enabling hardware randomization across the cache
play

Enabling Hardware Randomization Across the Cache Hierarchy in - PowerPoint PPT Presentation

Aug 04, 2023 •843 likes •1.17k views

Enabling Hardware Randomization Across the Cache Hierarchy in Linux-Class Processors Max Doblas , Ioannis-Vatistas Kostalabros , Miquel Moret and Carles Hernndez Computer Sciences - Runtime Aware Architecture, Barcelona

  1. Enabling Hardware Randomization Across the Cache Hierarchy in Linux-Class Processors Max Doblas¹ , Ioannis-Vatistas Kostalabros¹ , Miquel Moretó¹ and Carles Hernández² ¹Computer Sciences - Runtime Aware Architecture, Barcelona Supercomputing Center { max.doblas, vatistas.kostalabros, miquel.moreto } @bsc.es ²Department of Computing Engineering, Universitat Politècnica de València carherlu@upv.es 1

  2. Introduction ● Cache-based side channel attacks are a serious concern in many computing domains ● Existing randomizing proposals can not deal with virtual memory ○ The majority of the state-of-the-art is focussing at the LLCs ● Our proposal enables randomizing the whole cache hierarchy of a Linux-capable RISC-V processor 2

  3. Cache Side Channel Attacks 3

  4. Cache Side Channel Attacks 4 sets, 2 way associative cache Prime+Probe Example 1. Calibration V1 A1 A2 Ax Attacker’s Blocks Vx Victim’s Blocks 4

  5. Cache Side Channel Attacks 4 sets, 2 way associative cache Prime+Probe Example 1. Calibration V1 A1 A2 2. Prime (precondition) Ax Attacker’s Blocks Vx Victim’s Blocks 5

  6. Cache Side Channel Attacks 4 sets, 2 way associative cache Prime+Probe Example 1. Calibration A1 V1 A2 2. Prime (precondition) Ax Attacker’s Blocks 3. Wait(execution of the victim) Vx Victim’s Blocks 6

  7. Cache Side Channel Attacks 4 sets, 2 way associative cache Prime+Probe Example 1. Calibration V1 A1 A2 2. Prime (precondition) Ax Attacker’s Blocks 3. Wait(execution of the victim) Vx Victim’s Blocks 4. Probe (detection) 7

  8. State of the art Cache-layout randomization schemes ● Parametric functions that randomize the mapping of a block inside the cache ○ Use a key-value to change the hashing applied to the address ○ At every key change a new calibration has to be performed ○ Protection is provided by modifying the key frequently ● It can be used in single or multiple security domains 8

  9. State of the art ● (a) Some solutions use an Encryption-Decryption scheme ○ Introduces latency -> Potential high impact in cache latency ○ Improves design simplicity by not altering the cache structure 9

  10. State of the art ● (b) Randomization function produces the cache-set’s index ○ Latency can be partially hidden-> feasible for first level caches ○ Needs to increase the Tags to recover block address ○ Extra mechanism is needed to enable the virtual memory 10

  11. Randomization Functions Quality ● Randomization functions need to balance security performance trade-off ● CEASER’s LLBC ○ Inherent linearity deems it useless for SCA thwarting [1] ● Balance time randomized functions examples [2]: a) Hash Function b) Random mopdulo [1] R. Bodduna, V. Ganesan, P. Slpsk, C. Rebeiro, and V. Kamakoti. Brutus: Refuting the security claims of the cache timing randomization coun- termeasure proposed in ceaser. IEEE Computer Architecture Letters, 2020. [2]D. Trilla, C. Hernández, J. Abella, and F. J. Cazorla. Cache side-channel attacks and time-predictability in high-performance critical real-time systems. In DAC, pages 98:1–98:6, 2018. 11

  12. Skewed Caches Addr Addr f(addr) f1(addr) f2(addr) Skewed Traditional Scheme Scheme ● Enhances the security of the cache ○ It is more difficult to calibrate an attack ○ Increases the resources used by multiplying the number of randomization functions. 12

