Understanding Cache Side Channel Attacks

cache side channel attacks on modern processors n.w
1 / 53
Embed
Share

Explore the world of cache side channel attacks on modern processors, delving into the background of cache attacks, coherence-based cache attacks, defenses, and conclusions. Learn about the potential information leakage through side-effects and how attackers can exploit timing information to monitor cache access utilization. Understand the intricacies of CPU cache, slow DRAM, cache hit, cache miss, set-associative cache, and the steps involved in cache attacks between attackers and victims running on the same platform.

  • Cache Side Channel Attacks
  • Modern Processors
  • Coherence-Based Attacks
  • CPU Cache
  • DRAM
rayaanacharya
kharter Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Cache Side Channel Attacks on Modern Processors Yanan Guo University of Pittsburgh https://yananguo.com

  2. Outline Background Cache Attack -- Flush+Reload Cache Attack -- Prime+Probe Our work: Coherence-based cache attacks (S&P 22) Defenses Conclusion

  3. Side Side- -Channel Attacks Channel Attacks Bug-free software does not mean safe execution. Information may leak due to underlying hardware. Exploit leakage through side-effects. Power consumption Execution time Resource usage

  4. Cache timing side channel attacks: Attacker monitors the victim's cache access utilization using timing information.

  5. Background: CPU Cache CPU Slow! DRAM

  6. Background: CPU Cache CPU cache Slow! DRAM

  7. Background: CPU Cache printf("%d", a); printf("%d", a); Slow! DRAM

  8. Background: CPU Cache a printf("%d", a); printf("%d", a); Slow! DRAM

  9. Background: CPU Cache a printf("%d", a); printf("%d", a); Cache hit: faster, less than 60 CPU cycles. Cache miss: slower, over 200 CPU cycles. Slow! DRAM

  10. Background: CPU Cache Cache line

  11. Background: CPU Cache Set-associative cache Memory Addresses Way 3 Way 1 Way 2 Way 0 Set 0 Set 1 Set 2n 4-Way Associative Cache

  12. Background: Cache Attacks Attacker and victim different processes Running on the same platform (usually different CPU cores) Typical three steps: Step 1: Attacker evicts the data from a cache level. Step 2: Attacker waits for victim s execution Step 3: Attacker checks whether the state of the data is changed Repeating these three steps, attacker learns victim s access pattern

  13. An example attack: Flush+Reload

  14. Flush+Reload Attacker's goal: Learn the victim's access pattern on Line 0. Assumption: Line 0 is shared between attacker and victim (e.g., shared library). Victim Attacker Private Cache Line 0 Private Cache Attacker flushes Shared LLC Shared LLC The cache line attacker is interested in. Line 0

  15. Flush+Reload Step 1: The attacker flushes the victim s data. clflush: An x86 instruction. Takes a virtual address, flushes this address (cache line) from all cache levels. Victim Attacker Private Cache Line 0 Private Cache Attacker flushes Shared LLC Shared LLC Line 0

  16. Flush+Reload Step 1: The attacker flushes the victim s data. Victim Attacker Private Cache Private Cache Attacker flushes Shared LLC Shared LLC

  17. Flush+Reload Step 2: The attacker waits for the victim's execution. Victim Attacker Attacker Victim Private Cache Private Cache Private Cache Line 0 Private Cache Victim loads Attacker flushes Shared LLC Shared LLC Shared LLC Line 0

  18. Flush+Reload Step 3: The attacker reloads the data and times the reload operation. Victim Attacker Attacker Victim Private Cache Private Cache Private Cache Line 0 Private Cache Attacker reloads (takes shorter) Victim loads Attacker flushes Shared LLC Shared LLC Shared LLC Line 0

  19. Flush+Reload Step 3: The attacker reloads the data and times the reload operation. Victim Attacker Victim Attacker Private Cache Private Cache Private Cache Private Cache Attacker reloads (takes longer) Victim does not load Attacker flushes Shared LLC Shared LLC Shared LLC

  20. Flush+Reload Victim Attacker Time Access Flush Reload Wait

  21. What can we leak?

  22. Attack 1: RSA Decryption Key Input: base b, modulo m, exponent e = (en1...e0)2 Output: be mod m r = 1 for i = n-1 down to 0 do r = sqr(r) if ei == 1 then r = mul(r, b) end end Spy addresses (instructions)

  23. Attack 2: Keystroke Logger When a key is pressed, certain functions are called in the GDK library. The attacker can monitor the accesses to that function to detect keystrokes. How to find that function (addr)? Profiling...

