skip to main content
10.1145/2664243.2664273acmotherconferencesArticle/Chapter ViewAbstractPublication PagesacsacConference Proceedingsconference-collections
research-article

New models of cache architectures characterizing information leakage from cache side channels

Published: 08 December 2014 Publication History

Abstract

Side-channel attacks try to breach confidentiality and retrieve critical secrets through the side channels. Cache memories are a potential source of information leakage through side-channel attacks, many of which have been proposed. Meanwhile, different cache architectures have also been proposed to defend against these attacks. However, there are currently no means for comparing and evaluating the effectiveness of different defense solutions against these attacks.
In this paper, we propose a novel method to evaluate a system's vulnerability to side-channel attacks. We establish side-channel leakage models based on the non-interference property. Then we define how the security aspects of a cache architecture can be modeled as a finite-state machine (FSM) with state transitions that cause interference. We use mutual information to quantitatively reveal potential side-channel leakage of the architectures, and allow comparison of these architectures for their relative vulnerabilities to side-channel attacks. We use real attacks to validate our results.

References

[1]
D. Gullasch, E. Bangerter, and S. Krenn, "Cache games--bringing access-based cache attacks on aes to practice," in IEEE Symp. on Security and Privacy, 2011.
[2]
T. S. Messerges, E. A. Dabbish, and R. H. Sloan, "Investigations of power analysis attacks on smartcards," in USENIX Workshop on Smartcard Technology, 1999.
[3]
P. C. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," in Annual Intl. Cryptology Conference on Advances in Cryptology, 1999.
[4]
N. Homma, T. Aoki, and A. Satoh, "Electromagnetic information leakage for side-channel analysis of cryptographic modules," in IEEE Intl. Symp. on Electromagnetic Compatibility, 2010.
[5]
P. Kocher, R. Lee, G. McGraw, and A. Raghunathan, "Security as a new dimension in embedded system design," in Design Automation Conference, 2004.
[6]
J.-F. Dhem, F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater, and J.-L. Willems, "A practical implementation of the timing attack," in Intl. Conf. on Smart Card Research and Applications, 2000.
[7]
C. Percival, "Cache missing for fun and profit," in Proc. of BSDCan, 2005.
[8]
D. J. Bernstein, "Cache-timing attacks on aes," tech. rep., 2005.
[9]
J. Bonneau and I. Mironov, "Cache-collision timing attacks against aes," in Lecture Notes in Computer Science series 4249, Springer, 2006.
[10]
Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, "Cross-vm side channels and their use to extract private keys," in ACM Conference on Computer and Communications Security, 2012.
[11]
E. Brickell, G. Graunke, M. Neve, and J.-P. Seifert, "Software mitigations to hedge aes against cache-based software side channel vulnerabilities," 2006.
[12]
E. Käsper and P. Schwabe, "Faster and timing-attack resistant aes-gcm," in Cryptographic Hardware and Embedded Systems, 2009.
[13]
Z. Wang and R. B. Lee, "New cache designs for thwarting software cache-based side channel attacks," in ACM/IEEE Intl. Symp. on Computer Architecture, 2007.
[14]
Z. Wang and R. Lee, "A novel cache architecture with enhanced performance and security," in IEEE/ACM Intl. Symp. on Microarchitecture, 2008.
[15]
L. Domnitser, A. Jaleel, J. Loew, N. Abu-Ghazaleh, and D. Ponomarev, "Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks," ACM Trans. Archit. Code Optim., 2012.
[16]
O. Aciiçmez and c. K. Koç, "Trace-driven cache attacks on aes," in Intl. Conference on Information and Communications Security, 2006.
[17]
D. A. Osvik, A. Shamir, and E. Tromer, "Cache attacks and countermeasures: the case of aes," in RSA conference on Topics in Cryptology, 2006.
[18]
O. Aciiçmez, "Yet another microarchitectural attack: exploiting i-cache," in ACM workshop on Computer security architecture, 2007.
[19]
Z. Wang, Information Leakage Due to Cache and Processor Architectures. PhD thesis, Princeton, 2012.
[20]
Z. Wang and R. B. Lee, "Covert and side channels due to processor architecture," in Annual Computer Security Applications Conference, 2006.
[21]
F. Liu and R. B. Lee, "Security testing of a secure cache design," in Hardware and Architectural Support for Security and Privacy, 2013.
[22]
J. A. Goguen and J. Meseguer, "Security policies and security models," in IEEE Symp. on Security and Privacy, 1982.
[23]
T. M. Cover and J. A. Thomas, Elements of Information Theory. Wiley InterScience, 2006.
[24]
T. Zhang and R. B. Lee, "Secure Cache Modeling for Measuring Side-channel Leakage," in Tech. Report, http://palms.ee.princeton.edu/node/428.
[25]
D. L. Dill, A. J. Drexler, A. J. Hu, and C. H. Yang, "Protocol verification as a hardware design aid," in Intl. Conference on Computer Design: VLSI in Computer & Processors, 1992.
[26]
J. Kong, O. Aciicmez, J.-P. Seifert, and H. Zhou, "Hardware-software integrated approaches to defend against software cache-based side channel attacks," in IEEE Intl. Symp. on High Performance Computer Architecture, 2009.
[27]
S. Gueron, "Intel advanced encryption standard (aes) instructions set," 2010.
[28]
"The gem5 simulator system," in http://www.gem5.org.
[29]
F.-X. Standaert, T. G. Malkin, and M. Yung, "A unified framework for the analysis of side-channel key recovery attacks," in Annual Intl. Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques, 2009.
[30]
B. Köpf, L. Mauborgne, and M. Ochoa, "Automatic quantification of cache side-channels," in Intl. Conference on Computer Aided Verification, 2012.
[31]
B. Köpf and D. Basin, "An information-theoretic model for adaptive side-channel attacks," in ACM Conf. on Computer and Comms. Security, 2007.
[32]
C. Rebeiro and D. Mukhopadhyay, "Boosting profiled cache timing attacks with a priori analysis," IEEE Trans. on Information Forensics and Security, 2012.
[33]
L. Domnitser, N. Abu-Ghazaleh, and D. Ponomarev, "A predictive model for cache-based side channels in multicore and multithreaded microprocessors," in Intl. Conference on Mathematical Methods, Models and Architectures for Computer Network Security, 2010.
[34]
J. Demme, R. Martin, A. Waksman, and S. Sethumadhavan, "Side-channel vulnerability factor: a metric for measuring information leakage," in ACM/IEEE Intl. Symp. on Computer Architecture, 2012.
[35]
S. Bhattacharya, C. Rebeiro, and D. Mukhopadhyay, "Hardware prefetchers leak: A revisit of SVF for cache-timing attacks," in Hardware and Architectural Support for Security and Privacy, 2012.
[36]
T. Zhang, S. Chen, F. Liu, and R. B. Lee, "Side channel vulnerability metrics: the promise and the pitfalls," in Hardware and Architectural Support for Security and Privacy, 2013.
[37]
P. Porras and R. Kemmerer, "Covert flow trees: a technique for identifying and analyzing covert storage channels," in IEEE Computer Society Symp. on Research in Security and Privacy, 1991.
[38]
J. Svenningsson and D. Sands, "Specification and verification of side channel declassification," in Intl. Conf. on Formal Aspects in Security and Trust, 2010.
[39]
J. Bacelar Almeida, M. Barbosa, J. S. Pinto, and B. Vieira, "Formal verification of side-channel countermeasures using self-composition," Sci. Comput. Program., 2013.

