Skip to main content
SpringerLink
Log in

Cache-Zoomer: On-demand High-resolution Cache Monitoring for Security

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

Information leakage through timing channels is an increasing threat in most computer systems. Among various hardware components, the CPU caches expose the largest attack surface for timing channels since they are usually shared among multiple processor cores. Recently, cache-based covert timing channels have been exploited by well-known attacks, such as Meltdown, for information leakage. Prior works have explored use of existing hardware performance counters linked to caches in order to detect covert channels. Unfortunately, current hardware performance counters only capture a single cache-wide statistic relating to the activities of an entire cache. As a result, such coarse-grained cache monitoring is very unlikely to capture the adversaries that typically work with limited subsets of cache blocks. To solve the resolution problem in existing cache hardware performance counters, we propose Cache-Zoomer, a framework that provides on-demand high-resolution cache monitoring. Cache-Zoomer uses a small set of configuration registers for on-demand monitoring of specific regions in the cache. At runtime, Cache-Zoomer dynamically selects the cache sub-areas with high frequency of miss patterns for improved monitoring. We demonstrate the efficiency of Cache-Zoomer on various types of cache timing channel attacks with different bandwidths. Our results show that Cache-Zoomer is able to swiftly detect all the cache timing channels studied, while incurring negligible (< 1%) area and power overheads. Our proposed Cache-Zoomer is versatile and can be adapted to other applications such as performance analysis as well.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. (2013) Using intel vtune amplifier. https://software.intel.com/sites/default/files/article/394181/using-intel-vtune-amplifier-xe-on-4th-generation-intel-core-processors.pdfhttps://software.intel.com/sites/default/files/article/394181/using-intel-vtune-amplifier-xe-on-4th-generation-intel-core-processors.pdfhttps://software.intel.com/sites/default/files/article/394181/using-intel-vtune-amplifier-xe-on-4th-generation-intel-core-processors.pdf

  2. (2015) Intel 64 and IA-32 Architectures Software Developer’s Manual

  3. Alagappan M, Rajendran J-JV, Doroslovački M, Venkataramani G (2017) DFS covert channels on multi-core platforms. In: 25th IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC)

  4. Andreou A, Bogdanov A, Tischhauser E (2017) Cache timing attacks on recent microarchitectures.. In: IEEE International Symposium on Hardware Oriented Security and Trust

  5. Andreou A, Bogdanov A, Tischhauser E (2017) Cache timing attacks on recent microarchitectures.. In: IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

  6. Bernstein DJ (2005) Cache-timing attacks on aes.

  7. Nathan Binkert, Beckmann B, Black G, Reinhardt SK, Saidi A, Basu A, Hestness J, Hower DR, Krishna T, Sardashti S et al (2011) The gem5 simulator ACM SIGARCH Computer Architecture News

  8. Chakraborty A, Mondal A, Srivastava A (2017) Correlation power analysis attack against stt-mram based cyptosystems. IACR Cryptology ePrint Archive 2017:413

    Google Scholar 

  9. Chen J, Venkataramani G (2014) An algorithm for detecting contention-based covert timing channels on shared hardware.. In: ACM Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy

  10. Chen J, Venkataramani G (2014) Cc-hunter: uncovering covert timing channels on shared processor hardware.. In: Microarchitecture (MICRO), 2014 47th Annual IEEE/ACM International Symposium on, pages 216–228. IEEE

  11. Chen J, Venkataramani G, Huang HH (2012) Repram: re-cycling pram faulty blocks for extended lifetime.. In: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), pages 1–12. IEEE

  12. Chen J, Venkataramani G, Huang HH (2014) Exploring dynamic redundancy to resuscitate faulty PCM blocks. J. Emerg. Technol. Comput. Syst. 10(4):31:1–31:23

    Article  Google Scholar 

  13. Chiappetta M, Savas E, Yilmaz C (2016) Real time detection of cache-based side-channel attacks using hardware performance counters. Appl. Soft Comput. 49:1162–1174

    Article  Google Scholar 

  14. Clavier C, Marion D, Wurcker A (2014) Simple power analysis on aes key expansion revisited.. In: International Workshop on Cryptographic Hardware and Embedded Systems, pages 279–297. Springer

  15. De Melo AC (2010) The new linux’perf’tools, vol 18, pp 1–42

  16. Demme J, Martin R, Waksman A, Sethumadhavan S (2012) Side-channel vulnerability factor: a metric for measuring information leakage. SIGARCH Comput, Archit. News 40(3):106–117

    Article  Google Scholar 

  17. Demme J, Maycock M, Schmitz J, Tang A, Waksman A, Sethumadhavan S, Stolfo S (2013) On the feasibility of online malware detection with performance counters.. In: ACM SIGARCH Computer Architecture News, volume 41, pages 559–570. ACM

  18. Evtyushkin D, Ponomarev D (2016) Covert channels through random number generator: mechanisms, capacity estimation and mitigations.. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 843–857. ACM

