safecracker leaking secrets through compressed caches
play

Safecracker: Leaking Secrets through Compressed Caches Po-An Tsai, - PowerPoint PPT Presentation

Safecracker: Leaking Secrets through Compressed Caches Po-An Tsai, Andres Sanchez, Christopher Fletcher, and Daniel Sanchez ASPLOS 2020 Executive Summary 2 First security analysis of cache compression Executive Summary 2 First security


  1. Safecracker: Leaking Secrets through Compressed Caches Po-An Tsai, Andres Sanchez, Christopher Fletcher, and Daniel Sanchez ASPLOS 2020

  2. Executive Summary 2  First security analysis of cache compression

  3. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data

  4. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets

  5. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim

  6. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Attacker sends encryption 1 request to victim

  7. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01

  8. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01 Cache compresses line 7B cache line

  9. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01 3 Attacker measures line’s compressed size, infers Cache compresses line 0x01 is in the secret data 7B cache line

  10. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01 3 Attacker measures line’s compressed size, infers Cache compresses line 0x01 is in the secret data 7B cache line Compromises secret key in ~10ms

  11. Executive Summary 2  First security analysis of cache compression  Compressibility of a cache line reveals info about its data  Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01 3 Attacker measures line’s compressed size, infers Cache compresses line 0x01 is in the secret data 7B cache line Compromises secret key in ~10ms Leaks large fraction of victim memory when combined latent memory safety vulnerabilities

  12. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain

  13. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain

  14. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Presence of a line and its address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain

  15. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Speculatively executed Presence of a line and its instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain

  16. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain

  17. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressed cache attacks

  18. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressibility of secret (and data in same line) Compressed cache attacks

  19. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressibility of secret Writing secret data (and data in same line) (or data in same line) Compressed cache attacks

  20. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressibility of secret Timing difference to infer Writing secret data (and data in same line) a line’s compressibility (or data in same line) Compressed cache attacks

  21. Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressibility of secret Timing difference to infer Writing secret data (and data in same line) a line’s compressibility (or data in same line) Compressed cache attacks Compressed cache attacks leak data without relying on speculation

  22. Outline 4  Background on cache compression  Pack+Probe: Measuring cache line compressibility  Safecracker: Exploiting data colocation to leak secrets  Potential defenses

  23. Cache Compression Tradeoffs 5  Higher effective capacity  Higher hit rate  Somewhat higher hit latency

  24. Cache Compression Tradeoffs 5  Higher effective capacity  Higher hit rate  Somewhat higher hit latency  Highly beneficial for large caches (e.g., LLC) L3 Cache

  25. Cache Compression Tradeoffs 5  Higher effective capacity  Higher hit rate  Somewhat higher hit latency  Highly beneficial for large caches (e.g., LLC) L3  Intense research activity over past 15 years Cache

  26. Cache Compression Tradeoffs 5  Higher effective capacity  Higher hit rate  Somewhat higher hit latency  Highly beneficial for large caches (e.g., LLC) L3  Intense research activity over past 15 years Cache

  27. Cache Compression Tradeoffs 5  Higher effective capacity  Higher hit rate  Somewhat higher hit latency  Highly beneficial for large caches (e.g., LLC) L3  Intense research activity over past 15 years Cache All focus on performance, not security

  28. Cache Compression Ingredients 6

  29. Cache Compression Ingredients 6  Architecture: How to locate and manage variable- sized compressed blocks?

  30. Cache Compression Ingredients 6  Architecture: How to locate and manage variable- sized compressed blocks?  Algorithm: How to compress each cache block?

  31. Cache Compression Ingredients 6  Architecture: How to locate and manage variable- sized compressed blocks?  Algorithm: How to compress each cache block?  We focus attacks on a commonly used baseline:  VSC compressed cache architecture  BDI compression algorithm

Recommend


More recommend