skip to main content
10.1145/3123939.3124546acmconferencesArticle/Chapter ViewAbstractPublication PagesmicroConference Proceedingsconference-collections
research-article
Public Access

How secure is your cache against side-channel attacks?

Published: 14 October 2017 Publication History

Abstract

Security-critical data can leak through very unexpected side channels, making side-channel attacks very dangerous threats to information security. Of these, cache-based side-channel attacks are some of the most problematic. This is because caches are essential for the performance of modern computers, but an intrinsic property of all caches - the different access times for cache hits and misses - is the property exploited to leak information in time-based cache side-channel attacks. Recently, different secure cache architectures have been proposed to defend against these attacks. However, we do not have a reliable method for evaluating a cache's resilience against different classes of cache side-channel attacks, which is the goal of this paper.
We first propose a novel probabilistic information flow graph (PIFG) to model the interaction between the victim program, the attacker program and the cache architecture. From this model, we derive a new metric, the Probability of Attack Success (PAS), which gives a quantitative measure for evaluating a cache's resilience against a given class of cache side-channel attacks. We show the generality of our model and metric by applying them to evaluate nine different cache architectures against all four classes of cache side-channel attacks. Our new methodology, model and metric can help verify the security provided by different proposed secure cache architectures, and compare them in terms of their resilience to cache side-channel attacks, without the need for simulation or taping out a chip.

References

[1]
Michael Backes, Markus Dürmuth, Sebastian Gerling, Manfred Pinkal, and Caroline Sporleder. 2010. Acoustic Side-Channel Attacks on Printers. In USENIX Security symposium. 307--322.
[2]
Daniel J Bernstein. 2005. Cache-timing attacks on AES. (2005).
[3]
Joseph Bonneau and Ilya Mironov. 2006. Cache-collision timing attacks against AES. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 201--215.
[4]
Ernie Brickell, Gary Graunke, Michael Neve, and Jean-Pierre Seifert. 2006. Software mitigations to hedge AES against cache-based software side channel vulnerabilities. IACR Cryptology ePrint Archive 2006 (2006), 52.
[5]
John Demme, Robert Martin, Adam Waksman, and Simha Sethumadhavan. 2012. Side-channel vulnerability factor: a metric for measuring information leakage. ACM SIGARCH Computer Architecture News 40, 3 (2012), 106--117.
[6]
Leonid Domnitser, Nael Abu-Ghazaleh, and Dmitry Ponomarev. 2010. A predictive model for cache-based side channels in multicore and multithreaded microprocessors. In International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security. Springer, 70--85.
[7]
Leonid Domnitser, Aamer Jaleel, Jason Loew, Nael Abu-Ghazaleh, and Dmitry Ponomarev. 2012. Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks. ACM Transactions on Architecture and Code Optimization (TACO) 8, 4 (2012), 35.
[8]
David Gullasch, Endre Bangerter, and Stephan Krenn. 2011. Cache Games-Bringing Access-Based Cache Attacks on AES to Practice. In 2011 IEEE Symposium on Security and Privacy. IEEE, 490--505.
[9]
Danny Harnik, Benny Pinkas, and Alexandra Shulman-Peleg. 2010. Side channels in cloud services: Deduplication in cloud storage. IEEE Security & Privacy 8, 6 (2010), 40--47.
[10]
Naofumi Homma, Takafumi Aoki, and Akashi Satoh. 2010. Electromagnetic information leakage for side-channel analysis of cryptographic modules. In 2010 IEEE International Symposium on Electromagnetic Compatibility.
[11]
Emilia Käsper and Peter Schwabe. 2009. Faster and timing-attack resistant AES-GCM. In Cryptographic Hardware and Embedded Systems-CHES 2009. Springer, 1--17.
[12]
Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 189--204.
[13]
Jingfei Kong, Onur Aciicmez, Jean-Pierre Seifert, and Huiyang Zhou. 2008. Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 2nd ACM workshop on Computer security architectures. ACM, 25--34.
[14]
Boris Köpf and David Basin. 2007. An information-theoretic model for adaptive side-channel attacks. In Proceedings of the 14th ACM conference on Computer and communications security. ACM, 286--296.
[15]
Boris Köpf, Laurent Mauborgne, and Martín Ochoa. 2012. Automatic quantification of cache side-channels. In International Conference on Computer Aided Verification. Springer, 564--580.
[16]
Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser, and Ruby B Lee. 2016. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In 2016 IEEE International Symposium on High Performance Computer Architecture (HPCA). IEEE, 406--418.
[17]
Fangfei Liu and Ruby B Lee. 2013. Security testing of a secure cache design. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 3.
[18]
Fangfei Liu and Ruby B Lee. 2014. Random fill cache architecture. In 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE, 203--215.
[19]
Fangfei Liu, Hao Wu, Kenneth Mai, and Ruby B Lee. 2016. Newcache: Secure Cache Architecture Thwarting Cache Side-Channel Attacks. IEEE Micro 36, 5 (2016), 8--16.
[20]
Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B Lee. 2015. Last-level cache side-channel attacks are practical. In IEEE Symposium on Security and Privacy. 605--622.
[21]
Stefan Mangard. 2002. A simple power-analysis (SPA) attack on implementations of the AES key expansion. In International Conference on Information Security and Cryptology. Springer, 343--358.
[22]
Kouhei Nadehara, Masao Ikekawa, and Ichiro Kuroda. 2004. Extended instructions for the AES cryptography and their efficient implementation. In Signal Processing Systems, 2004. SIPS 2004. IEEE Workshop on. IEEE, 152--157.
[23]
Elisabeth Oswald, Stefan Mangard, Norbert Pramstaller, and Vincent Rijmen. 2005. A side-channel analysis resistant description of the AES S-box. In International Workshop on Fast Software Encryption. Springer, 413--423.
[24]
Dan Page. 2005. Partitioned Cache Architecture as a Side-Channel Defence Mechanism. IACR Cryptology ePrint Archive 2005 (2005), 280.
[25]
Colin Percival. 2005. Cache missing for fun and profit. (2005).
[26]
Chester Rebeiro and Debdeep Mukhopadhyay. 2012. Boosting profiled cache timing attacks with a priori analysis. IEEE Transactions on Information Forensics and Security 7, 6 (2012), 1900--1905.
[27]
François-Xavier Standaert, Tal G Malkin, and Moti Yung. 2009. A unified framework for the analysis of side-channel key recovery attacks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 443--461.
[28]
Stefan Tillich and Johann Großschädl. 2006. Instruction set extensions for efficient AES implementation on 32-bit processors. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 270--284.
[29]
Eran Tromer, Dag Arne Osvik, and Adi Shamir. 2010. Efficient cache attacks on AES, and countermeasures. Journal of Cryptology 23, 1 (2010), 37--71.
[30]
Bhanu C Vattikonda, Sambit Das, and Hovav Shacham. 2011. Eliminating fine grained timers in Xen. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop. ACM, 41--46.
[31]
Zhenghong Wang and Ruby B Lee. 2007. New cache designs for thwarting software cache-based side channel attacks. In ACM SIGARCH Computer Architecture News, Vol. 35. ACM, 494--505.
[32]
Zhenghong Wang and Ruby B Lee. 2008. A novel cache architecture with enhanced performance and security. In 2008 41st IEEE/ACM International Symposium on Microarchitecture. IEEE, 83--93.
[33]
Yunjing Xu, Michael Bailey, Farnam Jahanian, Kaustubh Joshi, Matti Hiltunen, and Richard Schlichting. 2011. An exploration of L2 cache covert channels in virtualized environments. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop. ACM, 29--40.
[34]
Yuval Yarom and Katrina Falkner. 2014. Flush+ reload: a high resolution, low noise, L3 cache side-channel attack. In 23rd USENIX Security Symposium (USENIX Security 14). 719--732.
[35]
Tianwei Zhang and Ruby B Lee. 2014. New models of cache architectures characterizing information leakage from cache side channels. In Proceedings of the 30th Annual Computer Security Applications Conference. ACM, 96--105.
[36]
Tianwei Zhang, Fangfei Liu, Si Chen, and Ruby B Lee. 2013. Side channel vulnerability metrics: the promise and the pitfalls. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 2.
[37]
Yinqian Zhang, Ari Juels, Michael K Reiter, and Thomas Ristenpart. 2012. Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 305--316.

