Skip to main content
SpringerLink
Log in

PrODACT: Prefetch-Obfuscator to Defend Against Cache Timing Channels

  • Published:
International Journal of Parallel Programming Aims and scope Submit manuscript

Abstract

Cache timing channels operate stealthily through modulating the cache access latencies, and exfiltrate sensitive information to malicious adversaries. Among several forms of such timing channels, covert channels are especially dangerous since they involve two colluding processes (namely, the trojan and spy), and are often difficult to stop or prevent. In this article, we propose and demonstrate PrODACT, a low-cost mitigation mechanism using hardware prefetchers to defend against cache-based timing channels. Our detection mechanism first identifies the target cache sets that are being exploited by the adversaries, and then the counterattack mechanism fetches cache blocks to obliterate the pattern of cache accesses (misses and hits) created to construct timing channel between the trojan and the spy. We evaluate PrODACT on different classes of cache timing channel protocols that use different numbers of cache block groups for covert communication in a round-robin or parallel fashion. We observe that the cache timing channels suffer an average 50% bit error rate (with a minimum of at least 30%) which makes it very difficult or impossible for spy to decipher any useful information.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Alagappan, M., Rajendran, J.J.V., Doroslovački, M., Venkataramani, G.: DFS covert channels on multi-core platforms. In: 25th IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC) (2017)

  2. Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 13 (2013)

  3. Andreou, A., Bogdanov, A., Tischhauser, E.: Cache timing attacks on recent microarchitectures. In: IEEE International Symposium on Hardware Oriented Security and Trust (2017)

  4. Andreou, A., Bogdanov, A., Tischhauser, E.: Cache timing attacks on recent microarchitectures. In: Hardware Oriented Security and Trust (HOST), 2017 IEEE International Symposium on. IEEE (2017)

  5. Bao, C., Srivastava, A.: 3D integration: new opportunities in defense against cache-timing side-channel attacks. In: IEEE International Conference on Computer Design (2015)

  6. Benger, N., Van de Pol, J., Smart, N.P., Yarom, Y.: ooh aah... just a little bit: a small amount of side channel can go a long way. In: International Workshop on Cryptographic Hardware and Embedded Systems. Springer, Berlin (2014)

  7. Binkert, N., Beckmann, B., Black, G., Reinhardt, S.K., Saidi, A., Basu, A., Hestness, J., Hower, D.R., Krishna, T., Sardashti, S., et al.: The gem5 simulator. ACM SIGARCH Computer Architecture News (2011)

  8. Bucci, M., Giancane, L., Luzzi, R., Trifiletti, A.: Three-phase dual-rail pre-charge logic. In: International Workshop on Cryptographic Hardware and Embedded Systems. Springer, Berlin (2006)

  9. Chakraborty, A., Mondal, A., Srivastava, A.: Correlation power analysis attack against STT-MRAM based cyptosystems. IACR Cryptology ePrint Archive 2017, 413 (2017)

  10. Chen, J., Venkataramani, G.: An algorithm for detecting contention-based covert timing channels on shared hardware. In: Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy, p. 1. ACM (2014)

  11. Chen, J., Venkataramani, G.: Cc-hunter: Uncovering covert timing channels on shared processor hardware. In: IEEE/ACM International Symposium on Microarchitecture (2014)

  12. Chiappetta, M., Savas, E., Yilmaz, C.: Real time detection of cache-based side-channel attacks using hardware performance counters. Appl. Soft Comput. 49, 1162–1174 (2016)

    Article  Google Scholar 

  13. Chrysos, G.: Intel® Xeon Phi coprocessor-the architecture. Intel Whitepaper, 176 (2014)

  14. Clavier, C., Marion, D., Wurcker, A.: Simple power analysis on AES key expansion revisited. In: International Workshop on Cryptographic Hardware and Embedded Systems. Springer, Berlin (2014)

  15. Cowan, C., Beattie, S., Johansen, J., Wagle, P.: Pointguard TM: protecting pointers from buffer overflow vulnerabilities. In: Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, pp. 91–104 (2003)

  16. Cowan, C., Wagle, F., Pu, C., Beattie, S., Walpole, J.: Buffer overflows: attacks and defenses for the vulnerability of the decade. In: DARPA Information Survivability Conference and Exposition, 2000. DISCEX’00. Proceedings, vol. 2, pp. 119–129. IEEE (2000)

  17. Department of Defense Standard. Trusted Computer System Evaluation Criteria. US Department of Defense (1983)

  18. Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification. Wiley, New York (1973)