Cited By

View all
  • (2025)SAluMC: Thwarting Side-Channel Attacks via Random Number Injection in RISC-VEntropy10.3390/e2702020227:2(202)Online publication date: 14-Feb-2025
  • (2024)SCAFinder: Formal Verification of Cache Fine-Grained Features for Side Channel DetectionIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345200219(8079-8093)Online publication date: 2024
  • (2023)Metior: A Comprehensive Model to Evaluate Obfuscating Side-Channel Defense SchemesProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589073(1-16)Online publication date: 17-Jun-2023
  • Show More Cited By
  1. New models of cache architectures characterizing information leakage from cache side channels

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Other conferences
        ACSAC '14: Proceedings of the 30th Annual Computer Security Applications Conference
        December 2014
        492 pages
        ISBN:9781450330053
        DOI:10.1145/2664243
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Sponsors

        • ACSA: Applied Computing Security Assoc

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 08 December 2014

        Permissions

        Request permissions for this article.

        Check for updates

        Qualifiers

        • Research-article

        Conference

        ACSAC '14
        Sponsor:
        • ACSA
        ACSAC '14: Annual Computer Security Applications Conference
        December 8 - 12, 2014
        Louisiana, New Orleans, USA

        Acceptance Rates

        Overall Acceptance Rate 104 of 497 submissions, 21%

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)27
        • Downloads (Last 6 weeks)3
        Reflects downloads up to 19 Feb 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2025)SAluMC: Thwarting Side-Channel Attacks via Random Number Injection in RISC-VEntropy10.3390/e2702020227:2(202)Online publication date: 14-Feb-2025
        • (2024)SCAFinder: Formal Verification of Cache Fine-Grained Features for Side Channel DetectionIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345200219(8079-8093)Online publication date: 2024
        • (2023)Metior: A Comprehensive Model to Evaluate Obfuscating Side-Channel Defense SchemesProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589073(1-16)Online publication date: 17-Jun-2023
        • (2023)Survey of Approaches and Techniques for Security Verification of Computer SystemsACM Journal on Emerging Technologies in Computing Systems10.1145/356478519:1(1-34)Online publication date: 19-Jan-2023
        • (2023)Verifying RISC-V Privilege Transition Integrity Through Symbolic Execution2023 IEEE 32nd Asian Test Symposium (ATS)10.1109/ATS59501.2023.10317946(1-6)Online publication date: 14-Oct-2023
        • (2023)Towards a metrics suite for evaluating cache side-channel vulnerabilityComputers and Security10.1016/j.cose.2023.103480135:COnline publication date: 1-Dec-2023
        • (2023)Extending the classical side-channel analysis framework to access-driven cache attacksComputers and Security10.1016/j.cose.2023.103255129:COnline publication date: 1-Jun-2023
        • (2022)Noise-Free Security Assessment of Eviction Set Construction Algorithms with Randomized CachesApplied Sciences10.3390/app1205241512:5(2415)Online publication date: 25-Feb-2022
        • (2022)Microwalk-CIProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560654(2915-2929)Online publication date: 7-Nov-2022
        • (2022)TimeDice: Schedulability-Preserving Priority Inversion for Mitigating Covert Timing Channels Between Real-time Partitions2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN53405.2022.00052(453-465)Online publication date: Jun-2022
        • Show More Cited By

        View Options

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Figures

        Tables

        Media

        Share

        Share

        Share this Publication link

        Share on social media