Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Systematic Evaluation of Randomized Cache Designs against Cache Occupancy (2310.05172v2)

Published 8 Oct 2023 in cs.CR and cs.AR

Abstract: Randomizing the address-to-set mapping and partitioning of the cache has been shown to be an effective mechanism in designing secured caches. Several designs have been proposed on a variety of rationales: (1) randomized design, (2) randomized-and-partitioned design, and (3) psuedo-fully associative design. This work fills in a crucial gap in current literature on randomized caches: currently most randomized cache designs defend only contention-based attacks, and leave out considerations of cache occupancy. We perform a systematic evaluation of 5 randomized cache designs- CEASER, CEASER-S, MIRAGE, Scatter-Cache, and Sass-cache against cache occupancy wrt. both performance as well as security. With respect to performance, we first establish that benchmarking strategies used by contemporary designs are unsuitable for a fair evaluation (because of differing cache configurations, choice of benchmarking suites, additional implementation-specific assumptions). We thus propose a uniform benchmarking strategy, which allows us to perform a fair and comparative analysis across all designs under various replacement policies. Likewise, with respect to security against cache occupancy attacks, we evaluate the cache designs against various threat assumptions: (1) covert channels, (2) process fingerprinting, and (3) AES key recovery (to the best of our knowledge, this work is the first to demonstrate full AES key recovery on a randomized cache design using cache occupancy attack). Our results establish the need to also consider cache occupancy side-channel in randomized cache design considerations.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (51)
  1. O. Aciiçmez, “Yet another microarchitectural attack: exploiting i-cache,” in ACM workshop on Computer security architecture, 2007, pp. 11–18.
  2. O. Acıiçmez, B. B. Brumley, and P. Grabher, “New results on instruction cache attacks,” in International Workshop on Cryptographic Hardware and Embedded Systems.   Springer, 2010, pp. 110–124.
  3. S. Bhattacharya, C. Rebeiro, and D. Mukhopadhyay, “Hardware prefetchers leak: A revisit of svf for cache-timing attacks,” in 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops.   IEEE, 2012, pp. 17–23.
  4. R. Bodduna, V. Ganesan, P. Slpsk, K. Veezhinathan, and C. Rebeiro, “Brutus: Refuting the security claims of the cache timing randomization countermeasure proposed in ceaser,” IEEE Computer Architecture Letters, vol. 19, no. 1, pp. 9–12, 2020.
  5. A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. Robshaw, Y. Seurin, and C. Vikkelsoe, “Present: An ultra-lightweight block cipher,” in International workshop on cryptographic hardware and embedded systems.   Springer, 2007, pp. 450–466.
  6. T. Bourgeat, J. Drean, Y. Yang, L. Tsai, J. Emer, and M. Yan, “Casa: End-to-end quantitative security analysis of randomly mapped caches,” in 2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).   IEEE, 2020, pp. 1110–1123.
  7. A. Chakraborty, S. Bhattacharya, S. Saha, and D. Mukhopadhyay, “Are randomized caches truly random? formal analysis of randomized-partitioned caches,” in 2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA).   IEEE, 2023, pp. 233–246.
  8. Y. Chen, L. Pei, and T. E. Carlson, “Leaking control flow information via the hardware prefetcher,” arXiv preprint arXiv:2109.00474, 2021.
  9. D. Cock, Q. Ge, T. Murray, and G. Heiser, “The last mile: An empirical study of timing channels on sel4,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014, pp. 570–581.
  10. G. Dessouky, T. Frassetto, and A.-R. Sadeghi, “Hybcache: Hybrid side-channel-resilient caches for trusted execution environments,” in Proceedings of the 29th USENIX Conference on Security Symposium, 2020, pp. 451–468.
  11. C. Disselkoen, D. Kohlbrenner, L. Porter, and D. Tullsen, “Prime+ Abort: A timer-free high-precision l3 cache attack using Intel TSX,” in USENIX Security Symposium 2017), 2017, pp. 51–67.
  12. D. Genkin, L. Valenta, and Y. Yarom, “May the fourth be with you: A microarchitectural side channel attack on several real-world applications of curve25519,” in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’17.   Association for Computing Machinery, 2017, p. 845–858.
  13. L. Giner, S. Steinegger, A. Purnal, M. Eichlseder, T. Unterluggauer, S. Mangard, and D. Gruss, “Scatter and split securely: Defeating cache contention and occupancy attacks,” in 2023 IEEE Symposium on Security and Privacy (SP).   IEEE Computer Society, 2022, pp. 1101–1115.
