dawg a defense against cache timing attacks in
play

DAWG : A Defense Against Cache Timing Attacks in Speculative - PowerPoint PPT Presentation

Sep 29, 2022 •160 likes •949 views

DAWG : A Defense Against Cache Timing Attacks in Speculative Execution Processors Vladimir Kiriansky, Ilia Lebedev, Saman Amarasinghe, Srinivas Devadas, Joel Emer {vlk, ilebedev, saman, devadas, emer}@csail.mit.edu MICRO'18

  1. 
 DAWG : A Defense Against 
 Cache Timing Attacks in 
 Speculative Execution Processors Vladimir Kiriansky, Ilia Lebedev, 
 Saman Amarasinghe, Srinivas Devadas, Joel Emer {vlk, ilebedev, saman, devadas, emer}@csail.mit.edu MICRO'18 October 24, 2018 Fukuoka, Japan

  2. Outline • Cache access timing attacks • DAWG protection mechanism: Cache, Core • OS support: System Calls, Resource Management • Performance and security evaluation • Conclusion & Q/A DAWG 2

  3. Trust Boundaries Process OS DAWG 3

  4. Trust Boundaries Sand 
 box Process OS Enclave Hypervisor DAWG 4

  5. Trust Boundaries Sand 
 box Process Process OS OS Enclave Hypervisor DAWG 5

  6. Trust Boundary Crossing 
 APIs / Attack Vectors Sand 
 Legal API box Process Process OS OS Enclave Hypervisor DAWG 6

  7. Trust Boundary Crossing 
 APIs / Attack Vectors Sand 
 Legal API box Illegal Channel Process Process OS OS Enclave Hypervisor DAWG 7

  8. 
 Side Channels and 
 Covert Channels Victim's 
 Attacker's 
 Protection Domain Protection Domain Secret 
 Stolen 
 data data 
 ! ! DAWG 8

  9. 
 
 Side Channels and 
 Covert Channels Victim's 
 Attacker's 
 Protection Domain Protection Domain Secret 
 Accessor 
 data 
 ⛓ ⛓ ⛓ ⛓ ! • Accessor 
 - Existing code - non-speculative, traditional 
 - Synthesized - Spectre 1.0, 1.1 - unresolved DAWG 9

  10. 
 
 Side Channels and 
 Covert Channels Victim's 
 Attacker's 
 Protection Domain Protection Domain covert 
 Secret 
 Stolen 
 Accessor 
 Transmitter 
 Receiver 
 channel data data 
 ! ! ⛓ ⛓ ⛓ ⛓ ! ! • Accessor 
 - Existing code - non-speculative, traditional 
 - Synthesized - Spectre 1.0, 1.1 - unresolved DAWG 10

  11. 
 Side Channels and 
 Covert Channels Victim's 
 Attacker's 
 Protection Domain Protection Domain covert 
 Secret 
 Stolen 
 Accessor 
 Transmitter 
 Receiver 
 channel data data 
 ! ! ⛓ ⛓ ⛓ ⛓ ! ! • Accessor 
 - Existing code - non-speculative, traditional 
 - Synthesized - Spectre 1.0, 1.1 - unresolved • Channel = micro-architectural state: 
 cache, TLB, branch predictor state, etc. DAWG 11

  12. 
 Side Channels and 
 Covert Channels Victim's 
 Attacker's 
 blocked 
 Protection Domain Protection Domain channel Secret 
 Stolen 
 Accessor 
 Transmitter 
 Receiver 
 data data 
 ! ! ⛓ ⛓ ⛓ ⛓ ! ! • Accessor 
 - Existing code - non-speculative, traditional 
 - Synthesized - Spectre 1.0, 1.1 - unresolved • Channel = micro-architectural state: 
 cache , TLB, branch predictor state, etc. DAWG 12

  13. 
 Cache Covert Channel Victim's 
 Attacker's 
 cache 
 Protection Domain Protection Domain covert 
 Transmitter 
 Receiver 
 channel 
 ! ! ! DAWG 13

  14. Cache Covert Channel: 
 Shared Cache Ways 2-way 
 Cache Set DAWG 14

  15. 
 
