skip to main content
10.1145/2768566.2768570acmconferencesArticle/Chapter ViewAbstractPublication PageshaspConference Proceedingsconference-collections
research-article

Can randomized mapping secure instruction caches from side-channel attacks?

Published: 14 June 2015 Publication History

Abstract

Information leakage through cache side channels is a serious threat in computer systems. The leak of secret cryptographic keys voids the protections provided by strong cryptography and software virtualization. Past cache side channel defenses focused almost entirely on data caches. Recently, instruction cache based side-channel attacks have been demonstrated to be practical -- even in a Cloud Computing environment across two virtual machines. Unlike data caches, instruction caches leak information through secret-dependent execution paths. In this paper, we propose to use a classification matrix to quantitatively characterize the vulnerability of an instruction cache to software side channel attacks. We use this quantitative analysis to answer the open question: can randomized mapping proposed for thwarting data cache side channel attacks secure instruction caches? We further study the performance impact of the randomized mapping approach for the instruction cache.

References

[1]
Apache. http://www.apache.org/.
[2]
ffserver. https://www.ffmpeg.org/ffserver.html.
[3]
libgcrypt. http://www.gnu.org/software/libgcrypt/.
[4]
libsvm. http://www.csie.ntu.edu.tw/ cjlin/libsvm/.
[5]
openRTSP. http://www.live555.com/openRTSP/.
[6]
SPEC CPU 2006. http://www.spec.org/cpu2006/.
[7]
The gem5 Simulator System. http://www.gem5.org.
[8]
tomcat. http://tomcat.apache.org/.
[9]
O. Aciiçmez. Yet Another Microarchitectural Attack: Exploiting I-cache. In ACM Workshop on Computer Security Architecture, pages 11--18, October 2007.
[10]
O. Aciiçmez, B. B. Brumley, and P. Grabher. New Results on Instruction Cache Attacks. In Proceedings of the 12th International Conference on Cryptographic Hardware and Embedded Systems (CHES'10), pages 110--124, 2010.
[11]
D. J. Bernstein. Cache-timing Attacks on AES. Technical report, 2005.
[12]
J. Bonneau and I. Mironov. Cache-Collision Timing Attacks against AES. In Proceedings of Cryptographic Hardware and Embedded Systems (CHES'06), pages 201--215, 2006.
[13]
B. E. Boser, I. M. Guyon, and V. N. Vapnik. A training algorithm for optimal margin classifiers. In Proceedings of the Fifth Annual Workshop on Computational Learning Theory, COLT '92, pages 144--152, New York, NY, USA, 1992. ACM.
[14]
C. Cortes and V. Vapnik. Support-vector networks. Mach. Learn., 20(3): 273--297, Sept. 1995.
[15]
D. Gullasch, E. Bangerter, and S. Krenn. Cache Games --- Bringing Access-Based Cache Attacks on AES to Practice. In Proceedings of IEEE Symposium on Security and Privacy (SP'11), pages 490--505, 2011.
[16]
D. A. Osvik, A. Shamir, and E. Tromer. Cache Attacks and Countermeasures: the Case of AES. In Proceedings of The Cryptographers' Track at the RSA conference on Topics in Cryptology (CT-RSA'06), pages 1--20, 2006.
[17]
D. Page. Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel. IACR Cryptology ePrint Archive, page 169, 2002.
[18]
C. Percival. Cache Missing for Fun and Profit. In Proc. of BSDCan, 2005.
[19]
Z. Wang and R. B. Lee. New Cache Designs for Thwarting Software Cache-based Side Channel Attacks. In Proceedings of ACM/IEEE International Symposium on Computer Architecture (ISCA'07), pages 494--505, 2007.
[20]
Z. Wang and R. B. Lee. A Novel Cache Architecture with Enhanced Performance and Security. In Proceedings of IEEE/ACM International Symposium on Microarchitecture (MICRO'08), pages 83--93, 2008.
[21]
Y. Yarom and K. Falkner. Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack. Cryptology ePrint Archive, Report 2013/448, 2013.
[22]
Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-vm side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pages 305--316, 2012.
[23]
Y. Zhang and M. K. Reiter. Duppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In Proceedings of ACM SIGSAC Conference on Computer and Communications Security (CCS'13), pages 827--838, 2013.

Cited By

View all
  • (2023)Microarchitectural Side-Channel Threats, Weaknesses and Mitigations: A Systematic Mapping StudyIEEE Access10.1109/ACCESS.2023.327575711(48945-48976)Online publication date: 2023
  • (2021)I see dead μopsProceedings of the 48th Annual International Symposium on Computer Architecture10.1109/ISCA52012.2021.00036(361-374)Online publication date: 14-Jun-2021
  • (2021)Practical and Efficient in-Enclave Verification of Privacy Compliance2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN48987.2021.00052(413-425)Online publication date: Jun-2021
  • Show More Cited By

Index Terms

  1. Can randomized mapping secure instruction caches from side-channel attacks?

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    HASP '15: Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy
    June 2015
    72 pages
    ISBN:9781450334839
    DOI:10.1145/2768566
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 14 June 2015

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. SVM
    2. cache side channel
    3. randomized mapping

    Qualifiers

    • Research-article

    Funding Sources

    Conference

    ISCA '15
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 9 of 13 submissions, 69%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)9
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 19 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2023)Microarchitectural Side-Channel Threats, Weaknesses and Mitigations: A Systematic Mapping StudyIEEE Access10.1109/ACCESS.2023.327575711(48945-48976)Online publication date: 2023
    • (2021)I see dead μopsProceedings of the 48th Annual International Symposium on Computer Architecture10.1109/ISCA52012.2021.00036(361-374)Online publication date: 14-Jun-2021
    • (2021)Practical and Efficient in-Enclave Verification of Privacy Compliance2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN48987.2021.00052(413-425)Online publication date: Jun-2021
    • (2020)PrivacyScope: Automatic Analysis of Private Data Leakage in TEE-Protected Applications2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS47774.2020.00013(34-44)Online publication date: Nov-2020
    • (2018)RyoanACM Transactions on Computer Systems10.1145/323159435:4(1-32)Online publication date: 16-Dec-2018
    • (2016)RyoanProceedings of the 12th USENIX conference on Operating Systems Design and Implementation10.5555/3026877.3026919(533-549)Online publication date: 2-Nov-2016
    • (2016)NewcacheIEEE Micro10.1109/MM.2016.8536:5(8-16)Online publication date: 1-Sep-2016

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media