Abstract
Information leakage through timing channels is an increasing threat in most computer systems. Among various hardware components, the CPU caches expose the largest attack surface for timing channels since they are usually shared among multiple processor cores. Recently, cache-based covert timing channels have been exploited by well-known attacks, such as Meltdown, for information leakage. Prior works have explored use of existing hardware performance counters linked to caches in order to detect covert channels. Unfortunately, current hardware performance counters only capture a single cache-wide statistic relating to the activities of an entire cache. As a result, such coarse-grained cache monitoring is very unlikely to capture the adversaries that typically work with limited subsets of cache blocks. To solve the resolution problem in existing cache hardware performance counters, we propose Cache-Zoomer, a framework that provides on-demand high-resolution cache monitoring. Cache-Zoomer uses a small set of configuration registers for on-demand monitoring of specific regions in the cache. At runtime, Cache-Zoomer dynamically selects the cache sub-areas with high frequency of miss patterns for improved monitoring. We demonstrate the efficiency of Cache-Zoomer on various types of cache timing channel attacks with different bandwidths. Our results show that Cache-Zoomer is able to swiftly detect all the cache timing channels studied, while incurring negligible (< 1%) area and power overheads. Our proposed Cache-Zoomer is versatile and can be adapted to other applications such as performance analysis as well.
Similar content being viewed by others
References
(2013) Using intel vtune amplifier. https://software.intel.com/sites/default/files/article/394181/using-intel-vtune-amplifier-xe-on-4th-generation-intel-core-processors.pdfhttps://software.intel.com/sites/default/files/article/394181/using-intel-vtune-amplifier-xe-on-4th-generation-intel-core-processors.pdfhttps://software.intel.com/sites/default/files/article/394181/using-intel-vtune-amplifier-xe-on-4th-generation-intel-core-processors.pdf
(2015) Intel 64 and IA-32 Architectures Software Developer’s Manual
Alagappan M, Rajendran J-JV, Doroslovački M, Venkataramani G (2017) DFS covert channels on multi-core platforms. In: 25th IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC)
Andreou A, Bogdanov A, Tischhauser E (2017) Cache timing attacks on recent microarchitectures.. In: IEEE International Symposium on Hardware Oriented Security and Trust
Andreou A, Bogdanov A, Tischhauser E (2017) Cache timing attacks on recent microarchitectures.. In: IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
Bernstein DJ (2005) Cache-timing attacks on aes.
Nathan Binkert, Beckmann B, Black G, Reinhardt SK, Saidi A, Basu A, Hestness J, Hower DR, Krishna T, Sardashti S et al (2011) The gem5 simulator ACM SIGARCH Computer Architecture News
Chakraborty A, Mondal A, Srivastava A (2017) Correlation power analysis attack against stt-mram based cyptosystems. IACR Cryptology ePrint Archive 2017:413
Chen J, Venkataramani G (2014) An algorithm for detecting contention-based covert timing channels on shared hardware.. In: ACM Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy
Chen J, Venkataramani G (2014) Cc-hunter: uncovering covert timing channels on shared processor hardware.. In: Microarchitecture (MICRO), 2014 47th Annual IEEE/ACM International Symposium on, pages 216–228. IEEE
Chen J, Venkataramani G, Huang HH (2012) Repram: re-cycling pram faulty blocks for extended lifetime.. In: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), pages 1–12. IEEE
Chen J, Venkataramani G, Huang HH (2014) Exploring dynamic redundancy to resuscitate faulty PCM blocks. J. Emerg. Technol. Comput. Syst. 10(4):31:1–31:23
Chiappetta M, Savas E, Yilmaz C (2016) Real time detection of cache-based side-channel attacks using hardware performance counters. Appl. Soft Comput. 49:1162–1174
Clavier C, Marion D, Wurcker A (2014) Simple power analysis on aes key expansion revisited.. In: International Workshop on Cryptographic Hardware and Embedded Systems, pages 279–297. Springer
De Melo AC (2010) The new linux’perf’tools, vol 18, pp 1–42
Demme J, Martin R, Waksman A, Sethumadhavan S (2012) Side-channel vulnerability factor: a metric for measuring information leakage. SIGARCH Comput, Archit. News 40(3):106–117
