safecracker leaking secrets through compressed caches
play

Safecracker: Leaking Secrets through Compressed Caches Po-An Tsai, - PowerPoint PPT Presentation

Aug 17, 2022 •1.24k likes •2.15k views

Safecracker: Leaking Secrets through Compressed Caches Po-An Tsai, Andres Sanchez, Christopher Fletcher, and Daniel Sanchez ASPLOS 2020 Executive Summary 2 First security analysis of cache compression Executive Summary 2 First security

  1. Safecracker: Leaking Secrets through Compressed Caches Po-An Tsai, Andres Sanchez, Christopher Fletcher, and Daniel Sanchez ASPLOS 2020

  2. Executive Summary 2  First security analysis of cache compression

  3. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data

  4. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets

  5. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim

  6. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Attacker sends encryption 1 request to victim

  7. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01

  8. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01 Cache compresses line 7B cache line

  9. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01 3 Attacker measures line’s compressed size, infers Cache compresses line 0x01 is in the secret data 7B cache line

  10. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01 3 Attacker measures line’s compressed size, infers Cache compresses line 0x01 is in the secret data 7B cache line Compromises secret key in ~10ms

  11. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01 3 Attacker measures line’s compressed size, infers Cache compresses line 0x01 is in the secret data 7B cache line Compromises secret key in ~10ms Leaks large fraction of victim memory when combined latent memory safety vulnerabilities

  12. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain

  13. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain

  14. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Presence of a line and its address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain

  15. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Speculatively executed Presence of a line and its instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain

  16. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain

  17. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressed cache attacks

  18. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressibility of secret (and data in same line) Compressed cache attacks

  19. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressibility of secret Writing secret data (and data in same line) (or data in same line) Compressed cache attacks

  20. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressibility of secret Timing difference to infer Writing secret data (and data in same line) a line’s compressibility (or data in same line) Compressed cache attacks

  21. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressibility of secret Timing difference to infer Writing secret data (and data in same line) a line’s compressibility (or data in same line) Compressed cache attacks Compressed cache attacks leak data without relying on speculation

  22. Outline 4  Background on cache compression  Pack+Probe: Measuring cache line compressibility  Safecracker: Exploiting data colocation to leak secrets  Potential defenses

  23. Cache Compression Tradeoffs 5  Higher effective capacity  Higher hit rate  Somewhat higher hit latency

  24. Cache Compression Tradeoffs 5  Higher effective capacity  Higher hit rate  Somewhat higher hit latency  Highly beneficial for large caches (e.g., LLC) L3 Cache

  25. Cache Compression Tradeoffs 5  Higher effective capacity  Higher hit rate  Somewhat higher hit latency  Highly beneficial for large caches (e.g., LLC) L3  Intense research activity over past 15 years Cache

  26. Cache Compression Tradeoffs 5  Higher effective capacity  Higher hit rate  Somewhat higher hit latency  Highly beneficial for large caches (e.g., LLC) L3  Intense research activity over past 15 years Cache

  27. Cache Compression Tradeoffs 5  Higher effective capacity  Higher hit rate  Somewhat higher hit latency  Highly beneficial for large caches (e.g., LLC) L3  Intense research activity over past 15 years Cache All focus on performance, not security

  28. Cache Compression Ingredients 6

  29. Cache Compression Ingredients 6  Architecture: How to locate and manage variable- sized compressed blocks?

  30. Cache Compression Ingredients 6  Architecture: How to locate and manage variable- sized compressed blocks?  Algorithm: How to compress each cache block?

  31. Cache Compression Ingredients 6  Architecture: How to locate and manage variable- sized compressed blocks?  Algorithm: How to compress each cache block?  We focus attacks on a commonly used baseline:  VSC compressed cache architecture  BDI compression algorithm

Recommend

Cross-Origin State Inference (COSI) Attacks: Your Browser is Leaking Your Secrets Avinash

Cross-Origin State Inference (COSI) Attacks: Your Browser is Leaking Your Secrets Avinash

Cross-Origin State Inference (COSI) Attacks: Your Browser is Leaking Your Secrets Avinash Sudhodanan Soheil Khodayari Juan Caballero 24/02/2020, NDSS 2020 COSI Attack A malicious web site infers the state of a user (the victim) at another web

767 views • 54 slides
Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook

Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook

Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook we all have secrets and these secrets matter to us thats what makes them secrets software should keep our secrets some secrets are awful

1k views • 75 slides
Compressed Membership for NFA (DFA) with Compressed Labels is in NP (P) Artur Je University of

Compressed Membership for NFA (DFA) with Compressed Labels is in NP (P) Artur Je University of