    MATH  Google Scholar 

  19. Evtyushkin, D., Ponomarev, D.: Covert channels through random number generator: mechanisms, capacity estimation and mitigations. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM (2016)

  20. Fuchs, A., Lee, R.B.: Disruptive prefetching: impact on side-channel attacks and cache designs. In: ACM International Systems and Storage Conference (2015)

  21. Güneysu, T., Moradi, A.: Generic side-channel countermeasures for reconfigurable devices. In: International Workshop on Cryptographic Hardware and Embedded Systems. Springer, Berlin (2011)

  22. Henning, J.L.: SPEC CPU2006 benchmark descriptions. ACM SIGARCH Comput. Archit. News 34(4), 1–17 (2006)

    Article  Google Scholar 

  23. Fang, H., Dayapule, S.S., Yao, F., Doroslovacki, M., Venkataramani, G.: Prefetch-guard: leveraging hardware prefetchers to defend against cache timing channels. In: Hardware-Oriented Security and Trust, 2009. HOST’09. IEEE International Workshop on. IEEE (2018)

  24. Hunger, C., Kazdagli, M., Rawat, A., Dimakis, A., Vishwanath, S., Tiwari, M.: Understanding contention-based channels and using them for defense. In: IEEE International Symposium on High Performance Computer Architecture (2015)

  25. Irazoqui, G., Eisenbarth, T., Sunar, B.: Cross processor cache attacks. In: ACM on Asia Conference on Computer and Communications Security (2016)

  26. Jaleel, A.: Memory characterization of workloads using instrumentation-driven simulation. Web Copy: http://www.glue.umd.edu/ajaleel/workload (2010)

  27. Jiang, Z.H., Fei, Y., Kaeli, D.: A novel side-channel timing attack on GPUs. In: Proceedings of the on Great Lakes Symposium on VLSI 2017, pp. 167–172. ACM (2017)

  28. Kayaalp, M., Ponomarev, D., Abu-Ghazaleh, N., Jaleel, A.: A high-resolution side-channel attack on last-level cache. In: ACM/EDAC/IEEE Design Automation Conference (2016)

  29. Kayaalp, M., Khasawneh, K.N., Esfeden, H.A., Elwell, J., Abu-Ghazaleh, N., Ponomarev, D., Jaleel, A.: RIC: relaxed inclusion caches for mitigating LLC side-channel attacks. In: ACM Design Automation Conference (2017)

  30. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) Advances in Cryptology – CRYPTO’ 99. CRYPTO 1999. Lecture Notes in Computer Science, vol 1666. Springer, Berlin, Heidelberg (1999)

  31. Liu, F., Ge, Q., Yarom, Y., Mckeen, F., Rozas, C., Heiser, G., Lee, R.B.: Catalyst: defeating last-level cache side channel attacks in cloud computing. In: IEEE International Symposium on High Performance Computer Architecture (2016)

  32. Liu, F., Lee, R.B.: Random fill cache architecture. In: IEEE/ACM International Symposium on Microarchitecture. IEEE (2014)

  33. Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: Symposium on Security and Privacy (2015)

  34. Maurice, C., Weber, M., Schwarz, M., Giner, L., Gruss, D., Boano, C.A., Mangard, S., Römer, K.: Hello from the other side: SSH over robust cache covert channels in the cloud. In: Network and Distributed System Security Symposium (2017)

  35. Nazari, A., Sehatbakhsh, N., Alam, M., Zajic, A., Prvulovic, M.: Eddie: Em-based detection of deviations in program execution. In: Proceedings of the 44th Annual International Symposium on Computer Architecture. ACM (2017)

  36. Nesbit, K.J., Smith, J.E.: Data cache prefetching using a global history buffer. IEEE Micro 25(1), 90–97 (2005)

    Article  Google Scholar 

  37. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Cryptographers Track at the RSA Conference. Springer, Berlin (2006)

  38. Page, D.: Partitioned cache architecture as a side-channel defence mechanism. IACR Cryptology ePrint archive (2005)

  39. Payer, M.: HexPADS: a platform to detect “stealth” attacks. In: International Symposium on Engineering Secure Software and Systems (2016)

  40. Percival, C.: Cache missing for fun and profit. In: Proc. of BSDCan 2005 (2005)

  41. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Conference on Computer and Communications Security (2009)

  42. Shamir, A.: Protecting smart cards from passive power analysis with detached power supplies. In: International Workshop on Cryptographic Hardware and Embedded Systems. Springer, Berlin (2000)

