Filters








1,389 Hits in 3.5 sec

Hardware-software integrated approaches to defend against software cache-based side channel attacks

J. Kong, O. Aciicmez, J.-P. Seifert, Huiyang Zhou
2009 2009 IEEE 15th International Symposium on High Performance Computer Architecture  
In this paper, we propose three hardware-software approaches to defend against software cache-based attacks -they present different tradeoffs between hardware complexity and performance overhead.  ...  Software cache-based side channel attacks present serious threats to modern computer systems.  ...  Acknowledgements We would like to thank our shepherd, Ruby Lee, and the anonymous reviewers for their valuable comments. This work was supported by an NSF CAREER award CCF-0747062.  ... 
doi:10.1109/hpca.2009.4798277 dblp:conf/hpca/KongASZ09 fatcat:adkcvtuznnasram7zpvomf77aa

Virtualization Technology: Cross-VM Cache Side Channel Attacks make it Vulnerable [article]

Alan Litchfield, Abid Shahzad
2016 arXiv   pre-print
Various techniques used by the attackers to launch cache side channel attack are presented, as is a critical analysis of countermeasures against cache side channel attacks.  ...  A cache side channel attack results in side channel data leakage, such as cryptographic keys.  ...  and Zulkernine (2013) propose a software based solution to protect against side channel attacks in a client-server based network as well as a cloud environment.  Hypervisor-based Solutions: Raj et al  ... 
arXiv:1606.01356v1 fatcat:tvyk6qhd2fdbpnjbkth2s3ag7i

A Review on Security in Cache Memories

R. Vijay Sai, S. Saravanan
2016 Indian Journal of Science and Technology  
Statistical analysis show that attacks such as side channel attacks, timing attacks and power based attacks are adopted to challenge information security in caches.  ...  The objective of this review is to analyze various attacks targeting cache memory and suggest remedial measures to thwart such attacks and assure cache memory security.  ...  Software approach to safeguard against attacks 10 is based on timing phenomenon. By certain attacks based on side channel confrontation, there is a chance of recovering secret keys.  ... 
doi:10.17485/ijst/2016/v9i48/96037 fatcat:vv5p5sksczacdp35bndfpd6o3a

Survey of Attacks and Defenses on Edge-Deployed Neural Networks [article]

Mihailo Isakov, Vijay Gadepally, Karen M. Gettings, Michel A. Kinsy
2019 arXiv   pre-print
Furthermore, neural networks are vulnerable to adversarial attacks, which may cause misclassifications and violate the integrity of the output.  ...  These properties add challenges when securing edge-deployed DNNs, requiring new considerations, threat models, priorities, and approaches in securely and privately deploying DNNs to the edge.  ...  Defenses against invasive and semi-invasive attacks: There are two common approaches used when an organization needs to deploy software with privacy or integrity requirements.  ... 
arXiv:1911.11932v1 fatcat:zihiqvq2tbd3zpuyvwqrrf5itq

Hardware and Security [chapter]

Gedare Bloom, Eugen Leontie, Bhagirath Narahari, Rahul Simha
2012 Handbook on Securing Cyber-Physical Critical Infrastructure  
Hardware can efficiently defend against buffer overflows, so naturally we should consider hardware approaches to defend against these other memory-based attacks.  ...  Other research expands on side-channel analysis by refining power-based approaches for Trojan detection [8] [9] [10] , investigating other side-channel detection techniques [11, 12] , and characterizing  ... 
doi:10.1016/b978-0-12-415815-3.00012-1 fatcat:usk6j5webjdytjmtjublkukjve

SoK: Hardware Security Support for Trustworthy Execution [article]

Lianying Zhao, He Shuang, Shengjie Xu, Wei Huang, Rongzhen Cui, Pushkar Bettadpur, David Lie
2019 arXiv   pre-print
Hardware offers many advantages over pure software approaches: immutability of mechanisms to software attacks, better execution and power efficiency and a smaller interface allowing it to better maintain  ...  In this paper, we systematize these approaches through the lens of abstraction. Abstraction is key to computing systems, and the interface between hardware and software contains many abstractions.  ...  In contrast, exclusive TEEs do not need to defend against concurrent software threats and as a result, for these Attested TEEs, the main focus of memory protection is to defend against DMA access from  ... 
arXiv:1910.04957v1 fatcat:5luczjg34ve67nm73xso5xhzx4

Speculative Buffer Overflows: Attacks and Defenses [article]

Vladimir Kiriansky, Carl Waldspurger
2018 arXiv   pre-print
Practical attacks that exploit speculative execution can leak confidential information via microarchitectural side channels.  ...  We describe the salient vulnerability features and additional hypothetical attack scenarios only to the detail necessary to guide hardware and software vendors in threat analysis and mitigations.  ...  Acknowledgments We are grateful to Joel Emer for his early feedback on this work. Thanks to Matt Miller for his thorough technical review and helpful discussions. Jason Brandt, Martin Dixon,  ... 
arXiv:1807.03757v1 fatcat:lko26y74nfcdrlgu2dxzjs7oau

MicroStache: A Lightweight Execution Context for In-Process Safe Region Isolation [chapter]

Lucian Mogosanu, Ashay Rane, Nathan Dautenhahn
2018 Lecture Notes in Computer Science  
in the processor cache, allowing it to protect against cache side channel attacks.  ...  Unlike alternative hardware, MicroStache implements a simple microarchitectural memory segmentation scheme while integrating it with paging, and also extends the safe region abstraction to isolate data  ...  analyze the effectiveness of our protection mechanisms against cache side channel attacks.  ... 
doi:10.1007/978-3-030-00470-5_17 fatcat:l6mtbpq4b5g3xkuufhwu76u7bq