  19. Fang H, Dayapule SS, Yao F, Doroslovački M, Venkataramani G (2018) Prefetch-guard: leveraging hardware prefetches to defend against cache timing channels. In: 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp 187–190

  20. Gullasch D, Bangerter E, Krenn S (2011) Cache games–bringing access-based cache attacks on aes to practice.. In: IEEE Symposium on Security and Privacy, pages 490–505. IEEE, 2011

  21. Harris A, Wei S, Sahu P, Kumar P, Austin T, Tiwari M (2019) Cyclone: detecting contention-based cache information leaks through cyclic interference. In: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture, pp 57–72

  22. John L (2006) Henning. Spec cpu2006 benchmark descriptions. ACM SIGARCH Computer Architecture News 34(4):1–17

    Article  Google Scholar 

  23. Hunger C, Kazdagli M, Rawat A, Dimakis A, Vishwanath S, Tiwari M (2015) Understanding contention-based channels and using them for defense.. In: 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA), pages 639–650. IEEE

  24. Jaleel A (2010) Memory characterization of workloads using instrumentation-driven simulation. Web Copy: http://www.glue.umd.edu/ajaleel/workload

  25. Jiang ZH, Fei Y (2017) A novel cache bank timing attack. In: 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp 139–146

  26. Jiang ZH, Fei Y, Kaeli D (2017) A novel side-channel timing attack on gpus. In: Proceedings of the on Great Lakes Symposium on VLSI 2017, pages 167–172 ACM

  27. Kayaalp M, Ponomarev D, Abu-Ghazaleh N, Jaleel A (2016) A high-resolution side-channel attack on last-level cache.. In: ACM/EDAC/IEEE Design Automation Conference

  28. Kayaalp M, Khasawneh KN, Esfeden HA, Elwell J, Abu-Ghazaleh N, Ponomarev D, Jaleel A (2017) RIC: relaxed inclusion caches for mitigating llc side-channel attacks.. In: ACM Design Automation Conference

  29. Kim T, Peinado M, Mainar-Ruiz G (2012) Stealthmem: system-level protection against cache-based side channel attacks in the cloud.. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security’12, pages 11–11, Berkeley, CA, USA, USENIX Association.

  30. Kocher P, Jaffe J, Jun B (1999) Differential power analysis.. In: Annual International Cryptology Conference, pages 388–397. Springer

  31. Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Mangard S, Kocher P, Genkin D, Yarom Y, Hamburg M (2018) Meltdown. arXiv:1801.01207

  32. Liu F, Ge Q, Yarom Y, Mckeen F, Rozas C, Heiser G, Lee RB (2016) Catalyst: defeating last-level cache side channel attacks in cloud computing.. In: IEEE International Symposium on High Performance Computer Architecture

  33. Liu F, Yarom Y, Ge Q, Heiser G, Lee RB (2015) Last-level cache side-channel attacks are practical.. In: Symposium on Security and Privacy

  34. Lyu Y, Mishra P (2018) A survey of side-Channel attacks on caches and countermeasures. Journal of Hardware and Systems Security 2(1):33–50

    Article  Google Scholar 

  35. Mittal S, Abhinaya SB, Reddy M, Ali I (2018) A Survey of Techniques for Improving Security of GPUs. J. Hardware Syst. Secur. 2.3:266–285

    Article  Google Scholar 

  36. Muralimanohar N, Balasubramonian R Cacti 6.0: a tool to understand large caches

  37. Nazari A, Sehatbakhsh N, Alam M, Zajic A, Prvulovic M (2017) Eddie: EM-based detection of deviations in program execution. In: ACM Proceedings of the 44th Annual International Symposium on Computer Architecture., pp 333–346

  38. Park J, Xu X, Jin Y, Forte D, Tehranipoor M (2018) Power-based side-channel instruction-level disassembler.. In: Proceedings of the 55th Annual Design Automation Conference, DAC ’18, pages 119:1–119:6, New York, NY, USA,ACM.

  39. Payer M (2016) Hexpads: a platform to detect ”stealth” attacks.. In: International Symposium on Engineering Secure Software and Systems, pages 138–154. Springer

  40. Payer M (2016) Hexpads: a platform to detect “Stealth” attacks.. In: International Symposium on Engineering Secure Software and Systems

  41. Raj H, Nathuji R, Singh A, England P (2009) Resource management for isolation enhanced cloud services.. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW ’09, pages 77–84, New York, NY, USA, ACM.

