Full Record

New Search | Similar Records

Author
Title Cache-based side channels: Modern attacks and defenses
URL
Publication Date
Date Accessioned
Degree PhD
Discipline/Department Computer Science
Degree Level doctoral
University/Publisher University of Illinois – Urbana-Champaign
Abstract Security and trustworthiness are key considerations in designing modern processor hardware. It has been shown that, among various data leakage attacks, side channel attacks are one of the most effective and stealthy ones. In a side channel attack, an attacker can steal encryption keys, monitor keystrokes or reveal a user's personal information by leveraging the information derived from the side effects of a program's execution. These side effects include timing information, micro-architecture states, power consumption, electromagnetic leaks and even sound. This thesis studies the important type of micro-architecture side channel attacks that exploit the shared cache hierarchies. Recently, we have witnessed ever more effective cache-based side attack techniques and the serious security threats posed by these attacks. It is urgent for computer architects to redesign processors and fix these vulnerabilities promptly and effectively. We address the cache-based side channel security problems in two ways. First, as modern caches are temporally and spatially shared across different security domains, the shared cache hierarchy offers a broad attack surface. It provides attackers a number of ways to interfere with a victim's execution and cache behavior, which, in turn, significantly increases side channel vulnerabilities. We study the role of cache interference in different cache attacks and propose effective solutions to mitigate shared cache attacks by limiting malicious interference. According to our analysis, in a multi-level cache hierarchy, creating "inclusion victims" is the key in a successful attack, since they give an attacker visibility into a victim's private cache and glean useful information. Based on this important observation, we present a secure hierarchy-aware cache replacement policy (SHARP) to defeat cache attacks on inclusive cache hierarchies by eliminating inclusion victims. In addition, we show that inclusion victims also exist in non-inclusive cache hierarchies and that the non-inclusive property is insufficient to stave off cache-based side channel attacks. We design the first two conflict-based cache attacks targeting the directory structure in a non-inclusive cache hierarchy, and prove that the directory structure is actually the unified attack surface for all types of cache hierarchies, including inclusive, non-inclusive and exclusive ones. To address this problem, we present the first scalable secure directory (SecDir) design to eliminate inclusion victims by restructuring the directory organization. Second, cache-based side channel attacks play an important role in transient execution attacks, leading to arbitrary information leakage and the violation of memory isolation policy. Specifically, in transient execution attacks, speculative execution causes the execution of instructions on incorrect paths. Such instructions potentially access secret, leaving side effects on the cache hierarchies before being squashed. We study how to effectively defend against transient execution attacks on…
Subjects/Keywords side channel; cache; security; attacks and defenses; micro-architecture
Contributors Torrellas, Josep (advisor); Torrellas, Josep (Committee Chair); Fletcher, Christopher W. (committee member); Marinov, Darko (committee member); Emer, Joel (committee member); Lee, Ruby B. (committee member); Morrison, Adam (committee member)
Language en
Rights Copyright 2019 Mengjia Yan
Country of Publication us
Record ID handle:2142/106167
Repository uiuc
Date Retrieved
Date Indexed 2020-04-23
Grantor University of Illinois at Urbana-Champaign
Issued Date 2019-10-04 00:00:00

Sample Search Hits | Sample Images

…TABLE OF CONTENTS CHAPTER 1 INTRODUCTION . . . . . . . . . . . . . 1.1 The Problem: Cache-Based Side Channel Attacks 1.2 Challenges in Defending Against Cache Attacks . 1.3 Thesis Contributions and Organization…

…1 1 3 4 CHAPTER 2 BACKGROUND AND RELATED WORK . . . . . . 2.1 Modern Processor and Cache Organization . . . . . . . . . . 2.2 Cache-Based Side Channel Attacks . . . . . . . . . . . . . . 2.3 Countermeasures Against Cache-Based Side Channel Attacks…

…hardware. It has been shown that, among various data leakage attacks, side channel attacks are one of the most effective and stealthy ones. The potential threats of side channel attacks were discussed by Butler W. Lampson in the early 1970s [1]…

…However, the problem did not get high attention in the computer architecture community until the late 2000s, when the first cache-based side channel attack successfully broke the AES encryption algorithm [2]. In the beginning of 2018, the attacks…

…exist a strict definition for side channel attacks. Generally speaking, in computer security, a side channel attack leaks information from the side effects of a victim program’s execution on a computer system. These side effects include timing…

…information, micro-architecture states, power consumption, electromagnetic leaks and even sound. For instance, in a keyboard acoustic side channel attack, an adversary learns what a victim is typing based on the sound produced by keystrokes. This thesis…

…studies the important type of micro-architecture side channel attacks that exploit the shared cache hierarchies. They are called cache-based side channel attacks (cache attacks for short). Among all the side channels, caches offer one of the most…

…broad and problematic attack surfaces. In a cache-based side channel attack [5–7], an attacker obtains secret information from a victim based on the interaction between victim’s execution and cache states. More specifically, most attacks…

.