Demme J, Maycock M, Schmitz J, Tang A, Waksman A, Sethumadhavan S, Stolfo S (2013) On the feasibility of online malware detection with performance counters.. In: ACM SIGARCH Computer Architecture News, volume 41, pages 559–570. ACM
Evtyushkin D, Ponomarev D (2016) Covert channels through random number generator: mechanisms, capacity estimation and mitigations.. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 843–857. ACM
Fang H, Dayapule SS, Yao F, Doroslovački M, Venkataramani G (2018) Prefetch-guard: leveraging hardware prefetches to defend against cache timing channels. In: 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp 187–190
Gullasch D, Bangerter E, Krenn S (2011) Cache games–bringing access-based cache attacks on aes to practice.. In: IEEE Symposium on Security and Privacy, pages 490–505. IEEE, 2011
Harris A, Wei S, Sahu P, Kumar P, Austin T, Tiwari M (2019) Cyclone: detecting contention-based cache information leaks through cyclic interference. In: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture, pp 57–72
John L (2006) Henning. Spec cpu2006 benchmark descriptions. ACM SIGARCH Computer Architecture News 34(4):1–17
Hunger C, Kazdagli M, Rawat A, Dimakis A, Vishwanath S, Tiwari M (2015) Understanding contention-based channels and using them for defense.. In: 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA), pages 639–650. IEEE
Jaleel A (2010) Memory characterization of workloads using instrumentation-driven simulation. Web Copy: http://www.glue.umd.edu/ajaleel/workload
Jiang ZH, Fei Y (2017) A novel cache bank timing attack. In: 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp 139–146
Jiang ZH, Fei Y, Kaeli D (2017) A novel side-channel timing attack on gpus. In: Proceedings of the on Great Lakes Symposium on VLSI 2017, pages 167–172 ACM
Kayaalp M, Ponomarev D, Abu-Ghazaleh N, Jaleel A (2016) A high-resolution side-channel attack on last-level cache.. In: ACM/EDAC/IEEE Design Automation Conference
Kayaalp M, Khasawneh KN, Esfeden HA, Elwell J, Abu-Ghazaleh N, Ponomarev D, Jaleel A (2017) RIC: relaxed inclusion caches for mitigating llc side-channel attacks.. In: ACM Design Automation Conference
Kim T, Peinado M, Mainar-Ruiz G (2012) Stealthmem: system-level protection against cache-based side channel attacks in the cloud.. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security’12, pages 11–11, Berkeley, CA, USA, USENIX Association.
Kocher P, Jaffe J, Jun B (1999) Differential power analysis.. In: Annual International Cryptology Conference, pages 388–397. Springer
Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Mangard S, Kocher P, Genkin D, Yarom Y, Hamburg M (2018) Meltdown. arXiv:1801.01207
Liu F, Ge Q, Yarom Y, Mckeen F, Rozas C, Heiser G, Lee RB (2016) Catalyst: defeating last-level cache side channel attacks in cloud computing.. In: IEEE International Symposium on High Performance Computer Architecture
Liu F, Yarom Y, Ge Q, Heiser G, Lee RB (2015) Last-level cache side-channel attacks are practical.. In: Symposium on Security and Privacy
Lyu Y, Mishra P (2018) A survey of side-Channel attacks on caches and countermeasures. Journal of Hardware and Systems Security 2(1):33–50
Mittal S, Abhinaya SB, Reddy M, Ali I (2018) A Survey of Techniques for Improving Security of GPUs. J. Hardware Syst. Secur. 2.3:266–285
Muralimanohar N, Balasubramonian R Cacti 6.0: a tool to understand large caches
Nazari A, Sehatbakhsh N, Alam M, Zajic A, Prvulovic M (2017) Eddie: EM-based detection of deviations in program execution. In: ACM Proceedings of the 44th Annual International Symposium on Computer Architecture., pp 333–346
Park J, Xu X, Jin Y, Forte D, Tehranipoor M (2018) Power-based side-channel instruction-level disassembler.. In: Proceedings of the 55th Annual Design Automation Conference, DAC ’18, pages 119:1–119:6, New York, NY, USA,ACM.
Payer M (2016) Hexpads: a platform to detect ”stealth” attacks.. In: International Symposium on Engineering Secure Software and Systems, pages 138–154. Springer
Payer M (2016) Hexpads: a platform to detect “Stealth” attacks.. In: International Symposium on Engineering Secure Software and Systems
Raj H, Nathuji R, Singh A, England P (2009) Resource management for isolation enhanced cloud services.. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW ’09, pages 77–84, New York, NY, USA, ACM.