  13. Virtual memory Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT 13

  14. Virtual memory Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Process A: sb X -> 0x0001 Process B: ld 0x1001 -> r1 addr[1:0] addr[1:0] CPU CPU Virtual Virtual Address Address X X 14

  15. Virtual memory Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Proc A: sd X -> 0x0001 f(addr) CPU Virtual Address X 15

  16. Virtual memory Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Proc A: sd X -> 0x0001 Proc B: ld 0x1001 -> r1 f(addr) f(addr) CPU CPU Virtual Virtual Address Address X X Miss 16

  17. Virtual memory Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Coherency protocol Proc A: sd X -> 0x0001 Proc B: ld 0x1001 -> r1 access to addr 0x3001 f(addr) f(addr) f(addr) CPU CPU L2 Virtual Virtual Physical Address Address Address X X X Miss 17

  18. Proposal ● Adds supports the coherence protocol in finding any valid block. ○ Even after a key or a page-table’s translation modification. ● Every cache, keeps track of the valid blocks in the lower level cache. ○ This tracking is done by storing the last random index used by the lower level cache for every valid block. ○ Using this information, the cache probes any block of the lower level cache. 18

  19. Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Proc A: sd X -> 0x0001 Proc B: ld 0x1001 -> r1 f(addr) f(addr) CPU CPU Virtual Virtual Address Address X X Miss 19

  20. Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Coherency protocol Proc A: sd X -> 0x0001 Proc B: ld 0x1001 -> r1 access to addr 0x3001 f(addr) f(addr) f(addr) CPU CPU L2 Virtual Virtual Physical Address Address Address X X X Miss 20

  21. Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Coherency protocol Coherency protocol provides X invalidating addr 0x3001 f(addr) f(addr) L2 L2 Physical X Physical Address Address X rnd_idx updated 21

  22. Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Coherency protocol Coherency protocol Proc B: ld 0x1001 -> r1 provides X invalidating addr 0x3004 f(addr) f(addr) f(addr) L2 L2 Physical CPU X Physical Address Virtual X Address Address X rnd_idx updated 22

  23. Example of a Three Level Cache Hierarchy 23

  24. Implementation on a RISC-V Core We have implemented this mechanism in the lowRISC SoC. ● There are two different randomizers on the first level cache . ○ Hash function and Random modulo. ● L2 incorporates the directory which track the L1 Blocks . ● Both caches have been augmented with tag array extensions to handle collisions produced by the randomizers. ● The Coherency protocol has been modified. ○ Able to issue probe requests using the random index stored. 24

  25. Performance Evaluation ● We used the non-floating point benchmarks from the EEMBC suite. ○ 1000 iterations with 1000 different randomized keys. ● The hash function version has a very small impact on performance. ○ Other configurations increase the performance in this benchmarks. 25

  26. Security Evaluation ● NIST STS testing proves uniform set distribution. ● Non-linear randomization function. ○ Thwarts linear cryptanalysis attacks. ● Security vulnerability analysis based on the cost of attack calibration Number of attacker accesses to build eviction set 26

  27. Resources Evaluation FPGA resources utilization for different configurations of the caches ● The HF has a higher cost. ● In the RM case, randomization module consumes very few resources. 27

  28. Conclusions ● Novel randomization mechanism for the whole cache hierarchy. ● Enables the use of virtual and physical addresses. ● Maintains cache coherency. ● Has a small impact on performance and consumed resources. ● We achieved integration into a RISC-V processor capable to boot Linux. ● Achieved increased security against cache-based side-channel attacks. 28

Recommend

S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer,

S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer,

S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard August 15, 2019 Graz University of Technology What is S CATTER C ACHE ? www.tugraz.at Alternative design for n-way

460 views • 27 slides
1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

Cache Performance Metrics Cache miss rate: number of cache misses divided by number of accesses Lecture 14: Hardware Approaches for Cache Optimizations Cache hit time: the time between sending address and data returning from cache Cache

608 views • 4 slides
Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Kuniyasu

Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Kuniyasu

Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Kuniyasu Suzaki Kengo Iijima Kuniyasu Suzaki, Kengo Iijima, Toshiki Yagi, Cyrille Artho Research Institute for Secure Systems EuroSec 2012 at Bern, April

283 views • 25 slides
Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency Requirements of performance, availability, and disconnected operation require us to relax the goal of semantic transparency. - HTTP 1.1 specification

598 views • 13 slides
Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the- Wire By

Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the- Wire By

Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the- Wire By Teryl Taylor , Kevin Z. Snow, Nathan Otterness and Fabian Monrose University of North Carolina at Chapel Hill Motivation PU Internet Get

686 views • 34 slides
A Hardware Evaluation of Cache Partitioning to Improve Utilization and Energy-Efficiency while

A Hardware Evaluation of Cache Partitioning to Improve Utilization and Energy-Efficiency while

A Hardware Evaluation of Cache Partitioning to Improve Utilization and Energy-Efficiency while Preserving Responsiveness Henry Cook, Miquel Moreto, Sarah Bird, Kanh Dao, David Patterson, Krste Asanovic University of California, Berkeley

540 views • 40 slides
CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded Systems (CHES) 2019 Alejandro Cabrera Aldaya 1 , Cesar Pereida Garca 2 , Luis Manuel Alvarez Tapia 1 , Billy Bob Brumley 2 , {aldaya,

371 views • 21 slides
Randomization Algorithm Theory WS 2012/13 Fabian Kuhn Randomization Randomized Algorithm: An

Randomization Algorithm Theory WS 2012/13 Fabian Kuhn Randomization Randomized Algorithm: An

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn Randomization Randomized Algorithm: An algorithm that uses (or can use) random coin flips in order to make decisions We will see: randomization can be a powerful tool to Make

497 views • 21 slides
Overview Synchronization hardware primitives Cache Coherency Issues Coherence misses

Overview Synchronization hardware primitives Cache Coherency Issues Coherence misses

Overview Synchronization hardware primitives Cache Coherency Issues Coherence misses 5 Chip Multiprocessors (II) Cache coherence and interconnects Directory-based Coherency Protocols Chip Multiprocessors (ACS MPhil)

480 views • 13 slides
Architecting and Programming a Hardware-Incoherent Multiprocessor Cache Hierarchy Wooil Kim,

Architecting and Programming a Hardware-Incoherent Multiprocessor Cache Hierarchy Wooil Kim,

Architecting and Programming a Hardware-Incoherent Multiprocessor Cache Hierarchy Wooil Kim, Sanket Tavarageri, P. Sadayappan, Josep Torrellas University of Illinois at Urbana-Champaign Ohio State University IPDPS 2016. May 2016 Motivation

737 views • 28 slides
L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache, and all blocks initially marked as not valid , Given the main memory word addresses 0 1 2 3 4 3 4 15, calculate Cache hit rate. Cache Index

654 views • 9 slides
Outline Cache coherence the hardware view 1 2 Synchronization and memory consistency review 3

Outline Cache coherence the hardware view 1 2 Synchronization and memory consistency review 3

Outline Cache coherence the hardware view 1 2 Synchronization and memory consistency review 3 C11 Atomics 4 Avoiding locks 1 / 43 Important memory system properties Coherence concerns accesses to a single memory location - Must obey

858 views • 48 slides
Hardware Modeling 2 Cache Analyses Peter Puschner slides credits: P. Puschner, R. Kirner, B.

Hardware Modeling 2 Cache Analyses Peter Puschner slides credits: P. Puschner, R. Kirner, B.

