Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity

thwarting cache side channel attacks through n.w
1 / 21
Embed
Share

Learn about how dynamic software diversity can protect against cache side-channel attacks, including methods, background, examples, motivations, current works, limitations, and novel techniques like control-flow randomization.

  • Cache Security
  • Side-Channel Attacks
  • Software Diversity
  • Security Techniques
rayaanacharya
fate_79 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Thwarting Cache Side- Channel Attacks Through Dynamic Software Diversity Presented by Xianchen Meng

  2. Background Side-Channel Attacks Definition: In cryptography, a side-channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms (compare cryptanalysis). Methods: Timing attack Power-monitoring attack Electromagnetic attacks

  3. Example Different execution time

  4. Background Cache structure

  5. Background Example Attacks

  6. Background Example Attacks

  7. Motivation Since code injection, code reuse, and reverse engineering attacks are all significantly harder against diversified software, the authors propose to extend software diversity to protect against side-channel attacks, in particular cache side channels. artificial software diversity denies attackers precise knowledge of their target by randomizing implementation features of a program.

  8. Current works & Limitations Most existing diversification approaches randomize programs before execution. e.g., during compilation, installation, or loading. Ahead-of-time randomization is desirable Some approaches interleave program randomization with a static method and program execution and the granularity of randomization in these approaches is quite coarse Limitation: potentially allowing an attacker to observe the program uninterrupted for long enough to carry out a successful side-channel attack

  9. Novelty control-flow randomization Avoiding current problems by extending techniques used to prevent reverse engineering such as code replication and control-flow randomization replicate code at a finer grained level produce a nearly unlimited number of runtime paths by randomly switching between these replicas

  10. Novelty Diversifying transformations To vary the side-channel characteristics of replicas, authors employ diversifying transformations. Diversification preserves the original program semantics while ensuring that each replica differs at the level of machine instructions. Combine control-flow randomization with diversifying transformation to counter cache-based side-channel attacks Called dynamic control-flow diversity

  11. Dynamic control-flow diversity

  12. Dynamic control-flow diversity begin by choosing a set of program fragments (either functions or basic blocks) to transform clone each chosen program fragment a configurable number of times and use different diversifying transformations for each clone integrate these randomized replicas into a program that dynamically chooses control-flow paths at runtime

  13. Dynamic control-flow diversity

  14. Dynamic control-flow diversity

  15. Cache Noise Transformation The authors investigated one specific transformation, inserting cache noise, to disrupt cache side-channel observations. This technique is only one example of possible side- channel disrupting transformations. Inserting random memory loads Static: addr = region_base + offset Dynamic: addr = Memory[random_table[i]]

  16. Table Randomization Optimization

  17. Evaluation Security Evaluation

  18. Evaluation Performance Evaluation

  19. Evaluation Performance Evaluation

  20. Evaluation Performance Evaluation CPU intensive workloads

  21. Quiz 1.what are the limitations of current works? 2. what does dynamic control-flow diversity consist of? 3.what is the principle method of authors work?

Related


Channel Design

Channel Design

kendra
Sales Leadership Management

Sales Leadership Management

alijah
Channel Design in Marketing

Channel Design in Marketing

sumayyah
ML-Aided Channel Classification for WLAN Optimization

ML-Aided Channel Classification for WLAN Optimization

henley
Successful Channel Modification Techniques and Benefits

Successful Channel Modification Techniques and Benefits

mitsuki
Effective Channel Management Decisions for Marketing Success

Effective Channel Management Decisions for Marketing Success

sharon
Side Channels in Software Security

Side Channels in Software Security

zeppelin
Adapting the 802.11be Channel Model for Modern Doppler Use-Cases

Adapting the 802.11be Channel Model for Modern Doppler Use-Cases

koah
The THz Channel Model in Wireless Data Center

The THz Channel Model in Wireless Data Center

aval946
PDSCH Demodulation Parameters & Requirements Discussion

PDSCH Demodulation Parameters & Requirements Discussion

thia_8
IEEE 802.11-24/0858r0: Key Concepts on NPCA and Virtual APs

IEEE 802.11-24/0858r0: Key Concepts on NPCA and Virtual APs

lam_je
Triangle Congruence Properties

Triangle Congruence Properties

stetler_r
802.11aj 45 GHz Channel Access and BSS Operation Framework Proposal

802.11aj 45 GHz Channel Access and BSS Operation Framework Proposal

elizette
Further Considerations on Advanced Channel Coding for 15.4ab

Further Considerations on Advanced Channel Coding for 15.4ab

gann_5
Scatter-and-Gather Revisited: High-Performance Side-Channel-Resistant AES on GPUs

Scatter-and-Gather Revisited: High-Performance Side-Channel-Resistant AES on GPUs

somm_3
Proposal for Improved Channel Access Efficiency in IEEE 802.11 Networks

Proposal for Improved Channel Access Efficiency in IEEE 802.11 Networks

tallula
IEEE 802.11-24/0070r1 Presentation on Non-Primary Channel Access

IEEE 802.11-24/0070r1 Presentation on Non-Primary Channel Access

harv_325
Proposed MAP Channel Access Procedures in IEEE 802.11-24/72r0

Proposed MAP Channel Access Procedures in IEEE 802.11-24/72r0

pjud
Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses

Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses

jmora
Enhanced Distributed Channel Access (EDCA) for Non-Primary Channel in IEEE 802.11

Enhanced Distributed Channel Access (EDCA) for Non-Primary Channel in IEEE 802.11

lai_bi
IEEE 802.11-23/1935r0 - Secondary Channel Usage Discussions

IEEE 802.11-23/1935r0 - Secondary Channel Usage Discussions

mday
Triangle Congruence by SSS and SAS Postulates

Triangle Congruence by SSS and SAS Postulates

milone_a

More Related Content