  14. D. Gruss, C. Maurice, K. Wagner, and S. Mangard, “Flush+ flush: a fast and stealthy cache attack,” in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment.   Springer, 2016, pp. 279–299.
  15. B. Gülmezoğlu, M. S. Inci, G. Irazoqui, T. Eisenbarth, and B. Sunar, “A faster and more realistic flush+ reload attack on AES,” in International Workshop on Constructive Side-Channel Analysis and Secure Design.   Springer, 2015, pp. 111–126.
  16. R. Hund, C. Willems, and T. Holz, “Practical timing side channel attacks against kernel space ASLR,” in 2013 IEEE Symposium on Security and Privacy (S&P).   IEEE, 2013, pp. 191–205.
  17. G. Irazoqui, T. Eisenbarth, and B. Sunar, “S $ a: A shared cache attack that works across cores and defies VM sandboxing–and its application to AES,” in 2015 IEEE Symposium on Security and Privacy (S&P).   IEEE, 2015, pp. 591–604.
  18. M. Lipp, M. Schwarz, L. Raab, L. Lamster, M. T. Aga, C. Maurice, and D. Gruss, “Nethammer: Inducing rowhammer faults through network requests,” in 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).   IEEE, 2020, pp. 710–719.
  19. F. Liu and R. B. Lee, “Random fill cache architecture,” in 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.   IEEE, 2014, pp. 203–215.
  20. F. Liu, H. Wu, K. Mai, and R. B. Lee, “Newcache: Secure cache architecture thwarting cache side-channel attacks,” IEEE Micro, vol. 36, no. 5, pp. 8–16, 2016.
  21. F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee, “Last-level cache side-channel attacks are practical,” in 2015 IEEE symposium on security and privacy.   IEEE, 2015, pp. 605–622.
  22. F. Liu, R. Anand, L. Wang, W. Meier, and T. Isobe, “Coefficient grouping: Breaking chaghri and more,” in Advances in Cryptology–EUROCRYPT 2023: 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, April 23-27, 2023, Proceedings, Part IV.   Springer, 2023, pp. 287–317.
  23. C. Maurice, N. Le Scouarnec, C. Neumann, O. Heen, and A. Francillon, “Reverse engineering intel last-level cache complex addressing using performance counters,” in Research in Attacks, Intrusions, and Defenses: 18th International Symposium, RAID 2015, Kyoto, Japan, November 2-4, 2015. Proceedings 18.   Springer, 2015, pp. 48–65.
  24. C. Maurice, C. Neumann, O. Heen, and A. Francillon, “C5: cross-cores cache covert channel,” in Detection of Intrusions and Malware, and Vulnerability Assessment: 12th International Conference, DIMVA 2015, Milan, Italy, July 9-10, 2015, Proceedings 12.   Springer, 2015, pp. 46–64.
  25. C. Maurice, M. Weber, M. Schwarz, L. Giner, D. Gruss, C. A. Boano, S. Mangard, and K. Römer, “Hello from the other side: Ssh over robust cache covert channels in the cloud.” in NDSS, vol. 17, 2017, pp. 8–11.
  26. Y. Oren, V. P. Kemerlis, S. Sethumadhavan, and A. D. Keromytis, “The spy in the sandbox: Practical cache attacks in javascript and their implications,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015, pp. 1406–1418.
  27. D. A. Osvik, A. Shamir, and E. Tromer, “Cache attacks and countermeasures: the case of aes,” in Cryptographers’ track at the RSA conference.   Springer, 2006, pp. 1–20.
  28. A. Purnal, L. Giner, D. Gruss, and I. Verbauwhede, “Systematic analysis of randomization-based protected cache architectures,” in 42th IEEE Symposium on Security and Privacy, vol. 5, 2021.
  29. A. Purnal, F. Turan, and I. Verbauwhede, “Prime+ scope: Overcoming the observer effect for high-precision cache contention attacks,” in Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, 2021, pp. 2906–2920.
  30. A. Purnal and I. Verbauwhede, “Advanced profiling for probabilistic prime+ probe attacks and covert channels in scattercache,” arXiv preprint arXiv:1908.03383, 2019.
  31. M. K. Qureshi, “Ceaser: Mitigating conflict-based cache attacks via encrypted-address and remapping,” in 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).   IEEE, 2018, pp. 775–787.
  32. M. K. Qureshi, “New attacks and defense for encrypted-address cache,” in 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA).   IEEE, 2019, pp. 360–371.
  33. M. K. Qureshi, D. Thompson, and Y. N. Patt, “The v-way cache: demand-based associativity via global replacement,” in 32nd International Symposium on Computer Architecture (ISCA’05).   IEEE, 2005, pp. 544–555.