Hardware Modeling 2 Cache Analyses Peter Puschner slides credits: P. Puschner, R. Kirner, B. Huber VU 2.0 182.101 SS 2015 Recap: Caches in WCET Analysis Purpose :

902 views • 46 slides
Lecture 23: Cache, Memory, Security Todays topics: Caching policies Main memory

Lecture 23: Cache, Memory, Security Todays topics: Caching policies Main memory

Lecture 23: Cache, Memory, Security Todays topics: Caching policies Main memory system Hardware security intro 1 Cache Misses On a write miss, you may either choose to bring the block into the cache (write-allocate) or

460 views • 11 slides
Lecture 24: Cache, Memory, Security Todays topics: Caching policies Main memory

Lecture 24: Cache, Memory, Security Todays topics: Caching policies Main memory

Lecture 24: Cache, Memory, Security Todays topics: Caching policies Main memory system Hardware security intro 1 Cache Misses On a write miss, you may either choose to bring the block into the cache (write-allocate) or

146 views • 10 slides
Apps with Hardware: Enabling Run-time Architectural Customization in Smart Phones Michael

Apps with Hardware: Enabling Run-time Architectural Customization in Smart Phones Michael

Apps with Hardware: Enabling Run-time Architectural Customization in Smart Phones Michael Coughlin, Ali Ismail, and Eric Keller, University of Colorado, Boulder https://www.usenix.org/conference/atc16/technical-sessions/presentation/coughlin This

402 views • 15 slides
Apps with Hardware Enabling Run-time Architectural Customization in Smart Phones Michael

Apps with Hardware Enabling Run-time Architectural Customization in Smart Phones Michael

Apps with Hardware Enabling Run-time Architectural Customization in Smart Phones Michael Coughlin, Ali Ismail, Eric Keller University of Colorado Boulder Mobile Devices Devices are designed around certain restrictions This leads vendors to

569 views • 53 slides
Abusing hardware for fun and profit Agenda Cache-based Covert channels w/ demo Spectre

Abusing hardware for fun and profit Agenda Cache-based Covert channels w/ demo Spectre

Abusing hardware for fun and profit Agenda Cache-based Covert channels w/ demo Spectre and Meltdown from covert channels Process isola8on + OS (CS 423) OS paging OS services 0x00000000 Communica<on to other processes

568 views • 15 slides
What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache

What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache

What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache Performance Proc/Regs L1-Cache Bigger Faster L2-Cache Memory hierarchy concept, cache L3-Cache (optional) design fundamentals, set-associative

303 views • 4 slides
Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert May, 2006 Address Space Randomization Theory Randomize location of memory objects Libraries Heap User, kernel-space stack Foils attacks like

560 views • 15 slides
Cache Performance Associativity Replacement Samira Khan Cache Performance March 28,

Cache Performance Associativity Replacement Samira Khan Cache Performance March 28,

3/28/17 Agenda Review from last lecture Cache access Cache Performance Associativity Replacement Samira Khan Cache Performance March 28, 2017 Direct-Mapped Cache: Placement and Access Cache Abstraction and Metrics 00 | 000

518 views • 16 slides
Plan Hierarchical memories and their impact on our programs 1 Cache Memories, Cache Complexity

Plan Hierarchical memories and their impact on our programs 1 Cache Memories, Cache Complexity

Plan Hierarchical memories and their impact on our programs 1 Cache Memories, Cache Complexity Cache Analysis in Practice 2 Marc Moreno Maza The Ideal-Cache Model 3 University of Western Ontario, London, Ontario (Canada) Cache Complexity

632 views • 25 slides
CSE 120 Cache to map virtual page numbers to page frame Associative memory: HW looks up in all

CSE 120 Cache to map virtual page numbers to page frame Associative memory: HW looks up in all

Translation Lookaside Buffer (TLB) Implemented in Hardware CSE 120 Cache to map virtual page numbers to page frame Associative memory: HW looks up in all cache entries simultaneously Usually not big: 64-128 entries TLB entry: page

387 views • 7 slides
1 2 In stat. people may call these multistage trials (the randomization at each stage is

1 2 In stat. people may call these multistage trials (the randomization at each stage is

1 2 In stat. people may call these multistage trials (the randomization at each stage is assumed) 3 4 Hypothetical trial: Outcome is not shown but is on far right. The randomizations can take place up front. Equal randomization Usual

587 views • 36 slides

More recommend