Cache-based side channels: Modern attacks and defenses

Yan, Mengjia

Permalink

https://hdl.handle.net/2142/106167 Copy

Description

Title

Cache-based side channels: Modern attacks and defenses

Author(s)

Yan, Mengjia

Issue Date

2019-10-04

Director of Research (if dissertation) or Advisor (if thesis)

Torrellas, Josep

Doctoral Committee Chair(s)

Torrellas, Josep

Committee Member(s)

• Fletcher, Christopher W.
• Marinov, Darko
• Emer, Joel
• Lee, Ruby B.
• Morrison, Adam

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

Ph.D.

Degree Level

Dissertation

Keyword(s)

• side channel
• cache
• security
• attacks and defenses
• micro-architecture

Abstract

"Security and trustworthiness are key considerations in designing modern processor hardware. It has been shown that, among various data leakage attacks, side channel attacks are one of the most effective and stealthy ones. In a side channel attack, an attacker can steal encryption keys, monitor keystrokes or reveal a user's personal information by leveraging the information derived from the side effects of a program's execution. These side effects include timing information, micro-architecture states, power consumption, electromagnetic leaks and even sound. This thesis studies the important type of micro-architecture side channel attacks that exploit the shared cache hierarchies. Recently, we have witnessed ever more effective cache-based side attack techniques and the serious security threats posed by these attacks. It is urgent for computer architects to redesign processors and fix these vulnerabilities promptly and effectively. We address the cache-based side channel security problems in two ways. First, as modern caches are temporally and spatially shared across different security domains, the shared cache hierarchy offers a broad attack surface. It provides attackers a number of ways to interfere with a victim's execution and cache behavior, which, in turn, significantly increases side channel vulnerabilities. We study the role of cache interference in different cache attacks and propose effective solutions to mitigate shared cache attacks by limiting malicious interference. According to our analysis, in a multi-level cache hierarchy, creating ""inclusion victims"" is the key in a successful attack, since they give an attacker visibility into a victim's private cache and glean useful information. Based on this important observation, we present a secure hierarchy-aware cache replacement policy (SHARP) to defeat cache attacks on inclusive cache hierarchies by eliminating inclusion victims. In addition, we show that inclusion victims also exist in non-inclusive cache hierarchies and that the non-inclusive property is insufficient to stave off cache-based side channel attacks. We design the first two conflict-based cache attacks targeting the directory structure in a non-inclusive cache hierarchy, and prove that the directory structure is actually the unified attack surface for all types of cache hierarchies, including inclusive, non-inclusive and exclusive ones. To address this problem, we present the first scalable secure directory (SecDir) design to eliminate inclusion victims by restructuring the directory organization. Second, cache-based side channel attacks play an important role in transient execution attacks, leading to arbitrary information leakage and the violation of memory isolation policy. Specifically, in transient execution attacks, speculative execution causes the execution of instructions on incorrect paths. Such instructions potentially access secret, leaving side effects on the cache hierarchies before being squashed. We study how to effectively defend against transient execution attacks on the cache hierarchies by hiding the side effects of transient load instructions. We call our scheme ""Invisible Speculation"" (InvisiSpec). It is the first robust hardware defense mechanism against transient cache-based side channel attacks for multiprocessors."

Graduation Semester

2019-12

Type of Resource

text

Permalink

http://hdl.handle.net/2142/106167

Copyright and License Information

Copyright 2019 Mengjia Yan

Owning Collections