 Cache Covert Channel: 
 Shared Cache Ways [ Flush+Reload, Evict+Reload, Thrash+Reload] 1. Receiver evicts block A 
 2-way 
 A Cache Set Flush / Evict / Thrash 
 DAWG 15

  16. 
 
 Cache Covert Channel: 
 Shared Cache Ways 1. Receiver evicts block A 
 2-way 
 Cache Set Flush / Evict / Thrash 
 DAWG 16

  17. Cache Covert Channel: 
 Shared Cache Ways 1. Receiver evicts block A 
 Flush / Evict / Thrash 
 0 1 2. Transmitter sends a 0 or 1 
 A secret bit via access to A 
 DAWG 17

  18. Cache Covert Channel: 
 Shared Cache Ways 1. Receiver evicts block A 
 Flush / Evict / Thrash 
 0 1 2. Transmitter sends a 0 or 1 
 A secret bit via access to A 
 3. Receiver times access to A A DAWG 18

  19. Cache Covert Channel: 
 Shared Cache Ways 1. Receiver evicts block A 
 Flush / Evict / Thrash 
 0 1 2. Transmitter sends a 0 or 1 
 A secret bit via access to A 
 3. Receiver times access to A A A ! infers secret bit > DAWG 19

  20. 
 Cache Covert Channel Victim Attacker cache 
 covert 
 Receiver 
 Transmitter 
 channel 
 ! ! ! ! ☹ DAWG 20

  21. 
 Block 
 Cache Covert Channel? Victim Attacker Receiver 
 Transmitter 
 
 ! ! ! DAWG 21

  22. DAWG: Dynamically Allocated Way Guard • Cache Protection Domains • Non-interference by any action: 
 hit / flush / eviction / fill DAWG 22

  23. DAWG: Dynamically Allocated Way Guard • Cache Protection Domains Way-partitioned 
 Cache Set • Non-interference by any action: 
 hit / flush / eviction / fill • Partitioned ways of set-associative structures • Domain-private cache tag state DAWG 23

  24. DAWG: Dynamically Allocated Way Guard • Cache Protection Domains Way-partitioned 
 Cache Set • Non-interference by any action: 
 hit / flush / eviction / fill • Partitioned ways of set-associative structures • Domain-private cache tag state • Domain-private replacement metadata DAWG 24

  25. No Cache Covert Channel: 
 Private Cache Ways Per-Domain 
 Ways Victim Attacker DAWG 25

  26. 
 
 No Cache Covert Channel: 
 Private Cache Ways 1. Receiver evicts block A? 
 Flush / Evict / Thrash 
 DAWG 26

  27. 
 
 No Cache Covert Channel: 
 Private Cache Ways 1. Receiver evicts block A 
 Flush / Evict / Thrash 
 DAWG 27

  28. No Cache Covert Channel: 
 Private Cache Ways 1. Receiver evicts block A 
 Flush / Evict / Thrash 
 0 1 2. Transmitter sends a 0 or 1 
 A secret bit via access to A 
 DAWG 28

  29. No Cache Covert Channel: 
 Private Cache Ways 1. Receiver evicts block A 
 Flush / Evict / Thrash 
 0 1 2. Transmitter sends a 0 or 1 
 A secret bit via access to A 
 3. Receiver times access to A A DAWG 29

  30. No Cache Covert Channel: 
 Private Cache Ways 1. Receiver evicts block A 
 Flush / Evict / Thrash 
 0 1 2. Transmitter sends a 0 or 1 
 A secret bit via access to A 
 3. Receiver times access to A A A A no signal = DAWG 30