Compressed Membership for NFA (DFA) with Compressed Labels is in NP (P) Artur Je University of Wrocaw Compressed membership for NFA 1 / 17 Artur Je What this talk is about Fully compressed membership problem for automata Compressed

733 views • 69 slides
Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to

Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to

NAHPXXJI6KNA Book ^ Presentation Secrets Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to describe. It typically does not price an excessive amount of. It is extremely difficult to leave it before

260 views • 3 slides
Multicore Workshop Caches Mark Bull David Henty EPCC, University of Edinburgh Overview

Multicore Workshop Caches Mark Bull David Henty EPCC, University of Edinburgh Overview

Multicore Workshop Caches Mark Bull David Henty EPCC, University of Edinburgh Overview Why caches are needed How caches work Cache design and performance. 20/11/2012 Caches 2 The memory speed gap Moores Law: processors

811 views • 27 slides
Trace Caches and optimizations therein CSE 240C - Rushi Chakrabarti - Winter 2009 Trace Caches

Trace Caches and optimizations therein CSE 240C - Rushi Chakrabarti - Winter 2009 Trace Caches

Trace Caches and optimizations therein CSE 240C - Rushi Chakrabarti - Winter 2009 Trace Caches [Rotenberg96] Trace Caches For those not in the know: I$ that captures dynamic instruction sequences trace n instructions (cache

432 views • 41 slides
Say Goodbye to Off-heap Caches! On-heap Caches Using Memory-Mapped I/O Iacovos G. Kolokasis 1 ,

Say Goodbye to Off-heap Caches! On-heap Caches Using Memory-Mapped I/O Iacovos G. Kolokasis 1 ,

Say Goodbye to Off-heap Caches! On-heap Caches Using Memory-Mapped I/O Iacovos G. Kolokasis 1 , Anastasios Papagiannis 1 , Foivos Zakkak 2 , Polyvios Pratikakis 1 , and Angelos Bilas 1 1 University of Crete & Foundation of Research and

457 views • 19 slides
What You Must Know about Memory, Caches, and Shared Memory Kenjiro Taura 1 / 67 Contents 1

What You Must Know about Memory, Caches, and Shared Memory Kenjiro Taura 1 / 67 Contents 1

What You Must Know about Memory, Caches, and Shared Memory Kenjiro Taura 1 / 67 Contents 1 Introduction 2 Organization of processors, caches, and memory 3 Caches 4 So how costly is it to access data? Latency Bandwidth Many algorithms are

1.16k views • 105 slides
CS 136: Advanced Architecture Review of Caches 1 / 30 Introduction Why Caches? Basic goal:

CS 136: Advanced Architecture Review of Caches 1 / 30 Introduction Why Caches? Basic goal:

CS 136: Advanced Architecture Review of Caches 1 / 30 Introduction Why Caches? Basic goal: Size of cheapest memory . . . At speed of most expensive Locality makes it work Temporal locality: If you reference x , youll probably

717 views • 33 slides
Aligning DNA sequences on compressed collections of genomes Part 2. Compressed indexing The

Aligning DNA sequences on compressed collections of genomes Part 2. Compressed indexing The

Aligning DNA sequences on compressed collections of genomes Part 2. Compressed indexing The CODATA-RDA Research Data Science Applied workshop on Bioinformatics ICTP, Trieste - Italy July 24-28, 2017 Nicola Prezza Technical University of

788 views • 45 slides
Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an

Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an

XUECRQXNRXVS Book Presentation Secrets Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an remarkable book which i have ever go through. It can be writter in simple terms and not difficult to

343 views • 3 slides
Review: Why We Use Caches Caches Review Mechanism for transparent movement of Proc 1000

Review: Why We Use Caches Caches Review Mechanism for transparent movement of Proc 1000

Review: Why We Use Caches Caches Review Mechanism for transparent movement of Proc 1000 CPU data among levels of a storage hierarchy 60%/yr. Moores Law Performance set of address/value bindings address index to

966 views • 11 slides
Seven Secrets to Building a Successful Business Introductions The Seven Secrets to Building a

Seven Secrets to Building a Successful Business Introductions The Seven Secrets to Building a

Seven Secrets to Building a Successful Business Introductions The Seven Secrets to Building a Successful Business The Essential Tools Incredible Offer!!! Todays Agenda Just for attending you get Copy of the Presentation Link to the

698 views • 56 slides
Presentation Secrets Presentation Secrets Filesize: 3.61 MB Reviews Reviews This is basically

Presentation Secrets Presentation Secrets Filesize: 3.61 MB Reviews Reviews This is basically

NHHOGOEDX28F PDF Presentation Secrets Presentation Secrets Presentation Secrets Filesize: 3.61 MB Reviews Reviews This is basically the greatest pdf i have got go through right up until now. It normally fails to cost excessive. Once you