  24. Another attack: Prime+Probe

  25. Prime+Probe Step 1: Attacker evicts the victim s data by priming the set. Way 3 Way 1 Way 2 Way 0 Set 0 Set 1 V Set n

  26. Prime+Probe Step 1: Attacker evicts the victim s data by priming the set. Way 3 Way 1 Way 2 Way 0 Set 0 Set 1 A1 V Set n

  27. Prime+Probe Step 1: Attacker evicts the victim s data by priming the set. Way 3 Way 1 Way 2 Way 0 Set 0 Set 1 A2 A1 V Set n

  28. Prime+Probe Step 1: Attacker evicts the victim s data by priming the set. Way 3 Way 1 Way 2 Way 0 Set 0 Set 1 A2 A1 V A3 Set n

  29. Prime+Probe Step 1: Attacker evicts the victim s data by priming the set. Way 3 Way 1 Way 2 Way 0 Set 0 Set 1 A2 A1 A4 A3 Set n

  30. Prime+Probe Step 2: Attacker waits for the victim's execution. Way 3 Way 1 Way 2 Way 0 Set 0 Set 1 A2 A1 A4 A3 Set n

  31. Prime+Probe Step 2: Attacker waits for the victim's execution. Way 3 Way 1 Way 2 Way 0 Set 0 Set 1 A2 V A4 A3 Set n

  32. Prime+Probe Step 3: Attacker accesses A1-A4 again and times the access. Way 3 Way 1 Way 2 Way 0 Set 0 Set 1 A2 V A4 A3 Set n

  33. Cache Attack Flush-Based Attacks Flush+Reload (2013), Flush+Flush (2015), Flush+Coherence (2018), Invalidate+Transfer (2015), Reload+Refresh (2020) Eviction Method Stateful Cache Attacks Conflict-Based Attacks Prime+Probe (2005), Evict+Reload (2015), Evict+Time (2006), Prime+Abort (2017), Prime+Scope (2021), Evict+Prefetch (2016) Can we find new attack methods?

  34. Cache Attack Flush-Based Attacks Flush+Reload (2013), Flush+Flush (2015), Flush+Coherence (2018), Invalidate+Transfer (2015), Reload+Refresh (2020) Eviction Method Stateful Cache Attacks ??? Conflict-Based Attacks Prime+Probe (2006), Evict+Reload (2015), Evict+Time (2006), Prime+Abort (2017), Prime+Scope (2021), Evict+Prefetch (2016) Can we find new attack methods?

  35. Our Work (S&P 2022) Flush-Based Attacks Flush+Reload (2013), Flush+Flush (2015), Flush+Coherence (2018), Invalidate+Transfer (2015), Reload+Refresh (2020) Eviction Method Stateful Cache Attacks Coherence-Based Attacks Conflict-Based Attacks Prime+Probe (2006), Evict+Reload (2015), Evict+Time (2006), Prime+Abort (2017), Prime+Scope (2021), Evict+Prefetch (2016) Can we find new attack methods?

  36. Cache Coherence Data can be shared by processes/cores. How do know a copy of cache line is readable/writable? Need to track the coherence state of each copy of a cache line.

  37. Cache Coherence x86 processors use MESI (or the variants). With MESI, invalidation happens upon writes. Core 0 Core 1 Core 0 Core 1 Core 0 Core 1 Core 0 Core 1 Private Cache Private Cache Private Cache (S)hared Private Cache (I)nvalid Private Cache (M)odified Private Cache (E)xclusive Private Cache (S)hared Private Cache (I)nvalid Shared LLC Shared LLC Shared LLC Shared LLC Shared LLC Shared LLC Shared LLC Shared LLC Valid Data Valid Data Stale Data Valid Data Require for ownership (RFO)

  38. Key Insights Cache coherence protocol can be used for eviction. RFO can cause cross-core private cache invalidation. It only happens upon writes. The shared data between the attacker and victim is typically read-only. Attacker needs to cause RFO without writing the cache line. Against the design principle, but maybe possible due to implementation flaws.