Cited By

View all
  • (2024)Cache attacks on subkey calculation of BlowfishJournal of Computer Security10.3233/JCS-23005232:2(165-191)Online publication date: 9-Apr-2024
  • (2024)A Study of Mitigation Methods for Speculative Cache Side Channel Attacksundefined10.12794/metadc2332527Online publication date: May-2024
  • (2024)Tail Victims in Termination Timing Channel Defenses Beyond Cryptographic Kernels2024 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED61283.2024.00012(11-22)Online publication date: 16-May-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
MICRO-50 '17: Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture
October 2017
850 pages
ISBN:9781450349529
DOI:10.1145/3123939
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 October 2017

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cache
  2. quantification
  3. security modeling
  4. side-channel attack

Qualifiers

  • Research-article

Funding Sources

Conference

MICRO-50
Sponsor:

Acceptance Rates

Overall Acceptance Rate 484 of 2,242 submissions, 22%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)324
  • Downloads (Last 6 weeks)54
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Cache attacks on subkey calculation of BlowfishJournal of Computer Security10.3233/JCS-23005232:2(165-191)Online publication date: 9-Apr-2024
  • (2024)A Study of Mitigation Methods for Speculative Cache Side Channel Attacksundefined10.12794/metadc2332527Online publication date: May-2024
  • (2024)Tail Victims in Termination Timing Channel Defenses Beyond Cryptographic Kernels2024 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED61283.2024.00012(11-22)Online publication date: 16-May-2024
  • (2024)A Fine-Grained Dynamic Partitioning Against Cache-Based Timing Attacks via Cache Locking2024 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)10.1109/ISVLSI61997.2024.00041(173-179)Online publication date: 1-Jul-2024
  • (2024)Empowering Hardware Security with LLM: The Development of a Vulnerable Hardware Database2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545393(233-243)Online publication date: 6-May-2024
  • (2024)SecurityCloak: Protection against cache timing and speculative memory access attacksJournal of Systems Architecture10.1016/j.sysarc.2024.103107150(103107)Online publication date: May-2024
  • (2024)GPU Side-Channel Attack Classification for Targeted Secure Shader MitigationSN Computer Science10.1007/s42979-024-03514-95:8Online publication date: 6-Dec-2024
  • (2024)Cips: The Cache Intrusion Prevention SystemComputer Security – ESORICS 202410.1007/978-3-031-70903-6_1(3-23)Online publication date: 5-Sep-2024
  • (2023)A method of defense against cache timing attack in non-volatile memoryIEICE Electronics Express10.1587/elex.20.2022047720:6(20220477-20220477)Online publication date: 25-Mar-2023
  • (2023)Metior: A Comprehensive Model to Evaluate Obfuscating Side-Channel Defense SchemesProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589073(1-16)Online publication date: 17-Jun-2023
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media