  34. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds,” in Proceedings of the 16th ACM conference on Computer and communications security, 2009, pp. 199–212.
  35. G. Saileshwar, “Battle for secure caches: Attacks and defenses on randomized caches,” Sep 2021. [Online]. Available: https://www.sigarch.org/battle-for-secure-caches-attacks-and-defenses-on-randomized-caches/
  36. G. Saileshwar and M. Qureshi, “{{\{{MIRAGE}}\}}: Mitigating conflict-based cache attacks with a practical fully-associative design,” in 30th {normal-{\{{USENIX}normal-}\}} Security Symposium ({normal-{\{{USENIX}normal-}\}} Security 21), 2021.
  37. V. Selfa, J. Sahuquillo, L. Eeckhout, S. Petit, and M. E. Gómez, “Application clustering policies to address system fairness with intel’s cache allocation technology,” in 2017 26th international conference on parallel architectures and compilation techniques (pact).   IEEE, 2017, pp. 194–205.
  38. Y. Shin, H. C. Kim, D. Kwon, J. H. Jeong, and J. Hur, “Unveiling hardware-based data prefetcher, a hidden source of information leakage,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018, pp. 131–145.
  39. A. Shusterman, Z. Avraham, E. Croitoru, Y. Haskal, L. Kang, D. Levi, Y. Meltser, P. Mittal, Y. Oren, and Y. Yarom, “Website fingerprinting through the cache occupancy channel and its real world practicality,” IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 5, pp. 2042–2060, 2020.
  40. A. Shusterman, L. Kang, Y. Haskal, Y. Meltser, P. Mittal, Y. Oren, and Y. Yarom, “Robust website fingerprinting through the cache occupancy channel,” in 28th USENIX Security Symposium (USENIX Security 19), 2019, pp. 639–656.
  41. W. Song, B. Li, Z. Xue, Z. Li, W. Wang, and P. Liu, “Randomized last-level caches are still vulnerable to cache side-channel attacks! but we can fix it,” in 2021 IEEE Symposium on Security and Privacy (S&P).   IEEE, 2021, pp. 955–969.
  42. N. Suzuki, H. Kim, D. De Niz, B. Andersson, L. Wrage, M. Klein, and R. Rajkumar, “Coordinated bank and cache coloring for temporal protection of memory accesses,” in 2013 IEEE 16th International Conference on Computational Science and Engineering.   IEEE, 2013, pp. 685–692.
  43. Q. Tan, Z. Zeng, K. Bu, and K. Ren, “Phantomcache: Obfuscating cache conflicts with localized randomization.” in NDSS, 2020.
  44. D. Trilla, C. Hernandez, J. Abella, and F. J. Cazorla, “Cache side-channel attacks and time-predictability in high-performance critical real-time systems,” in Proceedings of the 55th Annual Design Automation Conference, 2018, pp. 1–6.
  45. T. Verma, A. Anastasopoulos, and T. Austin, “These aren’t the caches you’re looking for: Stochastic channels on randomized caches,” in 2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED).   IEEE, 2022, pp. 37–48.
  46. P. Vila, B. Köpf, and J. F. Morales, “Theory and practice of finding eviction sets,” in 2019 IEEE Symposium on Security and Privacy (SP).   IEEE, 2019, pp. 39–54.
  47. Z. Wang and R. B. Lee, “New cache designs for thwarting software cache-based side channel attacks,” in Proceedings of the 34th annual international symposium on Computer architecture, 2007, pp. 494–505.
  48. Z. Wang and R. B. Lee, “A novel cache architecture with enhanced performance and security,” in 2008 41st IEEE/ACM International Symposium on Microarchitecture.   IEEE, 2008, pp. 83–93.
  49. M. Werner, T. Unterluggauer, L. Giner, M. Schwarz, D. Gruss, and S. Mangard, “Scattercache: Thwarting cache attacks via cache set randomization,” in 28th {normal-{\{{USENIX}normal-}\}} Security Symposium ({normal-{\{{USENIX}normal-}\}} Security 19), 2019, pp. 675–692.
  50. Y. Yarom and K. Falkner, “Flush+ reload: A high resolution, low noise, l3 cache side-channel attack,” in 23rd {normal-{\{{USENIX}normal-}\}} Security Symposium ({normal-{\{{USENIX}normal-}\}} Security 14), 2014, pp. 719–732.
  51. Y. Zhang, A. Juels, A. Oprea, and M. K. Reiter, “Homealone: Co-residency detection in the cloud via side-channel analysis,” in 2011 IEEE symposium on Security and Privacy (S&P).   IEEE, 2011, pp. 313–328.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now