Das Sharma D (2009) Intel® 5520 chipset: an i / o hub chipset for server, workstation, and high end desktop 2009 IEEE Hot Chips 21 Symposium (HCS)
Shen J, Venkataramani G, Prvulovic M (2006) Tradeoffs in fine-grained heap memory protection.. In: ACM Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Singh A, Kar M, Rajan A, De V, Mukhopadhyay S (2016) Integrated all-digital low-dropout regulator as a countermeasure to power attack in encryption engines.. In: IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
Cloyce D (2007) Spradling. Spec cpu2006 benchmark tools. ACM SIGARCH Computer Architecture News 35(1):130– 134
Torres G (2008) Inside intel nehalem microarchitecture
Venkataramani G, Chen J, Doroslovački M (2016) Detecting hardware covert timing channels. IEEE Micro 36(5):17–27
Venkataramani G, Doudalis I, Solihi Y, Prvulovic M (2009) Memtracker: an accelerator for memory debugging and monitoring. ACM Transactions on Architecture and Code Optimization (TACO) 6(2):5
Venkataramani G, Hughes CJ, Kumar S, Prvulovic M (2011) Deft: design space exploration for on-the-fly detection of coherence misses. ACM Transactions on Architecture and Code Optimization (TACO) 8(2):8
Guru Prasadh V (2009) Venkataramani. Low-cost and efficient architectural support for correctness and performance debugging Georgia Institute of Technology
de Vries H Chip architect: Amd’s next generation micro processor’s architecture
Wang Y, Ferraiuolo A, Zhang D, Myers AC, Suh GE (2016) Secdcp: secure dynamic cache partitioning for efficient timing channel protection.. In: IEEE Design Automation Conference
Weaver V (2014) Perf_event_open manual page perf_event_open. 2. Linux Programmer’s Manual, M. Kerrisk, Ed
Zhenyu W, Zhang X, Wang H (2012) Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: USENIX Security symposium, pp 159–173
Zhenyu W, Zhang X, Wang H (2015) Whispers in the hyper-space: high-bandwidth and reliable covert channel attacks inside the cloud. IEEE/ACM Trans Networking 23(2):603–615
Xue H, Chen Y, Yao F, Li Y, Lan T, Venkataramani G (2017) Simber: eliminating redundant memory bound checks via statistical inference.. In: IFIP International Conference on ICT Systems Security and Privacy Protection, pages 413–426. Springer
Yan M, Gopireddy B, Shull T, Torrellas J (2017) Secure hierarchy-aware cache replacement policy (sharp): defending against cache-based side channel atacks.. In: IEEE International Symposium on Computer Architecture
Yan M, Shalabi Y, Torrellas J (2016) Replayconfusion: detecting cache-based covert channel attacks using record and replay.. In: Microarchitecture (MICRO), 2016 49th Annual IEEE/ACM International Symposium on, pages 1–14. IEEE
Yan M, Shalabi Y, Torrellas J (2016) ReplayConfusion: detecting cache-based covert channel attacks using record and replay.. In: IEEE International Symposium on Microarchitecture
Yao F, Doroslovački M, Venkataramani G (2018) Are coherence protocol states vulnerable to information leakage?. In: 24th IEEE International Symposium on High-Performance Computer Architecture
Yao F, Fang H, Doroslovacki M, Venkataramani G (2019) Cotsknight: practical defense against cache timing channel attacks using cache monitoring and partitioning technologies.. In: Proc. HOST
Yao F, Li Y, Chen Y, Xue H, Lan T, Venkataramani G (2017) Statsym: vulnerable path discovery through statistics-guided symbolic execution.. In: Dependable Systems and Networks (DSN), 2017 47th Annual IEEE/IFIP International Conference on, pages 109–120. IEEE
Yao F, Venkataramani G, Doroslovački M (2017) Covert timing channels exploiting non-uniform memory access based architectures.. In: ACM Proceedings of the on Great Lakes Symposium on VLSI 2017
Yarom Y, Falkner K (2014) Flush+ reload: a high resolution, low noise, l3 cache side-channel attack. In: USENIX Security Symposium, pp 719–732
Yilmaz B, Callan R, Prvulovic M, Zajic A (2017) Quantifying information leakage in a processor caused by the execution of instructions. In: MILCOM 2017 - 2017 IEEE Military Communications Conference, vol 10, pp 255–260
Zhang T, Zhang Y, Lee RB (2016) Cloudradar: a real-time side-channel attack detection system in clouds.. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pages 118–140. Springer
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Fang, H., Dayapule, S.S., Yao, F. et al. Cache-Zoomer: On-demand High-resolution Cache Monitoring for Security. J Hardw Syst Secur 4, 180–195 (2020). https://doi.org/10.1007/s41635-020-00095-w
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-020-00095-w