Safecracker: Leaking Secrets through Compressed Caches Po-An Tsai, Andres Sanchez, Christopher Fletcher, and Daniel Sanchez ASPLOS 2020
Executive Summary 2 First security analysis of cache compression
Executive Summary 2 First security analysis of cache compression Compressibility of a cache line reveals info about its data
Executive Summary 2 First security analysis of cache compression Compressibility of a cache line reveals info about its data Attacker can exploit data colocation to leak secrets
Executive Summary 2 First security analysis of cache compression Compressibility of a cache line reveals info about its data Attacker can exploit data colocation to leak secrets Attacker Victim
Executive Summary 2 First security analysis of cache compression Compressibility of a cache line reveals info about its data Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Attacker sends encryption 1 request to victim
Executive Summary 2 First security analysis of cache compression Compressibility of a cache line reveals info about its data Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01
Executive Summary 2 First security analysis of cache compression Compressibility of a cache line reveals info about its data Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01 Cache compresses line 7B cache line
Executive Summary 2 First security analysis of cache compression Compressibility of a cache line reveals info about its data Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01 3 Attacker measures line’s compressed size, infers Cache compresses line 0x01 is in the secret data 7B cache line
Executive Summary 2 First security analysis of cache compression Compressibility of a cache line reveals info about its data Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01 3 Attacker measures line’s compressed size, infers Cache compresses line 0x01 is in the secret data 7B cache line Compromises secret key in ~10ms
Executive Summary 2 First security analysis of cache compression Compressibility of a cache line reveals info about its data Attacker can exploit data colocation to leak secrets Attacker Victim encrypt 0x01… Secret key Attacker-controlled input Attacker sends encryption 1 request to victim 2 Victim stores input next to key 0x01020304050607 0x01 3 Attacker measures line’s compressed size, infers Cache compresses line 0x01 is in the secret data 7B cache line Compromises secret key in ~10ms Leaks large fraction of victim memory when combined latent memory safety vulnerabilities
Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain
Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain
Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Presence of a line and its address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain
Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Speculatively executed Presence of a line and its instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain
Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain
Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressed cache attacks
Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressibility of secret (and data in same line) Compressed cache attacks
Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressibility of secret Writing secret data (and data in same line) (or data in same line) Compressed cache attacks
Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressibility of secret Timing difference to infer Writing secret data (and data in same line) a line’s compressibility (or data in same line) Compressed cache attacks
Speculation-Based vs. Compressed Cache Side-Channel Attacks 3 Speculation-based cache side channel attacks (e.g., Spectre) Timing difference to infer Speculatively executed Presence of a line and its a line’s presence instructions address (location in cache) Side Kiriansky et. al, MICRO’18 Victim’s Attacker’s channel protection protection Secret Transmitter Receiver Secret domain domain Compressibility of secret Timing difference to infer Writing secret data (and data in same line) a line’s compressibility (or data in same line) Compressed cache attacks Compressed cache attacks leak data without relying on speculation
Outline 4 Background on cache compression Pack+Probe: Measuring cache line compressibility Safecracker: Exploiting data colocation to leak secrets Potential defenses
Cache Compression Tradeoffs 5 Higher effective capacity Higher hit rate Somewhat higher hit latency
Cache Compression Tradeoffs 5 Higher effective capacity Higher hit rate Somewhat higher hit latency Highly beneficial for large caches (e.g., LLC) L3 Cache
Cache Compression Tradeoffs 5 Higher effective capacity Higher hit rate Somewhat higher hit latency Highly beneficial for large caches (e.g., LLC) L3 Intense research activity over past 15 years Cache
Cache Compression Tradeoffs 5 Higher effective capacity Higher hit rate Somewhat higher hit latency Highly beneficial for large caches (e.g., LLC) L3 Intense research activity over past 15 years Cache
Cache Compression Tradeoffs 5 Higher effective capacity Higher hit rate Somewhat higher hit latency Highly beneficial for large caches (e.g., LLC) L3 Intense research activity over past 15 years Cache All focus on performance, not security
Cache Compression Ingredients 6
Cache Compression Ingredients 6 Architecture: How to locate and manage variable- sized compressed blocks?
Cache Compression Ingredients 6 Architecture: How to locate and manage variable- sized compressed blocks? Algorithm: How to compress each cache block?
Cache Compression Ingredients 6 Architecture: How to locate and manage variable- sized compressed blocks? Algorithm: How to compress each cache block? We focus attacks on a commonly used baseline: VSC compressed cache architecture BDI compression algorithm
Recommend
More recommend