110 Hits in 4.0 sec

Abusing Cache Line Dirty States to Leak Information in Commercial Processors [article]

Yujie Cui, Chun Yang, Xu Cheng
2022 arXiv   pre-print
Caches have been used to construct various types of covert and side channels to leak information. Most existing cache channels exploit the timing difference between cache hits and cache misses.  ...  This paper presents in detail a way in which replacement latency differences can be used to construct timing-based channels (called WB channels) to leak information in a write-back cache.  ...  ACKNOWLEDGMENT We would like to thank the authors of the LRU channel [43] , especially Wenjie Xiong. Thanks for her willingness to open her source code and the help provided.  ... 
arXiv:2104.08559v2 fatcat:dhv6v2uj7jcs7al76xvmq2c6ba

Leaking Information Through Cache LRU States [article]

Wenjie Xiong, Jakub Szefer
2020 arXiv   pre-print
This paper shows for the first time in detail that the LRU states of caches can be used to leak information: any access to a cache by a sender will modify the LRU state, and the receiver is able to observe  ...  In addition, the new LRU timing-based channels are demonstrated on both Intel and AMD processors in scenarios where the sender and the receiver are sharing the cache in both hyper-threaded setting and  ...  This work was supported by NSF 1651945 and 1813797, and through SRC award number 2844.001.  ... 
arXiv:1905.08348v2 fatcat:c2l7njmzs5bthf7zvpzoyhzwgq

Non-monopolizable caches

Leonid Domnitser, Aamer Jaleel, Jason Loew, Nael Abu-Ghazaleh, Dmitry Ponomarev
2012 ACM Transactions on Architecture and Code Optimization (TACO)  
NoMo results in performance degradation of about 1% on average. We demonstrate that NoMo can provide strong security guarantees for the AES and Blowfish encryption algorithms.  ...  ., and Ponomarev, D. 2012. Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks. ACM Trans.  ...  We also thank Mehmet Kayaalp for his help in improving the paper.  ... 
doi:10.1145/2086696.2086714 fatcat:w2nubgvdmfh25byr5ttgayn4qy


Goran Doychev, Boris Köpf, Laurent Mauborgne, Jan Reineke
2015 ACM Transactions on Privacy and Security  
observing cache states, traces of hits and misses, and execution times.  ...  Cache-Audit takes as input a program binary and a cache configuration, and it derives formal, quantitative security guarantees for a comprehensive set of side-channel adversaries, namely those based on  ...  Acknowledgments We thank Adam Chlipala and the anonymous reviewers for the constructive feedback, and Ignacio Echeverría and Guillermo Guridi for helping with the implementation.  ... 
doi:10.1145/2756550 fatcat:tyy4wuo67ngdhhngcgtdz5rzgm

FlexCache: Field Extensible Cache Controller Architecture Using On-chip Reconfigurable Fabric

Daniel Lo, Greg Malysa, G. Edward Suh
2011 2011 21st International Conference on Field Programmable Logic and Applications  
We evaluate the flexibility and efficiency of the architecture through an RTL prototype implementation of the cache along with example extensions such as cache performance counters, side-channel protection  ...  In today's microprocessors, the cache architecture is highly optimized for one particular design and cannot be changed after fabrication.  ...  under grant W911NF-11-1-0082, and an equipment donation from Intel Corporation.  ... 
doi:10.1109/fpl.2011.50 dblp:conf/fpl/LoMS11 fatcat:bcou76bervhd5mxvnvxezvkuky

Architectural support of multiple hypervisors over single platform for enhancing cloud computing security

Weidong Shi, JongHyuk Lee, Taeweon Suh, Dong Hyuk Woo, Xinwen Zhang
2012 Proceedings of the 9th conference on Computing Frontiers - CF '12  
in a cloud environment.  ...  Towards defending against resource exhaustion attacks, Mul-tiHype further implements a new cache eviction policy and memory management scheme for preventing resource monopolization on shared cache, and  ...  In the near future, we can expect to see many new security exploitations on cloud environment towards platforms and user information.  ... 
doi:10.1145/2212908.2212920 dblp:conf/cf/ShiLSWZ12 fatcat:rci47aksovdabf36x2ekaa2n34

Survey of Transient Execution Attacks [article]

Wenjie Xiong, Jakub Szefer
2020 arXiv   pre-print
These attacks have motivated computer architects to rethink the design of processors and propose hardware defenses.  ...  ., during branch prediction, to leak data. Transient execution is fundamental to modern computer architectures, yet poses a security risk as has been demonstrated.  ...  ACKNOWLEDGEMENTS is work was supported in part by NSF grants 1651945 and 1813797, and through SRC award number 2844.001.  ... 
arXiv:2005.13435v2 fatcat:fuigp3ipqnbghlf5dch2r6zp5u

Detecting/preventing information leakage on the memory bus due to malicious hardware

