Open AccessProceedings Article10.1109/SP40001.2021.00011

Systematic Analysis of Randomization-based Protected Cache Architectures

- 23 May 2021

- pp 987-1002

TL;DR: This paper consolidates existing randomization-based secure caches into a generic cache model, and comprehensively analyze the security of existing designs, including CEASER-S and SCATTERCACHE, by mapping them to instances of this model.

Abstract: Recent secure cache designs aim to mitigate side-channel attacks by randomizing the mapping from memory addresses to cache sets. As vendors investigate deployment of these caches, it is crucial to understand their actual security.In this paper, we consolidate existing randomization-based secure caches into a generic cache model. We then comprehensively analyze the security of existing designs, including CEASER-S and SCATTERCACHE, by mapping them to instances of this model. We tailor cache attacks for randomized caches using a novel PRIME+PRUNE+PROBE technique, and optimize it using burst accesses, bootstrapping, and multi-step profiling. PRIME+ PRUNE+PROBE constructs probabilistic but reliable eviction sets, enabling attacks previously assumed to be computationally infeasible. We also simulate an end-to-end attack, leaking secrets from a vulnerable AES implementation. Finally, a case study of CEASER-S reveals that cryptographic weaknesses in the randomization algorithm can lead to a complete security subversion.Our systematic analysis yields more realistic and comparable security levels for randomized caches. As we quantify how design parameters influence the security level, our work leads to important conclusions for future work on secure cache designs.

AI Agents for this Paper

Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps

Most frequently asked questions

1. What have the authors contributed in "Systematic analysis of randomization-based protected cache architectures" ?

In this paper, the authors consolidate existing randomization-based secure caches into a generic cache model.. The authors then comprehensively analyze the security of existing designs, including CEASER-S and SCATTERCACHE, by mapping them to instances of this model.. Finally, a case study of CEASER-S reveals that cryptographic weaknesses in the randomization algorithm can lead to a complete security subversion.

2. What are the future works mentioned in the paper "Systematic analysis of randomization-based protected cache architectures" ?

Future work should investigate how their techniques can be applied to concurrent work [ 46 ].. Future work could explore closing this gap by improving profiling, relaxing theoretical bounds, or a combination of both.. The rekeying period may be varied for different security levels.. This can be transparently implemented through frequently and unpredictably updating s for high-security processes ( e. g., enclaves ), while refreshing K in larger intervals for regular processes.

TABLE II: Generalized eviction set size for several instances.

Fig. 1: Security argument for randomized caches.

TABLE III: Catching probability pc as a function of cache and attack instance, and whether the target address is cached or not.

Fig. 8: Percentage of caught addresses in the superset that genuinely collide with victim addresses in exactly one way, as a function of ν for various k (avg. over 100 runs). Instance is RAND(8, 9,8)

Fig. 7: Pruning mpr and k′ as a function of noise ν, for various k (average over 100 runs). Instance is RAND(8, 9,8)

Fig. 9: Differential propagation through CEASER’s LLBC. For brevity, we introduce f [j◦i](·) as shorthand for f [j](f [i](·)).

Citations

•Journal Article•10.1145/3456629

A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in Cryptography

Xiaoxuan Lou, +3 more

- 13 Jul 2021

- ACM Computing Surveys

TL;DR: In this paper, the authors systematize micro-architectural side channels with a focus on attacks and defenses in cryptographic applications and conduct a large-scale evaluation on popular cryptographic applications in the real world and analyze the severity, practicality and impact of side-channel vulnerabilities.

...read moreread less

Proceedings Article•10.1109/MICRO50266.2020.00092

CaSA: End-to-end Quantitative Security Analysis of Randomly Mapped Caches

Thomas Bourgeat, +5 more

- 01 Oct 2020

TL;DR: The result shows that the randomization mechanisms used in the state-of-the-art randomly mapped caches are insecure.

...read moreread less

•Proceedings Article•10.1109/SP40001.2021.00050

Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It

Wei Song, +5 more

- 23 May 2021

TL;DR: In this article, the cache randomization is not a false hope and it is an effective defense that should be widely adopted in future processors and several new defense ideas are proposed in this paper.

...read moreread less

Proceedings Article•10.1145/3579856.3595794

CacheFX: A Framework for Evaluating Cache Security

Daniel Genkin, +5 more

- 27 Jan 2022

TL;DR: This work proposes CacheFX, a flexible framework for assessing and evaluating the resilience of cache designs to sidechannel attacks, and implements multiple cache designs and replacement algorithms, and devise three evaluation metrics that measure different aspects of the caches.

...read moreread less

•10.1109/SEED51797.2021.00015

Bespoke Cache Enclaves: Fine-Grained and Scalable Isolation from Cache Side-Channels via Flexible Set-Partitioning

Gururaj Saileshwar, +2 more

- 01 Sep 2021

TL;DR: BCE as discussed by the authors is a secure cache partitioning substrate that is scalable in supporting hundreds of isolated cache partitions and is flexible in allocating cache space independent of memory allocations, but it requires coupled DRAM and LLC allocations in the same ratio.

...read moreread less

...

Expand

References

•Proceedings Article

Timing attacks on Implementations of Diffie-Hellman, RSA, DSS, and other system

C. Kocher

- 01 Jan 1996

3.5K

Proceedings Article•10.1145/1653662.1653687

Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds

Thomas Ristenpart, +3 more

- 09 Nov 2009

TL;DR: It is shown that it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target, and how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine.

...read moreread less

2.4K

•Proceedings Article•10.1109/SP.2019.00002

Spectre Attacks: Exploiting Speculative Execution

Paul C. Kocher, +11 more

- 19 May 2019

TL;DR: Spectre as mentioned in this paper is a side channel attack that can leak the victim's confidential information via side channel to the adversary. And it can read arbitrary memory from a victim's process.

...read moreread less

1.7K

•Proceedings Article

FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack

Yuval Yarom, +1 more

- 20 Aug 2014

TL;DR: This paper presents FLUSH+RELOAD, a cache side-channel attack technique that exploits a weakness in the Intel X86 processors to monitor access to memory lines in shared pages and recovers 96.7% of the bits of the secret key by observing a single signature or decryption round.

...read moreread less

1.4K

•Posted Content

Spectre Attacks: Exploiting Speculative Execution

Paul C. Kocher, +9 more

- 03 Jan 2018

- arXiv: Cryptography and Security

TL;DR: This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from the victim's process that violate the security assumptions underpinning numerous software security mechanisms.

...read moreread less

1.3K

...

Expand

Systematic Analysis of Randomization-based Protected Cache Architectures

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What have the authors contributed in "Systematic analysis of randomization-based protected cache architectures" ?

2. What are the future works mentioned in the paper "Systematic analysis of randomization-based protected cache architectures" ?

Figures

Citations

A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in Cryptography

CaSA: End-to-end Quantitative Security Analysis of Randomly Mapped Caches

Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It

CacheFX: A Framework for Evaluating Cache Security

Bespoke Cache Enclaves: Fine-Grained and Scalable Isolation from Cache Side-Channels via Flexible Set-Partitioning

References

Timing attacks on Implementations of Diffie-Hellman, RSA, DSS, and other system

Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds

Spectre Attacks: Exploiting Speculative Execution

FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack

Spectre Attacks: Exploiting Speculative Execution

Related Papers (5)

FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack

Cache attacks and countermeasures: the case of AES

New cache designs for thwarting software cache-based side channel attacks

CATalyst: Defeating last-level cache side channel attacks in cloud computing

Meltdown: reading kernel memory from user space