  42. Das Sharma D (2009) Intel® 5520 chipset: an i / o hub chipset for server, workstation, and high end desktop 2009 IEEE Hot Chips 21 Symposium (HCS)

  43. Shen J, Venkataramani G, Prvulovic M (2006) Tradeoffs in fine-grained heap memory protection.. In: ACM Proceedings of the 1st workshop on Architectural and system support for improving software dependability

  44. Singh A, Kar M, Rajan A, De V, Mukhopadhyay S (2016) Integrated all-digital low-dropout regulator as a countermeasure to power attack in encryption engines.. In: IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

  45. Cloyce D (2007) Spradling. Spec cpu2006 benchmark tools. ACM SIGARCH Computer Architecture News 35(1):130– 134

    Article  Google Scholar 

  46. Torres G (2008) Inside intel nehalem microarchitecture

  47. Venkataramani G, Chen J, Doroslovački M (2016) Detecting hardware covert timing channels. IEEE Micro 36(5):17–27

    Article  Google Scholar 

  48. Venkataramani G, Doudalis I, Solihi Y, Prvulovic M (2009) Memtracker: an accelerator for memory debugging and monitoring. ACM Transactions on Architecture and Code Optimization (TACO) 6(2):5

    Google Scholar 

  49. Venkataramani G, Hughes CJ, Kumar S, Prvulovic M (2011) Deft: design space exploration for on-the-fly detection of coherence misses. ACM Transactions on Architecture and Code Optimization (TACO) 8(2):8

    Google Scholar 

  50. Guru Prasadh V (2009) Venkataramani. Low-cost and efficient architectural support for correctness and performance debugging Georgia Institute of Technology

  51. de Vries H Chip architect: Amd’s next generation micro processor’s architecture

  52. Wang Y, Ferraiuolo A, Zhang D, Myers AC, Suh GE (2016) Secdcp: secure dynamic cache partitioning for efficient timing channel protection.. In: IEEE Design Automation Conference

  53. Weaver V (2014) Perf_event_open manual page perf_event_open. 2. Linux Programmer’s Manual, M. Kerrisk, Ed

  54. Zhenyu W, Zhang X, Wang H (2012) Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: USENIX Security symposium, pp 159–173

  55. Zhenyu W, Zhang X, Wang H (2015) Whispers in the hyper-space: high-bandwidth and reliable covert channel attacks inside the cloud. IEEE/ACM Trans Networking 23(2):603–615

    Article  Google Scholar 

  56. Xue H, Chen Y, Yao F, Li Y, Lan T, Venkataramani G (2017) Simber: eliminating redundant memory bound checks via statistical inference.. In: IFIP International Conference on ICT Systems Security and Privacy Protection, pages 413–426. Springer

  57. Yan M, Gopireddy B, Shull T, Torrellas J (2017) Secure hierarchy-aware cache replacement policy (sharp): defending against cache-based side channel atacks.. In: IEEE International Symposium on Computer Architecture

  58. Yan M, Shalabi Y, Torrellas J (2016) Replayconfusion: detecting cache-based covert channel attacks using record and replay.. In: Microarchitecture (MICRO), 2016 49th Annual IEEE/ACM International Symposium on, pages 1–14. IEEE

  59. Yan M, Shalabi Y, Torrellas J (2016) ReplayConfusion: detecting cache-based covert channel attacks using record and replay.. In: IEEE International Symposium on Microarchitecture

  60. Yao F, Doroslovački M, Venkataramani G (2018) Are coherence protocol states vulnerable to information leakage?. In: 24th IEEE International Symposium on High-Performance Computer Architecture

  61. Yao F, Fang H, Doroslovacki M, Venkataramani G (2019) Cotsknight: practical defense against cache timing channel attacks using cache monitoring and partitioning technologies.. In: Proc. HOST

  62. Yao F, Li Y, Chen Y, Xue H, Lan T, Venkataramani G (2017) Statsym: vulnerable path discovery through statistics-guided symbolic execution.. In: Dependable Systems and Networks (DSN), 2017 47th Annual IEEE/IFIP International Conference on, pages 109–120. IEEE

  63. Yao F, Venkataramani G, Doroslovački M (2017) Covert timing channels exploiting non-uniform memory access based architectures.. In: ACM Proceedings of the on Great Lakes Symposium on VLSI 2017

  64. Yarom Y, Falkner K (2014) Flush+ reload: a high resolution, low noise, l3 cache side-channel attack. In: USENIX Security Symposium, pp 719–732

  65. Yilmaz B, Callan R, Prvulovic M, Zajic A (2017) Quantifying information leakage in a processor caused by the execution of instructions. In: MILCOM 2017 - 2017 IEEE Military Communications Conference, vol 10, pp 255–260

  66. Zhang T, Zhang Y, Lee RB (2016) Cloudradar: a real-time side-channel attack detection system in clouds.. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pages 118–140. Springer

Download references

Author information

Authors and Affiliations

  1. George Washington University, Washington, DC, USA

    Hongyu Fang, Sai Santosh Dayapule, Milos Doroslovacki & Guru Venkataramani

  2. University of Central Florida, Orlando, FL, USA

    Fan Yao

Authors
  1. Hongyu Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sai Santosh Dayapule
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fan Yao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Milos Doroslovacki
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guru Venkataramani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hongyu Fang.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fang, H., Dayapule, S.S., Yao, F. et al. Cache-Zoomer: On-demand High-resolution Cache Monitoring for Security. J Hardw Syst Secur 4, 180–195 (2020). https://doi.org/10.1007/s41635-020-00095-w

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-020-00095-w

Keywords

Search

Navigation