  43. Shen, J., Venkataramani, G., Prvulovic, M.: Tradeoffs in fine-grained heap memory protection. In: Proceedings of the 1st Workshop on Architectural and System Support for Improving Software Dependability. ACM (2006)

  44. Singh, A., Kar, M., Rajan, A., De, V., Mukhopadhyay, S.: Integrated all-digital low-dropout regulator as a countermeasure to power attack in encryption engines. In: Hardware Oriented Security and Trust (HOST), 2016 IEEE International Symposium on. IEEE (2016)

  45. Tiri, K., Akmal, M., Verbauwhede, I.: A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards. In: Solid-State Circuits Conference, 2002. ESSCIRC 2002. Proceedings of the 28th European. IEEE (2002)

  46. US Department of Defense. Trusted computer system evaluation criteria. Department of Defense Standards (1983)

  47. Venkataramani, G., Doudalis, I., Solihin, Y., Prvulovic, M.: MemTracker: an accelerator for memory debugging and monitoring. ACM Trans. Archit. Code Optim. 6(2), 5 (2009)

    Article  Google Scholar 

  48. Venkataramani, G.P.V.: Low-Cost and Efficient Architectural Support for Correctness and Performance Debugging. Georgia Institute of Technology, Georgia (2009)

    Google Scholar 

  49. Wang, Y., Ferraiuolo, A., Zhang, D., Myers, A.C., Suh, G.E.: SecDCP: secure dynamic cache partitioning for efficient timing channel protection. In: IEEE Design Automation Conference (2016)

  50. Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: Annual Computer Security Applications Conference (2006)

  51. Wang, Z., Lee, R.B.: New cache designs for thwarting software cache-based side channel attacks. In: ACM SIGARCH Computer Architecture News. ACM (2007)

  52. Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: USENIX Security Symposium (2012)

  53. Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of L2 cache covert channels in virtualized environments. In: ACM Workshop on Cloud Computing Security Workshop (2011)

  54. Yan, M., Gopireddy, B., Shull, T., Torrellas, J.: Secure hierarchy-aware cache replacement policy (SHARP): defending against cache-based side channel attacks. In: IEEE International Symposium on Computer Architecture (2017)

  55. Yan, M., Shalabi, Y., Torrellas, J.: ReplayConfusion: detecting cache-based covert channel attacks using record and replay. In: IEEE International Symposium on Microarchitecture (2016)

  56. Yao, F., Doroslovački, M., Venkataramani, G.: Are coherence protocol states vulnerable to information leakage? In: 24th IEEE International Symposium on High-Performance Computer Architecture (2018)

  57. Yao, F., Venkataramani, G., Doroslovački, M.: Covert timing channels exploiting non-uniform memory access based architectures. In: Proceedings of the on Great Lakes Symposium on VLSI 2017. ACM (2017)

  58. Yarom, Y., Benger, N.: Recovering OpenSSL ECDSA nonces using the flush+reload cache side-channel attack. IACR Cryptology ePrint Archive (2014)

  59. Yarom, Y., Falkner, K.: Flush+reload: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security Symposium (2014)

  60. Yilmaz, B., Callan, R., Prvulovic, M., Zajic, A.: Quantifying information leakage in a processor caused by the execution of instructions. In: MILCOM 2017–2017 IEEE Military Communications Conference, pp. 255–260 (2017)

  61. Zhang, X., Xiao, Y., Zhang, Y.: Return-oriented flush-reload side channels on arm and their implications for android devices. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM (2016)

Download references

Acknowledgements

This material is based on work supported by the US National Science Foundation under CAREER Award CCF-1149557 and CNS-1618786, and Semiconductor Research Corp. (SRC) Contract 2016-TS-2684. Any opinions, findings, conclusions, or recommendations expressed in this article are those of the authors, and do not necessarily reflect those of the NSF or SRC.

Author information

Authors and Affiliations

  1. The George Washington University, Washington, DC, USA

    Hongyu Fang, Sai Santosh Dayapule, Fan Yao, Miloš Doroslovački & Guru Venkataramani

Authors
  1. Hongyu Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sai Santosh Dayapule
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fan Yao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Miloš Doroslovački
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guru Venkataramani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guru Venkataramani.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fang, H., Dayapule, S.S., Yao, F. et al. PrODACT: Prefetch-Obfuscator to Defend Against Cache Timing Channels. Int J Parallel Prog 47, 571–594 (2019). https://doi.org/10.1007/s10766-018-0609-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10766-018-0609-3

Keywords

Search

Navigation