397 views • 3 slides
ECE232: Hardware Organization and Design Lecture 22: Introduction to Caches Adapted from Computer

ECE232: Hardware Organization and Design Lecture 22: Introduction to Caches Adapted from Computer

ECE232: Hardware Organization and Design Lecture 22: Introduction to Caches Adapted from Computer Organization and Design , Patterson & Hennessy, UCB Overview Caches hold a subset of data from the main memory Three types of caches

710 views • 25 slides
1 Implementation Snoop Caches Implementing Snooping Caches Write Races: Multiple processors

1 Implementation Snoop Caches Implementing Snooping Caches Write Races: Multiple processors

An Example Snoopy Protocol Invalidation protocol, write-back cache Each block of memory is in one state: Cache Coherence and Memory Clean in all caches and up-to-date in memory (Shared) Consistency OR Dirty in exactly one cache

507 views • 3 slides
CSE 351: Week 7 Tom Bergan, TA 1 Today Cache geometries Lab 4 2 Caches they make

CSE 351: Week 7 Tom Bergan, TA 1 Today Cache geometries Lab 4 2 Caches they make

CSE 351: Week 7 Tom Bergan, TA 1 Today Cache geometries Lab 4 2 Caches they make memory faster Main CPU Reg Cache Memory fast slow Tradeoff: caches are smaller than main memory 3 Why do caches work? Temporal locality: int

663 views • 19 slides
Compressed Sensing. Find x with small number of non-zeros using linear measurements. Compressed

Compressed Sensing. Find x with small number of non-zeros using linear measurements. Compressed

Fun with 1 and 2 x 1 n x 2 . Fun with 1 and 2 x 1 n x 2 . x 1 = x sgn ( x ) x 2 sgn ( x ) 2 x 2 Fun with 1 and 2 x 1

1.25k views • 123 slides
How to be a paranoid or just think like one 1 2 Leaking information Stealing 26.5 million

How to be a paranoid or just think like one 1 2 Leaking information Stealing 26.5 million

Pro rotection a and S d Securi rity How to be a paranoid or just think like one 1 2 Leaking information Stealing 26.5 million veteran s data Data on laptop stolen from employee s home (5/06) Veterans names Social Security

580 views • 30 slides
Pattern Matching on Compressed T exts II Shunsuke Inenaga Kyushu University, Japan Agenda

Pattern Matching on Compressed T exts II Shunsuke Inenaga Kyushu University, Japan Agenda

Pattern Matching on Compressed T exts II Shunsuke Inenaga Kyushu University, Japan Agenda Fully Compressed Pattern Matching Straight Line Program Compressed String Comparison Period of Compressed String Pattern Discovery

684 views • 42 slides
Compressed Membership for NFA (DFA) with Compressed Labels is in NP (P) Artur Je Wrocaw,

Compressed Membership for NFA (DFA) with Compressed Labels is in NP (P) Artur Je Wrocaw,

Compressed Membership for NFA (DFA) with Compressed Labels is in NP (P) Artur Je Wrocaw, Poland 7 September 2011 Compressed membership for NFA 7 September 2011 1 / 25 Artur Je Straight Line Programms SLPs Definition (Straight Line

819 views • 79 slides
Deep Compressed Sensing Yan Wu, Mihaela Rosca, Tim Lillicrap Compressed Sensing A Brief Review

Deep Compressed Sensing Yan Wu, Mihaela Rosca, Tim Lillicrap Compressed Sensing A Brief Review

Deep Compressed Sensing Yan Wu, Mihaela Rosca, Tim Lillicrap Compressed Sensing A Brief Review An underdetermined problem: random projection signal, e.g, vectorised image measurements M x y Reconstruction of x is possible when the signal

345 views • 6 slides
1 Secrets to Successful Retreat Planning Your Questions/Goals What are some of your best camp

1 Secrets to Successful Retreat Planning Your Questions/Goals What are some of your best camp

Welcome Secrets to Successful Retreat Planning Secrets to Successful Retreat Planning Be still and know that I am God Psalm 46:10 Secrets to Successful Retreat Planning Welcome Introduction (Leave w/everything you need to create your

465 views • 12 slides
Fast Data Driven Compressed Sensing and application to compressed quantitative MRI Mike Davies

Fast Data Driven Compressed Sensing and application to compressed quantitative MRI Mike Davies

IDCOM, University of Edinburgh Fast Data Driven Compressed Sensing and application to compressed quantitative MRI Mike Davies & Mohammad Golbabaee Joint work with Zhouye Chen, Yves Wiaux Zaid Mahbub, Ian Marshall IDCOM, University of

426 views • 29 slides

More recommend