  39. Key Insights x86 data prefetching instructions PREFETCHT0, PREFETCHT1, PREFETCHT2 , for reads. PREFETCHW, for writes. PREFETCHW It prefetches the data into the private cache and changes the coherence state to Modified. On Intel Core i7-6700, Core i7-6800K, Core i7-7700K, Core i9-10900X, Property 1: PREFETCHW works on read-only data. Property 2: PREFETCHW has timing variance. PREFETCHW is available since Broadwell. Are the two properties always true on Intel processors?

  40. Key Insights Processor Microarch. LLC Type Property #1 Property #2 Core i7-6700 Skylake Inclusive Yes Yes Core i7-6800K Skylake Inclusive Yes Yes Core i7-7700K Kaby Lake Inclusive Yes Yes Core i9-10900X Cascade Lake Non-inclu. Yes Yes Xeon Silver 4114 Skylake-SP Non-inclu. Yes Yes Xeon Plat. 8151 Skylake-SP Non-inclu. Yes Yes Xeon Plat. 8124M Skylake-SP Non-inclu. Yes Yes Xeon Plat. 8175M Skylake-SP Non-inclu. Yes Yes Xeon Plat. 8259CL Skylake-SP Non-inclu. Yes Yes Xeon Plat. 8275CL Skylake-SP Non-inclu. Yes Yes Xeon Plat. 8375C Ice Lake Non-inclu. Yes No

  41. Our proposal Two cross-core private cache attacks Prefetch+Prefetch Prefetch+Reload Threat Model Attacker and victim are on different processor cores. Attacker can share data with the victim (e.g., through shared library). In Prefetch+Prefetch, the attacker has (at least) one thread. In Prefetch+Reload, the attacker has (at least) two threads.

  42. Prefetch+Prefetch Attacker Victim Attacker Victim Private Cache Private Cache (M)odified Private Cache (S)hared Private Cache (S)hared Attacker prefetches Victim loads Shared LLC Shared LLC Shared LLC Stale Data Valid Data Attacker prefetches (takes longer)

  43. Prefetch+Prefetch Attacker Victim Attacker Victim Private Cache Private Cache (M)odified Private Cache Private Cache (M)odified Attacker prefetches Victim does not load Shared LLC Shared LLC Shared LLC Stale Data Stale Data Attacker prefetches (takes shorter) Can we load and time the load instead? Not by the same attacker s thread.

  44. Prefetch+Prefetch Attacker Victim Attacker Victim Private Cache Private Cache (M)odified Private Cache (S)hared Private Cache (S)hared Attacker prefetches Victim loads Shared LLC Shared LLC Shared LLC Stale Data Valid Data Attacker prefetches (takes longer) Can we load and time the load instead? Not by the same attacker s thread. What if the attacker has a second thread?

  45. Prefetch+Reload Trojan Spy Victim Trojan Spy Victim Private Cache (S)hared Private Cache (I)nvalid Private Cache (S)hared Private Cache (I)nvalid Private Cache (I)nvalid Private Cache (M)odified Spy loads (LLC hit) Trojan prefetches Victim loads Shared LLC Shared LLC Valid data Stale data

  46. Prefetch+Reload Trojan Spy Victim Trojan Spy Victim Private Cache (I)nvalid Private Cache (I)nvalid Private Cache (M)odified Private Cache (I)nvalid Private Cache (I)nvalid Private Cache (M)odified Trojan prefetches Victim does not load Spy loads (Remote L1 hit) Shared LLC Shared LLC Stale data Stale data

  47. Evaluation-Side Channel Input: base b, modulo m, exponent e = (en1...e0)2 Output: be mod m r = 1 for i = n-1 down to 0 do r = sqr(r) if ei == 1 then r = mul(r, b) end end Prefetch+Prefetch Result

