-981-97-1238-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation