AutoLock: Why Cache Attacks on ARM Are Harder Than You Think
Size: px
Start display at page:

Download "AutoLock: Why Cache Attacks on ARM Are Harder Than You Think"

Transcription

1 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Marc Green W, Leandro Rodrigues-Lima F, Andreas Zankl F, Gorka Irazoqui W, Johann Heyszl F, and Thomas Eisenbarth W August 18 th 2017 USENIX Security Symposium

2 The Big Picture Cache Attacks - Transition of attacks: desktop & server mobile AutoLock - Dedicated countermeasures are still necessary for protection Vulnerabililty and risk assessment are important, but challenging Eviction-based attacks are harder than previously believed Limited understanding of commercial microarchitectures Undocumented performance feature of inclusive caches on ARM AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

3 Cache Basics AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

4 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

5 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

6 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

7 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

8 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

9 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

10 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

11 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

12 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

13 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

14 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

15 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

16 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

17 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

18 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

19 Cache Attacks AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

20 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

21 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

22 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

23 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

24 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

25 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

26 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

27 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

28 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

29 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

30 Cache Attacks Cross-core Eviction Normalized frequency without eviction with eviction Clock cycles Qualcomm Krait 450 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

31 Cache Attacks Literature Method Task Reference Evict + Time Eviction [OST06] Prime + Probe Eviction [OST06] Evict + Reload Eviction [GSM15] Evict + Prefetch Eviction [GMF + 16] Flush + Reload Flush [YF14] Flush + Prefetch Flush [GMF + 16] Flush + Flush Flush [GMWM16] AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

32 Cache Attacks ARM Processors Flush on ARM Eviction on ARM Easy, fast, and robust Complex, slow, and error-prone Only from ARMv8 onwards All ARM architectures: v6, v7, v8 No guaranteed userspace access Userspace privileges are sufficient Limited number of devices Larger number of devices AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

33 AutoLock AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

34 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

35 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

36 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

37 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

38 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

39 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

40 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

41 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

42 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

43 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

44 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

45 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

46 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

47 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

48 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

49 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

50 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

51 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

52 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

53 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

54 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

55 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

56 AutoLock Definition A patented and undocumented performance feature of inclusive cache levels that transparently prevents the eviction of cache lines, if they are contained in higher cache levels. Automatic + Lockdown = AutoLock AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

57 Implications of AutoLock AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

58 Implications Impact in Theory Method Task Same-core Cross-core Evict + Time Eviction Prime + Probe Eviction Evict + Reload Eviction Evict + Prefetch Eviction Flush + * Flush AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

59 Implications Impact in Practice Normalized frequency without eviction with eviction Normalized frequency without eviction with eviction Clock cycles Qualcomm Krait Clock cycles ARM Cortex-A57 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

60 Implications SoC Evaluation Processor System-on-Chip (SoC) AutoLock ARM Cortex-A7 Samsung Exynos 5422 ARM Cortex-A15 Samsung Exynos 5422/5250 ARM Cortex-A53 ARM Juno r0 ARM Cortex-A57 ARM Juno r0 Qualcomm Krait 450 Snapdragon 805 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

61 Implications Smartphone SoCs Manufacturer SoC Family % featuring A7,-15,-53,-57 Apple A10, A9, A8, A7 0 HiSilicon Kirin 9xx, 6xx 86 Mediatek MT67xx, MT659x/8x 100 Nvidia Tegra X, K, 4 71 Qualcomm Snapdragon 8xx, 6xx, 4xx 47 Samsung Exynos 9, 8, 7, 5, 4 79 Xiaomi Surge S 100 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

62 Implications Previous Work on ARM ARMageddon Lipp et al. [LGS + 16] - ROP Flush + Reload Zhang et al. [ZXZ16] - TruSpy Zhang et al. [ZSS + 16] - Device Selection Attack Selection Device Properties Qualcomm SoCs Flush + Reload ARM Cortex-A8 Userspace flush cacheflush syscall Single-core setup Cross-core eviction No cross-core eviction No cross-core eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

63 AutoLock = Countermeasure? AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

64 Countermeasure? Not Ultimately Vulnerable SoCs Same-Core Attacks ARM-compliant cores Userspace flush instr. ARM TrustZone Compromised OS Remote Evictions Redundant Targets Trigger self-evictions Increase load and wait time Attack multiple cache lines e.g. entire AES T-tables AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

65 Countermeasure? Wait-a-minute Attack Attack by Irazoqui et al. [IIES14] Observes usage of AES T-tables One cache line per table Simple redundant variant Observe all lines of all tables Majority vote on derived keys Test environment ARM Cortex-A15 with AutoLock Full Linux operating system Recovered key bytes Encryptions ( 10 3 ) same-core [IIES14] cross-core [IIES14] majority vote AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

66 Conclusion AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

67 Conclusion Takeaways AutoLock: undocumented feature of inclusive LLCs on ARM Inhibits cross-core eviction and adversely affects attacks Predominantly implemented in Cortex-A designs by ARM Countermeasures are still necessary to protect against attacks AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

68 Questions? AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

69 Bibliography [GMF + 16] [GMWM16] [GSM15] [IIES14] [LGS + 16] [OST06] Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, and Stefan Mangard. Prefetch side-channel attacks: Bypassing smap and kernel aslr. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 16, pages , New York, NY, USA, ACM. Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. Flush+flush: A fast and stealthy cache attack. In Juan Caballero, Urko Zurutuza, and Ricardo J. Rodríguez, editors, Detection of Intrusions and Malware, and Vulnerability Assessment: 13th International Conference, DIMVA 2016, San Sebastián, Spain, July 7-8, 2016, Proceedings, pages , Cham, Springer International Publishing. Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. Cache template attacks: Automating attacks on inclusive last-level caches. In 24th USENIX Security Symposium (USENIX Security 15), pages , Washington, D.C., USENIX Association. Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar. Wait a minute! a fast, cross-vm attack on aes. In Angelos Stavrou, Herbert Bos, and Georgios Portokalidis, editors, Research in Attacks, Intrusions and Defenses: 17th International Symposium, RAID 2014, Gothenburg, Sweden, September 17-19, Proceedings, pages , Cham, Springer International Publishing. Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and Stefan Mangard. Armageddon: Cache attacks on mobile devices. In 25th USENIX Security Symposium (USENIX Security 16), pages , Austin, TX, USENIX Association. Dag Arne Osvik, Adi Shamir, and Eran Tromer. Cache attacks and countermeasures: The case of aes. In David Pointcheval, editor, Topics in Cryptology CT-RSA 2006: The Cryptographers Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, Proceedings, pages 1 20, Berlin, Heidelberg, Springer Berlin Heidelberg. AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

70 Bibliography [YF14] [ZSS + 16] [ZXZ16] Yuval Yarom and Katrina Falkner. Flush+reload: A high resolution, low noise, l3 cache side-channel attack. In 23rd USENIX Security Symposium (USENIX Security 14), pages , San Diego, CA, USENIX Association. Ning Zhang, Kun Sun, Deborah Shands, Wenjing Lou, and Y. Thomas Hou. Truspy: Cache side-channel information leakage from the secure world on arm devices. Cryptology eprint Archive, Report 2016/980, Xiaokuan Zhang, Yuan Xiao, and Yinqian Zhang. Return-oriented flush-reload side channels on arm and their implications for android devices. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 16, pages , New York, NY, USA, ACM. AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security

Similar documents

ARMageddon: Cache Attacks on Mobile Devices

ARMageddon: Cache Attacks on Mobile Devices ARMageddon: Cache Attacks on Mobile Devices Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, Stefan Mangard Graz University of Technology 1 TLDR powerful cache attacks (like Flush+Reload)

More information

Curious case of Rowhammer: Flipping Secret Exponent Bits using Timing Analysis

Curious case of Rowhammer: Flipping Secret Exponent Bits using Timing Analysis Curious case of Rowhammer: Flipping Secret Exponent Bits using Timing Analysis Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur CHES 2016 August 19, 2016 Objective

More information

Rowhammer.js: Root privileges for web apps?

Rowhammer.js: Root privileges for web apps? Rowhammer.js: Root privileges for web apps? Daniel Gruss (@lavados) 1, Clémentine Maurice (@BloodyTangerine) 2 1 IAIK, Graz University of Technology / 2 Technicolor and Eurecom 1 Rennes Graz Clémentine

More information

arxiv: v2 [cs.cr] 19 Jun 2016

arxiv: v2 [cs.cr] 19 Jun 2016 ARMageddon: Cache Attacks on Mobile Devices Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and Stefan Mangard Graz University of Technology, Austria arxiv:1511.04897v2 [cs.cr] 19 Jun

More information

Évolution des attaques sur la micro-architecture

Évolution des attaques sur la micro-architecture Évolution des attaques sur la micro-architecture Clémentine Maurice, CNRS, IRISA 23 Janvier 2019 Journée Nouvelles Avancées en Sécurité des Systèmes d Information, INSA de Toulouse/LAAS-CNRS Attacks on

More information

Software Solutions to Micro-architectural Side Channels. Yinqian Zhang Assistant Professor Computer Science & Engineering The Ohio State University

Software Solutions to Micro-architectural Side Channels. Yinqian Zhang Assistant Professor Computer Science & Engineering The Ohio State University Software Solutions to Micro-architectural Side Channels Yinqian Zhang Assistant Professor Computer Science & Engineering The Ohio State University Introduction Research interests Computer system security

More information

TruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices

TruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices TruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices Ning Zhang, Kun Sun, Deborah Shands Wenjing Lou, Y. Thomas Hou Virginia Polytechnic Institute and State University, VA

More information

Advanced Power Side Channel Cache Side Channel Attacks DMA Attacks

Advanced Power Side Channel Cache Side Channel Attacks DMA Attacks CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 8b Advanced Power Side Channel Cache Side Channel Attacks DMA Attacks Slide deck originally based on some material by Chenglu during ECE 6095 Spring 2017

More information

arxiv: v3 [cs.cr] 5 Apr 2016

arxiv: v3 [cs.cr] 5 Apr 2016 Flush+Flush: A Fast and Stealthy Cache Attack Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard Graz University of Technology, Austria arxiv:1511.04594v3 [cs.cr] 5 Apr 2016 Abstract. Research

More information

Cache Attacks and Rowhammer on ARM

Cache Attacks and Rowhammer on ARM Moritz Lipp, BSc Cache Attacks and Rowhammer on ARM MASTER S THESIS to achieve the university degree of Diplom-Ingenieur Master s degree programme: Computer Science submitted to Graz University of Technology

More information

Cache Side Channel Attacks on Intel SGX

Cache Side Channel Attacks on Intel SGX Cache Side Channel Attacks on Intel SGX Princeton University Technical Report CE-L2017-001 January 2017 Zecheng He Ruby B. Lee {zechengh, rblee}@princeton.edu Department of Electrical Engineering Princeton

More information

From bottom to top: Exploiting hardware side channels in web browsers

From bottom to top: Exploiting hardware side channels in web browsers From bottom to top: Exploiting hardware side channels in web browsers Clémentine Maurice, Graz University of Technology July 4, 2017 RMLL, Saint-Étienne, France Rennes Graz Clémentine Maurice PhD since

More information

Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud

Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard, Kay Römer

More information

Micro-architectural Attacks. Chester Rebeiro IIT Madras

Micro-architectural Attacks. Chester Rebeiro IIT Madras Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Cryptography Passwords Information Flow Policies Privileged Rings ASLR Virtual Machines and confinement Javascript and HTML5 (due to restricted

More information

Fine Grain Cross-VM Attacks on Xen and VMware

Fine Grain Cross-VM Attacks on Xen and VMware Fine Grain Cross-VM Attacks on Xen and VMware Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, Berk Sunar Worcester Polytechnic Institute {girazoki,msinci,teisenbarth,sunar}@wpi.edu Abstract This

More information

arxiv: v2 [cs.cr] 30 Nov 2015

arxiv: v2 [cs.cr] 30 Nov 2015 Reverse Engineering Intel DRAM Addressing and Exploitation - Work in Progress - arxiv:1511.08756v2 [cs.cr] 30 Nov 2015 Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz and Stefan Mangard

More information

Fast and Secure Implementation of Modular Exponentiation for Mitigating Fine-Grained Cache Attacks

Fast and Secure Implementation of Modular Exponentiation for Mitigating Fine-Grained Cache Attacks applied sciences Article Fast and Secure Implementation of Modular Exponentiation for Mitigating Fine-Grained Cache Attacks Youngjoo Shin School of Computer and Information Engineering, Kwangwoon University,

More information

A Faster and More Realistic Flush+Reload Attack on AES

A Faster and More Realistic Flush+Reload Attack on AES A Faster and More Realistic Flush+Reload Attack on AES Berk Gülmezoğlu, Mehmet Sinan İnci, Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar Worcester Polytechnic Institute, Worcester, MA, USA {bgulmezoglu,msinci,girazoki,teisenbarth,sunar}@wpi.edu

More information

Flush+Flush: A Stealthier Last-Level Cache Attack

Flush+Flush: A Stealthier Last-Level Cache Attack Flush+Flush: A Stealthier Last-Level Cache Attack Daniel Gruss Graz University of Technology, Austria daniel.gruss@iaik.tugraz.at Clémentine Maurice Technicolor, Rennes, France Eurecom, Sophia-Antipolis,

More information

Chenglu Jin Department of Electrical & Computer Engineering University of Connecticut

Chenglu Jin Department of Electrical & Computer Engineering University of Connecticut CSE 5095 & ECE 6095 Spring 2016 Instructor Marten van Dijk Side Channel Attacks Chenglu Jin Department of Electrical & Computer Engineering University of Connecticut Email: chenglu.jin@.uconn.edu Based

More information

Who am I? Moritz Lipp PhD Graz University of

Who am I? Moritz Lipp PhD Graz University of Who am I? Moritz Lipp PhD student @ Graz University of Technology @mlqxyz moritz.lipp@iaik.tugraz.at 1 Moritz Lipp, Michael Schwarz, Daniel Gruss Graz University of Technology Who am I? Michael Schwarz

More information

SoC, why should we care about Fault Injection Attacks?

SoC, why should we care about Fault Injection Attacks? SoC, why should we care about Fault Injection Attacks? Guillaume BOUFFARD (guillaume.bouffard@ssi.gouv.fr) David EL-BAZE (david.elbaze@ssi.gouv.fr) with the help of Thomas TROUCHKINE Agence nationale de

More information

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut SGX Security Background Masab Ahmad masab.ahmad@uconn.edu Department of Electrical and Computer Engineering University of Connecticut 1 Security Background Outline Cryptographic Primitives Cryptographic

More information

Wait a minute! A fast, Cross-VM attack on AES

Wait a minute! A fast, Cross-VM attack on AES Wait a minute! A fast, Cross-VM attack on AES Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar Worcester Polytechnic Institute, Worcester, MA, USA {girazoki,msinci,teisenbarth,sunar}@wpi.edu

More information

RevAnC: A Framework for Reverse Engineering Hardware Page Table Caches

RevAnC: A Framework for Reverse Engineering Hardware Page Table Caches RevAnC: A Framework for Reverse Engineering Hardware Page Table Caches Stephan van Schaik stephan@synkhronix.com Kaveh Razavi kaveh@cs.vu.nl Ben Gras beng@cs.vu.nl ABSTRACT Herbert Bos herbertb@cs.vu.nl

More information

Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack

Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack Yuval Yarom Katrina Falkner School of Computer Science The University of Adelaide {yval,katrina}@cs.adelaide.edu.au 18 July 2013

More information

Cache Attacks Enable Bulk Key Recovery on the Cloud (Extended Version)

Cache Attacks Enable Bulk Key Recovery on the Cloud (Extended Version) Cache Attacks Enable Bulk Key Recovery on the Cloud (Extended Version) Mehmet Sinan İnci, Berk Gulmezoglu, Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar Worcester Polytechnic Institute, Worcester, MA,

More information

Spectre and Meltdown: Data leaks during speculative execution

Spectre and Meltdown: Data leaks during speculative execution Spectre and Meltdown: Data leaks during speculative execution Speaker: Jann Horn (Google Project Zero) Paul Kocher (independent) Daniel Genkin (University of Pennsylvania and University of Maryland) Yuval

More information

Side-Channel Attacks on Intel SGX: How SGX Amplifies The Power of Cache Attacks

Side-Channel Attacks on Intel SGX: How SGX Amplifies The Power of Cache Attacks Side-Channel Attacks on Intel SGX: How SGX Amplifies The Power of Cache Attacks by Ahmad Moghimi A Thesis Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE In partial fulfillment of the requirements

More information

Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features

Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features Michael Schwarz 1, Daniel Gruss 1, Moritz Lipp 1, Clémentine Maurice 2, Thomas Schuster 1, Anders Fogh

More information

S$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing and its Application to AES

S$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing and its Application to AES 2015 IEEE Symposium on Security and Privacy S$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing and its Application to AES Gorka Irazoqui Worcester Polytechnic Institute Worcester,USA

More information

When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins

When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins Michael Schwarz, Moritz Lipp michael.schwarz@iaik.tugraz.at, moritz.lipp@iaik.tugraz.at Abstract In our talk, we show that despite all

More information

C5: Cross-Cores Cache Covert Channel

C5: Cross-Cores Cache Covert Channel C5: Cross-Cores Cache Covert Channel Clémentine Maurice 1, Christoph Neumann 1, Olivier Heen 1, and Aurélien Francillon 2 1 Technicolor, Rennes, France, 2 Eurecom, Sophia-Antipolis, France {clementine.maurice,christoph.neumann,olivier.heen}@technicolor.com

More information

CJAG: Cache-based Jamming Agreement

CJAG: Cache-based Jamming Agreement CJAG: Cache-based Jamming Agreement Establishing a covert channel between co-located VMs Michael Schwarz and Manuel Weber Graz University of Technology, Austria Abstract. Cache-based covert channels are

More information

The Security of Intel SGX for Key Protection and Data Privacy Applications

The Security of Intel SGX for Key Protection and Data Privacy Applications The Security of Intel SGX for Key Protection and Data Privacy Applications Yehuda Lindell February 28, 2018 1 Introduction Intel Software Guard Extensions (Intel SGX) [1] is an Intel technology for application

More information

arxiv: v2 [cs.cr] 20 Aug 2017

arxiv: v2 [cs.cr] 20 Aug 2017 CacheZoom: How SGX Amplifies The Power of Cache Attacks arxiv:1703.06986v2 [cs.cr] 20 Aug 2017 Ahmad Moghimi Worcester Polytechnic Institute amoghimi@wpi.edu Abstract In modern computing environments,

More information

Vikram Hegde, Hanqing Zhao, Kefeng Shi, and Yi Yang Fontbonne University St. Louis, Missouri

Vikram Hegde, Hanqing Zhao, Kefeng Shi, and Yi Yang Fontbonne University St. Louis, Missouri SECURE MOBILE APPS BASED ON NTRU Vikram Hegde, Hanqing Zhao, Kefeng Shi, and Yi Yang Fontbonne University St. Louis, Missouri The need for mobile security The inefficiency of traditional algorithms in

More information

Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. CS 563 Young Li 10/31/18

Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. CS 563 Young Li 10/31/18 Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races CS 563 Young Li 10/31/18 Intel Software Guard extensions (SGX) and Hyper-Threading What is Intel SGX? Set of

More information

Defense against the AnC Attack on BOOM Rui Hou, Xiaoxin Li, Wei Song, Dan Meng

Defense against the AnC Attack on BOOM Rui Hou, Xiaoxin Li, Wei Song, Dan Meng Defense against the AnC Attack on BOOM Rui Hou, Xiaoxin Li, Wei Song, Dan Meng 单击此处编辑母版标题样式 Outline Security vulnerabilities due to resource sharing AnC attack Solution RCL PTE-isolation Security vulnerabilities

More information

All the AES You Need on Cortex-M3 and M4 Peter Schwabe and Ko Stoffelen

All the AES You Need on Cortex-M3 and M4 Peter Schwabe and Ko Stoffelen All the AES You Need on Cortex-M3 and M4 Peter Schwabe and Ko Stoffelen More AES software implementations? AES on AVR [OBSC10] AES on SPARC [BS08] AES on PowerPC [BS08] AES on NVIDIA GPU [OBSC10] AES on

More information

Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices

Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices Xiaokuan Zhang Yuan Xiao Yinqian Zhang Department of Computer Science and Engineering The Ohio State University

More information

arxiv: v1 [cs.cr] 3 Jan 2018

arxiv: v1 [cs.cr] 3 Jan 2018 Meltdown arxiv:1801.01207v1 [cs.cr] 3 Jan 2018 Abstract Moritz Lipp 1, Michael Schwarz 1, Daniel Gruss 1, Thomas Prescher 2, Werner Haas 2, Stefan Mangard 1, Paul Kocher 3, Daniel Genkin 4, Yuval Yarom

More information

Rowhammer.js: A Remote Software- Induced Fault Attack in Javascript

Rowhammer.js: A Remote Software- Induced Fault Attack in Javascript Rowhammer.js: A Remote Software- Induced Fault Attack in Javascript Daniel Gruss, Clementine Maurice and Stefan Mangard Graz University of Technology, Austria Rowhammer bug (I) Different DRAM cells can

More information

Cross-core Microarchitectural Side Channel Attacks and Countermeasures

Cross-core Microarchitectural Side Channel Attacks and Countermeasures Cross-core Microarchitectural Side Channel Attacks and Countermeasures by Gorka Irazoqui A Dissertation Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE In partial fulfillment of the requirements

More information

Cross Processor Cache Attacks

Cross Processor Cache Attacks Cross Processor Cache Attacks Gorka Irazoqui Worcester Polytechnic Institute girazoki@wpi.edu Thomas Eisenbarth Worcester Polytechnic Institute teisenbarth@wpi.edu Berk Sunar Worcester Polytechnic Institute

More information

Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX

Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX W. Wang, G. Chen, X, Pan, Y. Zhang, XF. Wang, V. Bindschaedler, H. Tang, C. Gunter. September 19, 2017 Motivation Intel

More information

NIGHTs-WATCH. A Cache-Based Side-Channel Intrusion Detector using Hardware Performance Counters

NIGHTs-WATCH. A Cache-Based Side-Channel Intrusion Detector using Hardware Performance Counters NIGHTs-WATCH A Cache-Based Side-Channel Intrusion Detector using Hardware Performance Counters Maria Mushtaq, Ayaz Akram, Khurram Bhatti, Maham Chaudhry, Vianney Lapotre, Guy Gogniat Contact: khurram.bhatti@itu.edu.pk

More information

Countermeasures against Bernstein s Remote Cache Timing Attack

Countermeasures against Bernstein s Remote Cache Timing Attack Countermeasures against Bernstein s Remote Cache Timing Attack Janaka Alawatugoda, Darshana Jayasinghe, and Roshan Ragel, Member, IEEE Abstract- Cache timing attack is a type of side channel attack where

More information

SCAnDroid: Automated Side-Channel Analysis of Android APIs

SCAnDroid: Automated Side-Channel Analysis of Android APIs S C I E N C E P A S S I O N T E C H N O L O G Y SCAnDroid: Automated Side-Channel Analysis of Android APIs Raphael Spreitzer, Gerald Palfinger, Stefan Mangard IAIK, Graz University of Technology, Austria

More information

Practical Keystroke Timing Attacks in Sandboxed JavaScript

Practical Keystroke Timing Attacks in Sandboxed JavaScript Practical Keystroke Timing Attacks in Sandboxed JavaScript M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Sep 11, 2017 ESORICS 17 Graz University of Technology Motivation Keystroke timing

More information

On the Applicability of Time-Driven Cache Attacks on Mobile Devices

On the Applicability of Time-Driven Cache Attacks on Mobile Devices On the Applicability of Time-Driven Cache Attacks on Mobile Devices (Extended Version ) Raphael Spreitzer and Thomas Plos Institute for Applied Information Processing and Communications (IAIK), Graz University

More information

Malware Guard Extension: Using SGX to Conceal Cache Attacks

Malware Guard Extension: Using SGX to Conceal Cache Attacks Malware Guard Extension: Using SGX to Conceal Cache Attacks Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard Graz University of Technology, Austria Abstract. In modern

More information

Side Channel Analysis Power Side Channel

Side Channel Analysis Power Side Channel CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 8a Side Channel Analysis Power Side Channel Slide deck originally based on some material by Chenglu and Ha during ECE 6095 Spring 2017 on Secure Computation

More information

A Cache Timing Attack on AES in Virtualization Environments

A Cache Timing Attack on AES in Virtualization Environments A Cache Timing Attack on AES in Virtualization Environments Michael Weiß, Benedikt Heinz, and Frederic Stumpf Fraunhofer Research Institution AISEC, Garching (near Munich), Germany {michael.weiss, benedikt.heinz,

More information

Meltdown, Spectre, and Security Boundaries in LEON/GRLIB. Technical note Doc. No GRLIB-TN-0014 Issue 1.1

Meltdown, Spectre, and Security Boundaries in LEON/GRLIB. Technical note Doc. No GRLIB-TN-0014 Issue 1.1 Template: GQMS-TPLT-1-1-0 Meltdown, Spectre, and Security Boundaries in LEON/GRLIB Technical note 2018-03-15 Doc. No Issue 1.1 Date: 2018-03-15 Page: 2 of 8 CHANGE RECORD Issue Date Section / Page Description

More information

Cache-Access Pattern Attack on Disaligned AES T-Tables

Cache-Access Pattern Attack on Disaligned AES T-Tables Cache-Access Pattern Attack on Disaligned AES T-Tables Raphael Spreitzer and Thomas Plos Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse

More information

CS 356 Operating System Security. Fall 2013

CS 356 Operating System Security. Fall 2013 CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database

More information

CacheZoom: How SGX Amplifies The Power of Cache Attacks

CacheZoom: How SGX Amplifies The Power of Cache Attacks CacheZoom: How SGX Amplifies The Power of Cache Attacks Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth Worcester Polytechnic Institute, Worcester, MA, USA {amoghimi,girazoki,teisenbarth}@wpi.edu

More information

S-Box Implementation of AES is NOT side channel resistant

S-Box Implementation of AES is NOT side channel resistant S-Box Implementation of AES is NOT side channel resistant C Ashokkumar, Bholanath Roy, M Bhargav Sri Venkatesh, and Bernard L. Menezes Department of Computer Science and Engineering, Indian Institute of

More information

Evaluating the Reuse Cache for mobile processors. Lokesh Jindal, Urmish Thakker, Swapnil Haria CS-752 Fall 2014 University of Wisconsin-Madison

Evaluating the Reuse Cache for mobile processors. Lokesh Jindal, Urmish Thakker, Swapnil Haria CS-752 Fall 2014 University of Wisconsin-Madison Evaluating the Reuse Cache for mobile processors Lokesh Jindal, Urmish Thakker, Swapnil Haria CS-752 Fall 2014 University of Wisconsin-Madison 1 Executive Summary Problem : Mobile SOCs Area is money! Cache

More information

Attack TrustZone with Rowhammer. Pierre Carru - eshard 2017/04

Attack TrustZone with Rowhammer. Pierre Carru - eshard 2017/04 Attack TrustZone with Rowhammer Pierre Carru - eshard 2017/04 1 Presentation Summary 1. Rowhammer ~10 min 2. TrustZone ~10 min 3. Attack ~10 min 2 Context - Existing Rowhammer Attacks Implementations Intel

More information

CSE 127 Computer Security

CSE 127 Computer Security CSE 127 Computer Security Stefan Savage, Spring 2018, Lecture 19 Hardware Security: Meltdown, Spectre, Rowhammer Vulnerabilities and Abstractions Abstraction Reality Vulnerability Review: ISA and µarchitecture

More information

The Last Mile An Empirical Study of Timing Channels on sel4

The Last Mile An Empirical Study of Timing Channels on sel4 The Last Mile An Empirical Study of Timing on David Cock Qian Ge Toby Murray Gernot Heiser 4 November 2014 NICTA Funding and Supporting Members and Partners Outline The Last Mile Copyright NICTA 2014 David

More information

Malware Guard Extension: Using SGX to Conceal Cache Attacks (Extended Version)

Malware Guard Extension: Using SGX to Conceal Cache Attacks (Extended Version) Malware Guard Extension: Using SGX to Conceal Cache Attacks (Exted Version) Michael Schwarz Graz University of Technology Email: michael.schwarz@iaik.tugraz.at Samuel Weiser Graz University of Technology

More information

F28HS Hardware-Software Interface: Systems Programming

F28HS Hardware-Software Interface: Systems Programming F28HS Hardware-Software Interface: Systems Programming Hans-Wolfgang Loidl School of Mathematical and Computer Sciences, Heriot-Watt University, Edinburgh Semester 2 2017/18 0 No proprietary software has

More information

Android Application Sandbox. Thomas Bläsing DAI-Labor TU Berlin

Android Application Sandbox. Thomas Bläsing DAI-Labor TU Berlin Android Application Sandbox Thomas Bläsing DAI-Labor TU Berlin Agenda Introduction What is Android? Malware on smartphones Common countermeasures on the Android platform Use-Cases Design Conclusion Summary

More information

Meltdown or "Holy Crap: How did we do this to ourselves" Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory

Meltdown or Holy Crap: How did we do this to ourselves Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory Meltdown or "Holy Crap: How did we do this to ourselves" Abstract Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory locations Breaks all security assumptions given

More information

Side Channels and Runtime Encryption Solutions with Intel SGX

Side Channels and Runtime Encryption Solutions with Intel SGX Leader in Runtime Encryption Whitepaper Side Channels and Runtime Encryption Solutions with Intel SGX by Andy Leiserson, Chief Architect at Fortanix Executive Summary Introduction to Side Channel Attacks

More information

Constant-Time Callees with Variable-Time Callers. Cesar Pereida Garcı a Billy Bob Brumley Tampere University of Technology Finland

Constant-Time Callees with Variable-Time Callers. Cesar Pereida Garcı a Billy Bob Brumley Tampere University of Technology Finland Constant-Time Callees with Variable-Time Callers Cesar Pereida Garcı a Billy Bob Brumley Tampere University of Technology Finland Outline Enabling Cache-Timing Attacks Motivation Brief History of Cache-Timing