Winter is here! A decade of cache-based side-channel attacks, detection & mitigation for RSA

Maria Mushtaq, Muhammad Asim Mukhtar, Vianney Lapotre, Muhammad Khurram Bhatti, Guy Gogniat
2020 Information Systems  
A decade of cache-based side-channel attacks, detection & mitigation for RSA, Information Systems (2020), Highlights The highlights of this paper are the following ones. • We propose a threat model to  ...  identify various leak-age channels, both in software and hardware layers, to demonstrate possible threats and vulnerabilities.  ...  As a proof of concept, FLUSH+PREFETCH defends the secret key of RSA cryptosystem against a high-resolution cache-side channel attack known as Flush+Reload.  ... 
doi:10.1016/j.is.2020.101524 fatcat:odegutokz5hrhmwsznlc7px6qm

Sanctorum: A lightweight security monitor for secure enclaves [article]

Ilia Lebedev and Kyle Hogan and Jules Drean and David Kohlbrenner and Dayeol Lee and Krste Asanović and Dawn Song and Srinivas Devadas
2018 arXiv   pre-print
This work describes Sanctorum, a small trusted code base (TCB), consisting of a generic enclave-capable system, which is sufficient to implement secure enclaves akin to the primitive offered by Intel's  ...  While enclaves may be implemented via unconditionally trusted hardware and microcode, as it is the case in SGX, we employ a smaller TCB principally consisting of authenticated, privileged software, which  ...  Sanctorum prevents realistic side channel attacks against shared caches and attacks on demand paging.  ... 
arXiv:1812.10605v1 fatcat:q7hm4ps6jzbnlgbhcg27qho7cq

Sanctorum: A lightweight security monitor for secure enclaves

Ilia Lebedev, Kyle Hogan, Jules Drean, David Kohlbrenner, Dayeol Lee, Krste Asanovic, Dawn Song, Srinivas Devadas
2019 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE)  
This work describes Sanctorum, a small trusted code base (TCB), consisting of a generic enclave-capable system, which is sufficient to implement secure enclaves akin to the primitive offered by Intel's  ...  While enclaves may be implemented via unconditionally trusted hardware and microcode, as it is the case in SGX, we employ a smaller TCB principally consisting of authenticated, privileged software, which  ...  Sanctorum prevents realistic side channel attacks against shared caches and attacks on demand paging.  ... 
doi:10.23919/date.2019.8715182 dblp:conf/date/LebedevHDKLASD19 fatcat:wsxi4ygoargzxheznlkspzj3ja

Software Grand Exposure: SGX Cache Attacks Are Practical [article]

Ferdinand Brasser , Kari Kostiainen System Security Lab, Technische Universität Darmstadt, Germany, Institute of Information Security, ETH Zurich, Switzerland)
2017 arXiv   pre-print
We show that our attacks are more effective than previous cache attacks and harder to mitigate than previous SGX side-channel attacks.  ...  In this paper we demonstrate that cache-based attacks are indeed a serious threat to the confidentiality of SGX-protected programs.  ...  Architectural changes to cache organization. Other approaches proposed to mitigate cache-based side channels with low overhead through redesign of the cache hardware.  ... 
arXiv:1702.07521v1 fatcat:xqavqyci65e5pi7ybpq5vb4lae

DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization [article]

Ferdinand Brasser , Tommaso Frassetto, Ahmad-Reza Sadeghi System Security Lab, Technische Universität Darmstadt, Germany
2017 arXiv   pre-print
Recent research has demonstrated that Intel's SGX is vulnerable to various software-based side-channel attacks.  ...  In this paper we propose data location randomization as a novel defensive approach to address the threat of side-channel attacks.  ...  Zhang and Lee [80] modeled the cache as a finite state machine to analyze how well various cache architectures defend against side-channel attacks.  ... 
arXiv:1709.09917v1 fatcat:75fxnpqnwvgmnj57jqniokxlvu

Secure Processors Part II: Intel SGX Security Analysis and MIT Sanctum Architecture

Victor Costan, Ilia Lebedev, Srinivas Devadas
2017 Foundations and Trends® in Electronic Design Automation  
The SGX threat model protects against all direct attacks, but excludes "side-channel attacks", even if they can be performed via software alone.  ...  MIT Sanctum Processor The Sanctum processor's main contribution is a software isolation scheme that addresses the issues raised above: Sanctum's isolation provably defends against known software side-channel  ... 
doi:10.1561/1000000052 fatcat:ehdiwvpacbhg5nwq5fmw42fsg4

CURE: A Security Architecture with CUstomizable and Resilient Enclaves [article]

Raad Bahmani, Ferdinand Brasser, Ghada Dessouky, Patrick Jauernig, Matthias Klimmek, Ahmad-Reza Sadeghi, Emmanuel Stapf
2020 arXiv   pre-print
Third, their protection against cache side-channel attacks is either an afterthought or impractical, i.e., no fine-grained mapping between cache resources and individual enclaves is provided.  ...  We implemented CURE on a RISC-V-based SoC and thoroughly evaluated our prototype in terms of hardware and performance overhead.  ...  Moreover, Keystone uses a cache-way based partitioning against cache side-channel attacks, comparable to CURE.  ... 
arXiv:2010.15866v1 fatcat:fggaxnplzrejhiejnqeqpm3c2a
« Previous Showing results 1 — 15 out of 1,389 results