Abhishek Das, Gokhan Memik, Joseph Zambreno, Alok Choudhary
2010 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010)  
Such hardware Trojan circuitry has been shown to be capable of shutting down the main processor after a random number of cycles, broadcasting sensitive information over the bus, and bypassing software  ...  In this work, we propose an architecture that can prevent information leakage due to such malicious hardware.  ...  Figure 1 . 1 (a) A hardware Trojan circuit leaking confidential information and encryption keys, and, (b) an address bus corruption in the DS5002FP[3] secure processor component Figure 2 . 2 Overall  ... 
doi:10.1109/date.2010.5456930 dblp:conf/date/DasMZC10 fatcat:cnx3h3fgivdifla3d6xe2avkeq

DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors

Vladimir Kiriansky, Ilia Lebedev, Saman Amarasinghe, Srinivas Devadas, Joel Emer
2018 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)  
We also thank our anonymous reviewers and Julian Shun for helpful questions and comments.  ...  -15-C-4066; DoE award DE-FOA0001059, and Toyota grant LP-C000765-SR.  ...  In addition, RIC's non-inclusive read-only caches do not stop speculative attacks from leaking through read-write cache lines in cache coherence attacks [52] .  ... 
doi:10.1109/micro.2018.00083 dblp:conf/micro/KirianskyLADE18 fatcat:dcxkoz3pdzbujorqukwpmeocw4

Secure System Virtualization: End-to-End Verification of Memory Isolation [article]

Hamed Nemati
2020 arXiv   pre-print
Over the last years, security kernels have played a promising role in reshaping the landscape of platform security on today's ubiquitous embedded devices.  ...  In this thesis, we explore various aspects of building a provably secure separation kernel using virtualization technology.  ...  proofs of security for code executing on application processors, as the cache access pattern of securitycritical services may leak secret information.  ... 
arXiv:2005.02605v1 fatcat:h7sdyjoxyrexhaswjns5mcfdey

RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks [article]

Samira Briongos, Pedro Malagón, José M. Moya, Thomas Eisenbarth
2019 arXiv   pre-print
Detection is strongly aided by the fact that observing cache activity of co-resident processes is not possible without altering the cache state and thereby forcing evictions on the observed processes.  ...  Caches have become the prime method for unintended information extraction across logical isolation boundaries.  ...  In their work, they were able to uncover the replacement policy of an Intel Atom D525 processor and to infer a pseudo-LRU policy in an Intel Core 2 Duo E6300 processor.  ... 
arXiv:1904.06278v1 fatcat:ojodieqvmrgkpacehrc7lzg2oi

Speculative Interference Attacks: Breaking Invisible Speculation Schemes [article]

Mohammad Behnia, Prateek Sahu, Riccardo Paccagnella, Jiyong Yu, Zirui Zhao, Xiang Zou, Thomas Unterluggauer, Josep Torrellas, Carlos Rozas, Adam Morrison, Frank Mckeen, Fangfei Liu (+4 others)
2021 arXiv   pre-print
Recent security vulnerabilities that target speculative execution (e.g., Spectre) present a significant challenge for processor design.  ...  We show that this problem is not easy to fix: Speculative interference converts timing changes to persistent cache-state changes, and timing is typically ignored by many cache-based defenses.  ...  Recent work [55] shows information leakage through cache LRU states, but its channels rely on more than the ordering of two accesses.  ... 
arXiv:2007.11818v4 fatcat:mijmtovhzfdjhd3xiamgus4mqe

Abstract Interpretation under Speculative Execution [article]

Meng Wu, Chao Wang
2019 arXiv   pre-print
We have implemented and evaluated the proposed method in a static cache analysis for execution time estimation and side channel detection.  ...  Analyzing the behavior of a program running on a processor that supports speculative execution is crucial for applications such as execution time estimation and side channel detection.  ...  Static analysis is useful in examining the cache related properties of a program, e.g., to detect information leaks through timing side channels [7, 16, 30, 53, 62] or prove that a computation task always  ... 
arXiv:1904.11170v2 fatcat:kqvzq77axvcybn4v3o2p33mha4

A Survey on Static Cache Analysis for Real-Time Systems

Mingsong Lv, Nan Guan, Jan Reineke, Reinhard Wilhelm, Wang Yi
2015 Leibniz Transactions on Embedded Systems  
Then, the discussion is extended to cache analysis in complex execution environment, followed by a survey of existing tools based on static techniques for cache analysis.  ...  Analyzing cache behavior is very challenging due to the versatile cache features and complex execution environment. This article provides a survey on static cache analysis for real-time systems.  ...  However, most commercial processors do not employ LRU, because it requires complex hardware implementation and further leads to higher power consumption.  ... 
doi:10.4230/lites-v003-i001-a005 dblp:journals/lites/LvGRW016 fatcat:ax5h3hurpbekjo52thkaduwtki

A survey of microarchitectural timing attacks and countermeasures on contemporary hardware

Qian Ge, Yuval Yarom, David Cock, Gernot Heiser
2016 Journal of Cryptographic Engineering  
We finally discuss trends in the attacks, challenges to combating them, and future directions, especially with respect to hardware support.  ...  Microarchitectural timing channels expose hidden hardware state though timing.  ...  Acknowledgements We would like to thank Toby Murray for his comments and feedback.  ... 
doi:10.1007/s13389-016-0141-6 fatcat:7fvkr7h54rbl5mx6vrochsgtkm
« Previous Showing results 1 — 15 out of 110 results