More information

kguard++: Improving the Performance of kguard with Low-latency Code Inflation

kguard++: Improving the Performance of kguard with Low-latency Code Inflation kguard++: Improving the Performance of kguard with Low-latency Code Inflation Jordan P. Hendricks Brown University Abstract In this paper, we introduce low-latency code inflation for kguard, a GCC plugin

More information

A Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher

A Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher A Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher Lu Xiao and Howard M. Heys 2 QUALCOMM Incorporated, lxiao@qualcomm.com 2 Electrical and Computer Engineering, Faculty

More information

SMARTPHONE HARDWARE: ANATOMY OF A HANDSET. Mainak Chaudhuri Indian Institute of Technology Kanpur Commonwealth of Learning Vancouver

SMARTPHONE HARDWARE: ANATOMY OF A HANDSET. Mainak Chaudhuri Indian Institute of Technology Kanpur Commonwealth of Learning Vancouver SMARTPHONE HARDWARE: ANATOMY OF A HANDSET Mainak Chaudhuri Indian Institute of Technology Kanpur Commonwealth of Learning Vancouver Outline of topics What is the hardware architecture of a How does communication

More information

An Improved Trace Driven Instruction Cache Timing Attack on RSA

An Improved Trace Driven Instruction Cache Timing Attack on RSA An Improved Trace Driven Instruction Cache Timing Attack on RSA Chen Cai-Sen 1*, Wang Tao 1, Chen Xiao-Cen 2 and Zhou Ping 1 1 Department of Computer Engineering, Ordnance Engineering College, China 2

More information

Elliptic Curve Cryptography and its Application in the Secure Socket Layer/Transport Layer Security Protocol

Elliptic Curve Cryptography and its Application in the Secure Socket Layer/Transport Layer Security Protocol Elliptic Curve Cryptography and its Application in the Secure Socket Layer/Transport Layer Security Protocol M. Cimi Thomas 1* and S. Sheeja 2 1* Research Scholar, Department of Computer Science, Karpagam

More information

Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript

Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript Michael Schwarz, Clémentine Maurice, Daniel Gruss, Stefan Mangard Graz University of Technology April 2017

More information

Who we are. Eshard - Embedded Security Company. Software & Hardware Security. What do we

Who we are. Eshard - Embedded Security Company. Software & Hardware Security. What do we Who we are Eshard - Embedded Security Company Software & Hardware Security What do we do: Tools: Side Channel / Code Analysis Consultancy Audit Training @eshardnews https://www.eshard.com contact@eshard.com

More information

JavaScript Zero. Real JavaScript and Zero Side-Channel Attacks. Michael Schwarz, Moritz Lipp, Daniel Gruss

JavaScript Zero. Real JavaScript and Zero Side-Channel Attacks. Michael Schwarz, Moritz Lipp, Daniel Gruss JavaScript Zero Real JavaScript and Zero Side-Channel Attacks Michael Schwarz, Moritz Lipp, Daniel Gruss 20.02.2018 www.iaik.tugraz.at 1 Michael Schwarz, Moritz Lipp, Daniel Gruss www.iaik.tugraz.at Outline

More information

Covert Timing Channels Exploiting Non-Uniform Memory Access based Architectures

Covert Timing Channels Exploiting Non-Uniform Memory Access based Architectures Covert Timing Channels Exploiting Non-Uniform Memory Access based Architectures Fan Yao, Guru Venkataramani and Miloš Doroslovački Department of Electrical and Computer Engineering The George Washington

More information

SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017

SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and

More information

Adaptive Android Kernel Live Patching

Adaptive Android Kernel Live Patching USENIX Security Symposium 2017 Adaptive Android Kernel Live Patching Yue Chen 1, Yulong Zhang 2, Zhi Wang 1, Liangzhao Xia 2, Chenfu Bao 2, Tao Wei 2 Florida State University 1 Baidu X-Lab 2 Android Kernel

More information

Secure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Attacks

Secure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Attacks : Defending Against Cache-Based Side Channel Attacks Mengjia Yan, Bhargava Gopireddy, Thomas Shull, Josep Torrellas University of Illinois at Urbana-Champaign http://iacoma.cs.uiuc.edu Presented by Mengjia

More information

An Infestation of Dragons

An Infestation of Dragons An Infestation of Dragons Exploring Vulnerabilities in the ARM TrustZone Architecture A story of Research: @m0nk_dot @natronkeltner @afrocheese Who Are We Josh Thomas @m0nk_dot / josh@atredis.com Partner

More information

Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX. Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology

Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX. Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology Kernel Address Space Layout Randomization (KASLR) A statistical

More information

On Cache Timing Attacks Considering Multi-Core Aspects in Virtualized Embedded Systems

On Cache Timing Attacks Considering Multi-Core Aspects in Virtualized Embedded Systems On Cache Timing Attacks Considering Multi-Core Aspects in Virtualized Embedded Systems Michael Weiß 1, Benjamin Weggenmann 1, Moritz August 2, and Georg Sigl 2 1 Fraunhofer Institut AISEC, Garching, Germany

