Principled approaches for mitigating micro-architectural side-channel attacks

Yu, Jiyong

Permalink

https://hdl.handle.net/2142/121508 Copy

Description

Title

Principled approaches for mitigating micro-architectural side-channel attacks

Author(s)

Yu, Jiyong

Issue Date

2023-07-12

Director of Research (if dissertation) or Advisor (if thesis)

Fletcher, Christopher Wardlaw

Doctoral Committee Chair(s)

Fletcher, Christopher Wardlaw

Committee Member(s)

• Torrellas, Josep
• Marinov, Darko
• Jaeger, Trent
• Morrison, Adam
• Liu, Fangfei

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

Ph.D.

Degree Level

Dissertation

Keyword(s)

• Micro-architectural side-channel attacks
• Micro-architectural side-channel mitigations
• Hardware security

Abstract

Micro-architectural side-channel attacks are a critical security threat that arises as a result of modern processors’ pursuit of performance and efficiency. In those attacks, malicious actors exploit the micro-architectural implementation of processors to attack victim software, by monitoring how data-dependent micro-architectural resource usage varies in response to the victim’s secret information. By focusing on hardware, this intricate security attack can exfiltrate sensitive information in a software-invisible manner. As future processors continue to increase in complexity, the risk posed by micro-architectural side-channel attacks is expected to escalate. This thesis represents a significant advancement in developing secure, comprehensive, and high-performance micro-architectural side-channel mitigation solutions. While various mitigations have been proposed to address these attacks, existing approaches either target specific attack types, leaving vulnerabilities against other or future side-channel attacks open, or induce substantial performance degradation. The ideal mitigation solution, therefore, should both offer strong and comprehensive security guarantees while maintaining modest performance overhead. To overcome these challenges, the key idea underpinning our solutions is enforcing information-flow properties at the hardware level: once all side-channel vulnerabilities are identified, and all secret information is correctly tracked and annotated, blocking microarchitectural side-channel leakage is simply preventing side channels from consuming the secret. Based on this key idea, we developed the data-oblivious ISA (OISA), which for the first time, incorporates side-channel-specific security specification at the ISA level and enforces the desired information-flow properties in commodity hardware. To address the recent surge of speculative side-channel attacks, we further designed Speculative Taint Tracking (STT), which employs the same principle for achieving provable security against speculative side channels in general. We further improve the performance of STT with Speculative Data-Oblivious Execution (SDO) without sacrificing its security properties. In addition to the proposed mitigation frameworks, we also examined several existing point-mitigation strategies and developed new attacks circumventing those mitigations. We demonstrated how common control-flow leakage attack mitigations fail with a new attack variant capable of extracting the byte-granular PC information of arbitrary victim’s dynamic instruction. We also showcased why eliminating timers is insufficient in blocking cache side-channel attacks by identifying new primitives for monitoring cache state. Although these attacks may be further mitigated with new point defenses, our claim is that defending against micro-architectural side-channel attacks should not become a cat-and-mouse game. Instead, comprehensive mitigations, such as the solutions proposed in this thesis, should be adopted to effectively combat current and future attacks.

Graduation Semester

2023-08

Type of Resource

Thesis

Copyright and License Information

Copyright 2023 Jiyong Yu

Owning Collections