  48. Evaluation-Side Channel Prefetch+Reload Result

  49. Evaluation-Side Channel Compared to Flush+Reload? Much higher temporal resolution. Flush+Reload requires a waiting window The window needs to be long enough to not miss a victim's event. Wait But Prefetch+Prefetch does not need a waiting window. Temporal resolution: ~100 cycles VS 4000 cycles

  50. Evaluation-Covert Channel Covert Channel ( ) Processor Prefetch+Reload Prefetch+Load Prefetch+Prefetch Core i7-6700 631 KB/s 709 KB/s 721 KB/s Core i7-7700K 782 KB/s 840 KB/s 822 KB/s Xeon Plat. 8124M 394 KB/s 586 KB/s 556 KB/s Xeon Plat. 8151 476 KB/s 680 KB/s 605 KB/s Flush+Reload: ~270 KB/s

Related


Clean Energy Transition, Scarcity and Urban Mining

Clean Energy Transition, Scarcity and Urban Mining

anisa
Clean Heat Skills and Supply Chains

Clean Heat Skills and Supply Chains

ilyas
Herbal Home Care Products for a Clean and Healthy Lifestyle

Herbal Home Care Products for a Clean and Healthy Lifestyle

alvin
9th Plenary Meeting Clean Hydrogen Mission Agenda and Updates

9th Plenary Meeting Clean Hydrogen Mission Agenda and Updates

estrella
Towards Single-Event Upset Detection in Hardware Secure RISC-V Processors

Towards Single-Event Upset Detection in Hardware Secure RISC-V Processors

neoma
Notícias Oeste da Bahia, midiabahia.com.br

Notícias Oeste da Bahia, midiabahia.com.br

midiabahia
Home Transformation, A Dive Into The Benefits Of Professional House Washing With GREEN N Clean

Home Transformation, A Dive Into The Benefits Of Professional House Washing With GREEN N Clean

Greennclean
Clean Energy DC 2.0: Transformative Climate and Energy Plan for the District of Columbia

Clean Energy DC 2.0: Transformative Climate and Energy Plan for the District of Columbia

marwah
Maintaining Personal Hygiene: Tips to Keep Clean and Fresh

Maintaining Personal Hygiene: Tips to Keep Clean and Fresh

susannah
The Art of Small Talk: Navigating Social Situations with Ease

The Art of Small Talk: Navigating Social Situations with Ease

perry
Adversarial Risk Analysis for Urban Security

Adversarial Risk Analysis for Urban Security

zmora
Establishment of Decentralized Clean Water Service Providers in Winooski Basin

Establishment of Decentralized Clean Water Service Providers in Winooski Basin

jaquelin
Advancing Clean Energy Economy in Minnesota

Advancing Clean Energy Economy in Minnesota

giavann
Advancing Clean Energy Transition in Illinois: Sierra Club's Ready for 100 Campaign Update

Advancing Clean Energy Transition in Illinois: Sierra Club's Ready for 100 Campaign Update

zay_sti
Classical Conversations Plus Program Overview

Classical Conversations Plus Program Overview

raniyah
Overview of DARE22 Test Vehicle Design on FD SOI 22nm Process

Overview of DARE22 Test Vehicle Design on FD SOI 22nm Process

zakiy
Green Valley Green Committee: Keeping Our Neighborhood Clean and Green

Green Valley Green Committee: Keeping Our Neighborhood Clean and Green

zyke_659
Clean Fuels Forecast Review - August 22nd, 2023 Summary

Clean Fuels Forecast Review - August 22nd, 2023 Summary

meen276
Grid Modernization Policies and Barriers to Clean Energy Overview

Grid Modernization Policies and Barriers to Clean Energy Overview

kadija
The Importance of Clean Water: Insights from Europe

The Importance of Clean Water: Insights from Europe

banister_m
Coalition for Clean Water: Advocating for Chesapeake Bay Restoration

Coalition for Clean Water: Advocating for Chesapeake Bay Restoration

riur595
Capacity Building on Clean Energy Technologies for Sustainable Development

Capacity Building on Clean Energy Technologies for Sustainable Development

margare

More Related Content