  31. No Cache Covert Channel: 
 Private Cache Ways 1. Receiver evicts block A 
 Flush / Evict / Thrash 
 0 1 2. Transmitter sends a 0 or 1 
 A secret bit via access to A 
 3. Receiver times access to A ?! A A A no signal = DAWG 31

  32. No Cache Covert Channel Victim 
 Attacker 
 Domain Domain ! Transmitter ! Receiver ! DAWG 32

  33. CAT: QoS Cache Partitioning • Starting point in production silicon: 
 Intel's Cache Allocation Technology for LLC • Iyer et al [SC'04, SIGMETRICS'07, MICRO'07 ] 
 From concept to reality in Haswell [HPCA'16] • Not a security barrier Quality of Service goal: prevent one 
 application from dominating the cache DAWG 33

  34. 
 
 CAT: Way-Partitioned Set-associative Caches • Way-partitioning LLC coherence Cache controller state machine logic replacement way write cache line policy • Protection domain IDs Address enables write data updated set metadata Tag Set Index • Fill mask way set new write index cache enable line cache set W 0 W 1 W 2 ... W 3 metadata cache way Tag Line set metadata == == == == way hits hit 
 DAWG 34 cache line

  35. 
 
 
 
 DAWG: Dynamically Allocated Way Guard • Way-partitioning L1 -L3 coherence policies Cache controller state machine logic replacement fill 
 policy way write cache line • Protection domain IDs isolation Address enables write data updated set metadata Tag • Fill mask Set Index way set new write index cache enable line cache set metadata 
 W 0 W 1 W 2 ... W 3 metadata cache way Tag Line set metadata == == == == policy-masked hit 
 way hits hit isolation DAWG 35 cache line

  36. 
 
 DAWG: Dynamically Allocated Way Guard • Way-partitioning L1 -L3 coherence policies Cache controller state machine logic replacement fill 
 policy way write cache line • Protection domain IDs isolation Address enables write data updated set metadata Tag • Fill mask Set Index way set new write index cache enable line cache set • Hit mask 
 metadata 
 W 0 W 1 W 2 ... W 3 metadata cache way - Hits 
 Tag Line set metadata == == == == policy-masked hit 
 way hits hit isolation isolation DAWG 36 cache line

  37. 
 DAWG: Dynamically Allocated Way Guard • Way-partitioning L1 -L3 coherence policies Cache controller state machine logic replacement fill 
 policy way write cache line • Protection domain IDs isolation Address enables write data updated set metadata Tag • Fill mask Set Index way set new write index cache enable line cache set • Hit mask 
 metadata 
 W 0 W 1 W 2 ... W 3 metadata cache isolation 
 way - Hits 
 Tag Line set metadata - PLRU updates == == == == policy-masked hit 
 way hits hit isolation isolation DAWG 37 cache line

  38. Higher Security than 
 QoS Cache Partitioning • Production QoS 
 CAT DAWG way-partitioning (CAT) 
 ✅ ✅ Way by design allows 
 allocation hits across domains ❌ ✅ Hits in victim • Not a security barrier 
 Hits 
 Cross-Domain DAWG 38

  39. Higher Security than 
 QoS Cache Partitioning • Production QoS 
 CAT DAWG way-partitioning (CAT) 
 ✅ ✅ Way by design allows 
 allocation hits across domains ❌ ✅ Hits in victim • Not a security barrier 
 ❌ ✅ Flush in victim Flush DAWG 39

Recommend

Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l.

Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l.

Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l. 2018/12/06 Agenda 2 STM32 Nucleo Boards STM32 Firewall Cache-Timing Attack Evict&Time vs. MbedTLS AES on STM32

477 views • 20 slides
CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded Systems (CHES) 2019 Alejandro Cabrera Aldaya 1 , Cesar Pereida Garca 2 , Luis Manuel Alvarez Tapia 1 , Billy Bob Brumley 2 , {aldaya,

371 views • 21 slides
Cache-timing attacks http://cr.yp.to/papers.html #cachetiming , 2005: D. J. Bernstein This

Cache-timing attacks http://cr.yp.to/papers.html #cachetiming , 2005: D. J. Bernstein This

Cache-timing attacks http://cr.yp.to/papers.html #cachetiming , 2005: D. J. Bernstein This paper reports successful Thanks to: extraction of a complete AES key University of Illinois at Chicago from a network server NSF CCR9983950 on

1.28k views • 91 slides
CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks Ghada

CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks Ghada

CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks Ghada Almashaqbeh 1 , Kevin Kelley 2 , Allison Bishop 1,3 , Justin Cappos 4 1 Columbia, 2 CacheCash, 3 Proof Trading, 4 NYU IEEE CNS 2019, DC, USA Outline

226 views • 19 slides
Dealing with cache based attacks in cryptography Speculating on cache attacks Simo Sorce Sr.

Dealing with cache based attacks in cryptography Speculating on cache attacks Simo Sorce Sr.

Dealing with cache based attacks in cryptography Speculating on cache attacks Simo Sorce Sr. Principal Software Engineer 2019/02/19 What are cache based attacks ? In cryptography In cryptographic operations, leaking the internal state of a

338 views • 8 slides
Eliminating cache-based timing attacks with instruction-based scheduling Deian Stefan , Pablo

Eliminating cache-based timing attacks with instruction-based scheduling Deian Stefan , Pablo

Eliminating cache-based timing attacks with instruction-based scheduling Deian Stefan , Pablo Buiras, Edward Z. Yang, Amit Levy, David Terei, Alejandro Russo, and David Mazires Motivation: IFC Web platforms Platforms allow 3rd-party developers

936 views • 61 slides
Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing attacks important? Clarifications Zero-One Gap / Neighborhood Size etc. Problems Questions Extensions Contribution Discussion

645 views • 26 slides
Dawg Camp! Dawg Camp! The Place to Be! Rick Gray Maggie Szeman

Dawg Camp! Dawg Camp! The Place to Be! Rick Gray Maggie Szeman

Dawg Camp! Dawg Camp! The Place to Be! Rick Gray Maggie Szeman Assistant Director Graduate Assistant Center for Leadership and Service The University of Georgia UGA Context The University of Georgia has a total

395 views • 23 slides
The Clock is Still Ticking: Timing Attacks in the Modern Web Tom Van Goethem, Wouter Joosen,

The Clock is Still Ticking: Timing Attacks in the Modern Web Tom Van Goethem, Wouter Joosen,

The Clock is Still Ticking: Timing Attacks in the Modern Web Tom Van Goethem, Wouter Joosen, Nick Nikiforakis Background: Timing attacks Introduced by Felten et al. in 2000. A side-channel attack analyzing the time that it takes to a

642 views • 21 slides
Cache Timing Side-Channel Vulnerability Checking with Computation Tree Logic Shuwen Deng , Wenjie

Cache Timing Side-Channel Vulnerability Checking with Computation Tree Logic Shuwen Deng , Wenjie

Cache Timing Side-Channel Vulnerability Checking with Computation Tree Logic Shuwen Deng , Wenjie Xiong and Jakub Szefer Yale University HASP June 2, 2018 Memory System Cache Memory CPU Typical set-associative cache sets ways cache

640 views • 25 slides
S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer,

S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer,

S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard August 15, 2019 Graz University of Technology What is S CATTER C ACHE ? www.tugraz.at Alternative design for n-way

460 views • 27 slides
Cache attacks: From side channels to fault attacks Clmentine Maurice CNRS, Rennes, France

Cache attacks: From side channels to fault attacks Clmentine Maurice CNRS, Rennes, France

Cache attacks: From side channels to fault attacks Clmentine Maurice CNRS, Rennes, France November 16, 2017 Cryptacus Workshop, Nijmegen, Netherlands the attacker only needs unprivileged execution on the victims machine

1.99k views • 164 slides
NetCAT : Practical Cache Attacks from the Network Michael Kurth , Ben Gras, Dennis Andriesse,

NetCAT : Practical Cache Attacks from the Network Michael Kurth , Ben Gras, Dennis Andriesse,

NetCAT : Practical Cache Attacks from the Network Michael Kurth , Ben Gras, Dennis Andriesse, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi Cache Attack from the Network Client Server Remote Cache Attack SSH 2 Network Cache Attack 3

794 views • 32 slides
An Analytical Model for Tim e-Driven Cache Attacks Kris Tiri Onur Ac imez Michael Neve

An Analytical Model for Tim e-Driven Cache Attacks Kris Tiri Onur Ac imez Michael Neve

An Analytical Model for Tim e-Driven Cache Attacks Kris Tiri Onur Ac imez Michael Neve Flemming Andersen Outline Motivation Cache attacks: origins, time-driven attack Strength of an implementation Analytical model of

685 views • 19 slides
Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University

Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University

SpectreGuard: An Efficient Data-centric Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University of Kansas 1 Speculative Execution Attacks Attacks exploiting microarchitectural side-effects of

499 views • 21 slides
CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks The

CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks The

CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks The Foundation of Network Security Stand-alone (ISP/Carrier Server Farm) modular TIPS for Perimeter Defense We brought a prototype for you!

263 views • 24 slides
CoDef: Collaborative Defense against Large-Scale Link-Flooding Attacks Soo Bum Lee * , Min Suk

CoDef: Collaborative Defense against Large-Scale Link-Flooding Attacks Soo Bum Lee * , Min Suk

CoDef: Collaborative Defense against Large-Scale Link-Flooding Attacks Soo Bum Lee * , Min Suk Kang , Virgil D. Gligor CyLab, Carnegie Mellon University * Qualcomm Dec. 12, 2013 Large Scale Link-Flooding Attacks Massive DDoS attacks against

487 views • 27 slides
1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

Cache Performance Metrics Cache miss rate: number of cache misses divided by number of accesses Lecture 14: Hardware Approaches for Cache Optimizations Cache hit time: the time between sending address and data returning from cache Cache

608 views • 4 slides
I Know Where Youve Been: ! Geo-Inference Attacks via the Browser Cache ! Yaoqi Jia Yaoqi Jia

I Know Where Youve Been: ! Geo-Inference Attacks via the Browser Cache ! Yaoqi Jia Yaoqi Jia

I Know Where Youve Been: ! Geo-Inference Attacks via the Browser Cache ! Yaoqi Jia Yaoqi Jia , Xinshu Dong , Zhenkai Liang , Prateek Saxena ! School of Computing, National University of Singapore ! Advanced Digital

496 views • 28 slides
Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in Advanced Topics in Network Security (600/650.624) Outline Traditional threat model in cryptography Side-channel attacks Kochers

1.19k views • 77 slides
DNSSEC aggressive cache (RFC 8198) Protection from random subdomain attacks Petr paek

DNSSEC aggressive cache (RFC 8198) Protection from random subdomain attacks Petr paek

DNSSEC aggressive cache (RFC 8198) Protection from random subdomain attacks Petr paek petr.spacek@nic.cz 2018-05-16 Talk outline Aggressive cache theory expectations efficiency Normal traffic measurements

823 views • 30 slides
Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi @danielmgmi https://moghimi.org Security Researcher PhD Candidate @ WPI Microarchitectural Attacks Side Channels Breaking Crypto

1.2k views • 71 slides
The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations Eyal Ronen , Robert

The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations Eyal Ronen , Robert

The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations Eyal Ronen , Robert Gillham, Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom Transport Layer Security (TLS) The most widely used cryptographic protocol

1.36k views • 120 slides
Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency Requirements of performance, availability, and disconnected operation require us to relax the goal of semantic transparency. - HTTP 1.1 specification

598 views • 13 slides

More recommend