More information

On Analyzing Program Behavior Under Fault Injection Attacks

On Analyzing Program Behavior Under Fault Injection Attacks On Analyzing Program Behavior Under Fault Injection Attacks Jakub Breier Physical Analysis and Cryptographic Engineering Nanyang Technological University, Singapore jbreier@ntuedusg Abstract Fault attacks

More information

HOT CHIPS 2014 NVIDIA S DENVER PROCESSOR. Darrell Boggs, CPU Architecture Co-authors: Gary Brown, Bill Rozas, Nathan Tuck, K S Venkatraman

HOT CHIPS 2014 NVIDIA S DENVER PROCESSOR. Darrell Boggs, CPU Architecture Co-authors: Gary Brown, Bill Rozas, Nathan Tuck, K S Venkatraman HOT CHIPS 2014 NVIDIA S DENVER PROCESSOR Darrell Boggs, CPU Architecture Co-authors: Gary Brown, Bill Rozas, Nathan Tuck, K S Venkatraman TEGRA K1 with Dual Denver CPUs The First 64-bit Android Kepler-Class

More information

QSEE TrustZone Kernel Integer Overflow Vulnerability

QSEE TrustZone Kernel Integer Overflow Vulnerability QSEE TrustZone Kernel Integer Overflow Vulnerability Dan Rosenberg dr@azimuthsecurity.com July 1, 2014 1 Introduction This paper discusses the nature of a vulnerability within the Qualcomm QSEE TrustZone

More information

Exploiting Branch Target Injection. Jann Horn, Google Project Zero

Exploiting Branch Target Injection. Jann Horn, Google Project Zero Exploiting Branch Target Injection Jann Horn, Google Project Zero 1 Outline Introduction Reverse-engineering branch prediction Leaking host memory from KVM 2 Disclaimer I haven't worked in CPU design I

More information

Lecture 20: Multi-Cache Designs. Spring 2018 Jason Tang

Lecture 20: Multi-Cache Designs. Spring 2018 Jason Tang Lecture 20: Multi-Cache Designs Spring 2018 Jason Tang 1 Topics Split caches Multi-level caches Multiprocessor caches 2 3 Cs of Memory Behaviors Classify all cache misses as: Compulsory Miss (also cold-start

More information

Spectre Returns! Speculation Attacks Using Return Stack Buffer

Spectre Returns! Speculation Attacks Using Return Stack Buffer Spectre Returns! Speculation Attacks Using Return Stack Buffer Esmaeil Mohammadian, Khaled N. Khasawneh, Chengyue Song and Nael Abu-Ghazaleh University of California, Riverside WOOT 2018 BALTIMORE, USA

More information

Cauldron: A Framework to Defend Against Cache-based Side-channel Attacks in Clouds

Cauldron: A Framework to Defend Against Cache-based Side-channel Attacks in Clouds Cauldron: A Framework to Defend Against Cache-based Side-channel Attacks in Clouds Mohammad Ahmad, Read Sprabery, Konstantin Evchenko, Abhilash Raj, Dr. Rakesh Bobba, Dr. Sibin Mohan, Dr. Roy Campbell

More information

Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives

Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg

More information

Performance is awesome!

Performance is awesome! Acknowledgements I Background music for the choir song kindly provided by Kerbo-Kev. Cooking photos kindly provided by Becca Lee (ladyfaceblog). Santa Clause images by http://www.thevectorart.com/ Some

More information

Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives

Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives Sebastian Ramacher Joint work with Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Christian Rechberger, Daniel

More information

Cache-timing attack against aes crypto system - countermeasures review

Cache-timing attack against aes crypto system - countermeasures review Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2014 Cache-timing attack against aes crypto system - countermeasures

More information

A Mechanism to Prevent Side Channel Attacks in Cloud Computing Environments

A Mechanism to Prevent Side Channel Attacks in Cloud Computing Environments A Mechanism to Prevent Side Channel Attacks in Cloud Computing Environments Tzong-An Su Fenh Chia University Taichung, Taiwan Abstract - Cloud computing provides the benefits of scalability, agility, reliability,

More information

HOST Differential Power Attacks ECE 525

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic

More information

Introduction to the Tegra SoC Family and the ARM Architecture. Kristoffer Robin Stokke, PhD FLIR UAS

Introduction to the Tegra SoC Family and the ARM Architecture. Kristoffer Robin Stokke, PhD FLIR UAS Introduction to the Tegra SoC Family and the ARM Architecture Kristoffer Robin Stokke, PhD FLIR UAS Goals of Lecture To give you something concrete to start on Simple introduction to ARMv8 NEON programming

More information

China smartphone AP shipments DIGITIMES Research Data service forecast, 1Q14

China smartphone AP shipments DIGITIMES Research Data service forecast, 1Q14 China smartphone AP shipments DIGITIMES Research Data service forecast, 1Q14 Research Analyst: Eric Lin January 2014 Introduction Global smartphone AP suppliers will see their shipments to China grow only

More information

Smart TV Security Solution V2.0 for Samsung Knox. Certification Report

Smart TV Security Solution V2.0 for Samsung Knox. Certification Report KECS-CR-17-82 Smart TV Security Solution V2.0 for Samsung Knox Certification Report Certification No.: KECS-CISS-0846-2017 2017. 12. 27 IT Security Certification Center History of Creation and Revision

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback