AutoLock: Why Cache Attacks on ARM Are Harder Than You Think
|
|
- Clementine Joan Barber
- 6 years ago
- Views:
Transcription
1 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Marc Green W, Leandro Rodrigues-Lima F, Andreas Zankl F, Gorka Irazoqui W, Johann Heyszl F, and Thomas Eisenbarth W August 18 th 2017 USENIX Security Symposium
2 The Big Picture Cache Attacks - Transition of attacks: desktop & server mobile AutoLock - Dedicated countermeasures are still necessary for protection Vulnerabililty and risk assessment are important, but challenging Eviction-based attacks are harder than previously believed Limited understanding of commercial microarchitectures Undocumented performance feature of inclusive caches on ARM AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
3 Cache Basics AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
4 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
5 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
6 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
7 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
8 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
9 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
10 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
11 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
12 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
13 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
14 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
15 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
16 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
17 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
18 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
19 Cache Attacks AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
20 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
21 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
22 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
23 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
24 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
25 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
26 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
27 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
28 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
29 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
30 Cache Attacks Cross-core Eviction Normalized frequency without eviction with eviction Clock cycles Qualcomm Krait 450 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
31 Cache Attacks Literature Method Task Reference Evict + Time Eviction [OST06] Prime + Probe Eviction [OST06] Evict + Reload Eviction [GSM15] Evict + Prefetch Eviction [GMF + 16] Flush + Reload Flush [YF14] Flush + Prefetch Flush [GMF + 16] Flush + Flush Flush [GMWM16] AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
32 Cache Attacks ARM Processors Flush on ARM Eviction on ARM Easy, fast, and robust Complex, slow, and error-prone Only from ARMv8 onwards All ARM architectures: v6, v7, v8 No guaranteed userspace access Userspace privileges are sufficient Limited number of devices Larger number of devices AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
33 AutoLock AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
34 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
35 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
36 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
37 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
38 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
39 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
40 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
41 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
42 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
43 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
44 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
45 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
46 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
47 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
48 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
49 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
50 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
51 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
52 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
53 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
54 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
55 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
56 AutoLock Definition A patented and undocumented performance feature of inclusive cache levels that transparently prevents the eviction of cache lines, if they are contained in higher cache levels. Automatic + Lockdown = AutoLock AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
57 Implications of AutoLock AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
58 Implications Impact in Theory Method Task Same-core Cross-core Evict + Time Eviction Prime + Probe Eviction Evict + Reload Eviction Evict + Prefetch Eviction Flush + * Flush AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
59 Implications Impact in Practice Normalized frequency without eviction with eviction Normalized frequency without eviction with eviction Clock cycles Qualcomm Krait Clock cycles ARM Cortex-A57 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
60 Implications SoC Evaluation Processor System-on-Chip (SoC) AutoLock ARM Cortex-A7 Samsung Exynos 5422 ARM Cortex-A15 Samsung Exynos 5422/5250 ARM Cortex-A53 ARM Juno r0 ARM Cortex-A57 ARM Juno r0 Qualcomm Krait 450 Snapdragon 805 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
61 Implications Smartphone SoCs Manufacturer SoC Family % featuring A7,-15,-53,-57 Apple A10, A9, A8, A7 0 HiSilicon Kirin 9xx, 6xx 86 Mediatek MT67xx, MT659x/8x 100 Nvidia Tegra X, K, 4 71 Qualcomm Snapdragon 8xx, 6xx, 4xx 47 Samsung Exynos 9, 8, 7, 5, 4 79 Xiaomi Surge S 100 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
62 Implications Previous Work on ARM ARMageddon Lipp et al. [LGS + 16] - ROP Flush + Reload Zhang et al. [ZXZ16] - TruSpy Zhang et al. [ZSS + 16] - Device Selection Attack Selection Device Properties Qualcomm SoCs Flush + Reload ARM Cortex-A8 Userspace flush cacheflush syscall Single-core setup Cross-core eviction No cross-core eviction No cross-core eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
63 AutoLock = Countermeasure? AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
64 Countermeasure? Not Ultimately Vulnerable SoCs Same-Core Attacks ARM-compliant cores Userspace flush instr. ARM TrustZone Compromised OS Remote Evictions Redundant Targets Trigger self-evictions Increase load and wait time Attack multiple cache lines e.g. entire AES T-tables AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
65 Countermeasure? Wait-a-minute Attack Attack by Irazoqui et al. [IIES14] Observes usage of AES T-tables One cache line per table Simple redundant variant Observe all lines of all tables Majority vote on derived keys Test environment ARM Cortex-A15 with AutoLock Full Linux operating system Recovered key bytes Encryptions ( 10 3 ) same-core [IIES14] cross-core [IIES14] majority vote AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
66 Conclusion AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
67 Conclusion Takeaways AutoLock: undocumented feature of inclusive LLCs on ARM Inhibits cross-core eviction and adversely affects attacks Predominantly implemented in Cortex-A designs by ARM Countermeasures are still necessary to protect against attacks AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
68 Questions? AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
69 Bibliography [GMF + 16] [GMWM16] [GSM15] [IIES14] [LGS + 16] [OST06] Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, and Stefan Mangard. Prefetch side-channel attacks: Bypassing smap and kernel aslr. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 16, pages , New York, NY, USA, ACM. Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. Flush+flush: A fast and stealthy cache attack. In Juan Caballero, Urko Zurutuza, and Ricardo J. Rodríguez, editors, Detection of Intrusions and Malware, and Vulnerability Assessment: 13th International Conference, DIMVA 2016, San Sebastián, Spain, July 7-8, 2016, Proceedings, pages , Cham, Springer International Publishing. Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. Cache template attacks: Automating attacks on inclusive last-level caches. In 24th USENIX Security Symposium (USENIX Security 15), pages , Washington, D.C., USENIX Association. Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar. Wait a minute! a fast, cross-vm attack on aes. In Angelos Stavrou, Herbert Bos, and Georgios Portokalidis, editors, Research in Attacks, Intrusions and Defenses: 17th International Symposium, RAID 2014, Gothenburg, Sweden, September 17-19, Proceedings, pages , Cham, Springer International Publishing. Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and Stefan Mangard. Armageddon: Cache attacks on mobile devices. In 25th USENIX Security Symposium (USENIX Security 16), pages , Austin, TX, USENIX Association. Dag Arne Osvik, Adi Shamir, and Eran Tromer. Cache attacks and countermeasures: The case of aes. In David Pointcheval, editor, Topics in Cryptology CT-RSA 2006: The Cryptographers Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, Proceedings, pages 1 20, Berlin, Heidelberg, Springer Berlin Heidelberg. AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
70 Bibliography [YF14] [ZSS + 16] [ZXZ16] Yuval Yarom and Katrina Falkner. Flush+reload: A high resolution, low noise, l3 cache side-channel attack. In 23rd USENIX Security Symposium (USENIX Security 14), pages , San Diego, CA, USENIX Association. Ning Zhang, Kun Sun, Deborah Shands, Wenjing Lou, and Y. Thomas Hou. Truspy: Cache side-channel information leakage from the secure world on arm devices. Cryptology eprint Archive, Report 2016/980, Xiaokuan Zhang, Yuan Xiao, and Yinqian Zhang. Return-oriented flush-reload side channels on arm and their implications for android devices. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 16, pages , New York, NY, USA, ACM. AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Green et al. USENIX Security
ARMageddon: Cache Attacks on Mobile Devices
ARMageddon: Cache Attacks on Mobile Devices Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, Stefan Mangard Graz University of Technology 1 TLDR powerful cache attacks (like Flush+Reload)
More informationCurious case of Rowhammer: Flipping Secret Exponent Bits using Timing Analysis
Curious case of Rowhammer: Flipping Secret Exponent Bits using Timing Analysis Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur CHES 2016 August 19, 2016 Objective
More informationRowhammer.js: Root privileges for web apps?
Rowhammer.js: Root privileges for web apps? Daniel Gruss (@lavados) 1, Clémentine Maurice (@BloodyTangerine) 2 1 IAIK, Graz University of Technology / 2 Technicolor and Eurecom 1 Rennes Graz Clémentine
More informationarxiv: v2 [cs.cr] 19 Jun 2016
ARMageddon: Cache Attacks on Mobile Devices Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and Stefan Mangard Graz University of Technology, Austria arxiv:1511.04897v2 [cs.cr] 19 Jun
More informationÉvolution des attaques sur la micro-architecture
Évolution des attaques sur la micro-architecture Clémentine Maurice, CNRS, IRISA 23 Janvier 2019 Journée Nouvelles Avancées en Sécurité des Systèmes d Information, INSA de Toulouse/LAAS-CNRS Attacks on
More informationSoftware Solutions to Micro-architectural Side Channels. Yinqian Zhang Assistant Professor Computer Science & Engineering The Ohio State University
Software Solutions to Micro-architectural Side Channels Yinqian Zhang Assistant Professor Computer Science & Engineering The Ohio State University Introduction Research interests Computer system security
More informationTruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices
TruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices Ning Zhang, Kun Sun, Deborah Shands Wenjing Lou, Y. Thomas Hou Virginia Polytechnic Institute and State University, VA
More informationAdvanced Power Side Channel Cache Side Channel Attacks DMA Attacks
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 8b Advanced Power Side Channel Cache Side Channel Attacks DMA Attacks Slide deck originally based on some material by Chenglu during ECE 6095 Spring 2017
More informationarxiv: v3 [cs.cr] 5 Apr 2016
Flush+Flush: A Fast and Stealthy Cache Attack Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard Graz University of Technology, Austria arxiv:1511.04594v3 [cs.cr] 5 Apr 2016 Abstract. Research
More informationCache Attacks and Rowhammer on ARM
Moritz Lipp, BSc Cache Attacks and Rowhammer on ARM MASTER S THESIS to achieve the university degree of Diplom-Ingenieur Master s degree programme: Computer Science submitted to Graz University of Technology
More informationCache Side Channel Attacks on Intel SGX
Cache Side Channel Attacks on Intel SGX Princeton University Technical Report CE-L2017-001 January 2017 Zecheng He Ruby B. Lee {zechengh, rblee}@princeton.edu Department of Electrical Engineering Princeton
More informationFrom bottom to top: Exploiting hardware side channels in web browsers
From bottom to top: Exploiting hardware side channels in web browsers Clémentine Maurice, Graz University of Technology July 4, 2017 RMLL, Saint-Étienne, France Rennes Graz Clémentine Maurice PhD since
More informationHello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard, Kay Römer
More informationMicro-architectural Attacks. Chester Rebeiro IIT Madras
Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Cryptography Passwords Information Flow Policies Privileged Rings ASLR Virtual Machines and confinement Javascript and HTML5 (due to restricted
More informationFine Grain Cross-VM Attacks on Xen and VMware
Fine Grain Cross-VM Attacks on Xen and VMware Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, Berk Sunar Worcester Polytechnic Institute {girazoki,msinci,teisenbarth,sunar}@wpi.edu Abstract This
More informationarxiv: v2 [cs.cr] 30 Nov 2015
Reverse Engineering Intel DRAM Addressing and Exploitation - Work in Progress - arxiv:1511.08756v2 [cs.cr] 30 Nov 2015 Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz and Stefan Mangard
More informationFast and Secure Implementation of Modular Exponentiation for Mitigating Fine-Grained Cache Attacks
applied sciences Article Fast and Secure Implementation of Modular Exponentiation for Mitigating Fine-Grained Cache Attacks Youngjoo Shin School of Computer and Information Engineering, Kwangwoon University,
More informationA Faster and More Realistic Flush+Reload Attack on AES
A Faster and More Realistic Flush+Reload Attack on AES Berk Gülmezoğlu, Mehmet Sinan İnci, Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar Worcester Polytechnic Institute, Worcester, MA, USA {bgulmezoglu,msinci,girazoki,teisenbarth,sunar}@wpi.edu
More informationFlush+Flush: A Stealthier Last-Level Cache Attack
Flush+Flush: A Stealthier Last-Level Cache Attack Daniel Gruss Graz University of Technology, Austria daniel.gruss@iaik.tugraz.at Clémentine Maurice Technicolor, Rennes, France Eurecom, Sophia-Antipolis,
More informationChenglu Jin Department of Electrical & Computer Engineering University of Connecticut
CSE 5095 & ECE 6095 Spring 2016 Instructor Marten van Dijk Side Channel Attacks Chenglu Jin Department of Electrical & Computer Engineering University of Connecticut Email: chenglu.jin@.uconn.edu Based
More informationWho am I? Moritz Lipp PhD Graz University of
Who am I? Moritz Lipp PhD student @ Graz University of Technology @mlqxyz moritz.lipp@iaik.tugraz.at 1 Moritz Lipp, Michael Schwarz, Daniel Gruss Graz University of Technology Who am I? Michael Schwarz
More informationSoC, why should we care about Fault Injection Attacks?
SoC, why should we care about Fault Injection Attacks? Guillaume BOUFFARD (guillaume.bouffard@ssi.gouv.fr) David EL-BAZE (david.elbaze@ssi.gouv.fr) with the help of Thomas TROUCHKINE Agence nationale de
More informationSGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut
SGX Security Background Masab Ahmad masab.ahmad@uconn.edu Department of Electrical and Computer Engineering University of Connecticut 1 Security Background Outline Cryptographic Primitives Cryptographic
More informationWait a minute! A fast, Cross-VM attack on AES
Wait a minute! A fast, Cross-VM attack on AES Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar Worcester Polytechnic Institute, Worcester, MA, USA {girazoki,msinci,teisenbarth,sunar}@wpi.edu
More informationRevAnC: A Framework for Reverse Engineering Hardware Page Table Caches
RevAnC: A Framework for Reverse Engineering Hardware Page Table Caches Stephan van Schaik stephan@synkhronix.com Kaveh Razavi kaveh@cs.vu.nl Ben Gras beng@cs.vu.nl ABSTRACT Herbert Bos herbertb@cs.vu.nl
More informationFlush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack
Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack Yuval Yarom Katrina Falkner School of Computer Science The University of Adelaide {yval,katrina}@cs.adelaide.edu.au 18 July 2013
More informationCache Attacks Enable Bulk Key Recovery on the Cloud (Extended Version)
Cache Attacks Enable Bulk Key Recovery on the Cloud (Extended Version) Mehmet Sinan İnci, Berk Gulmezoglu, Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar Worcester Polytechnic Institute, Worcester, MA,
More informationSpectre and Meltdown: Data leaks during speculative execution
Spectre and Meltdown: Data leaks during speculative execution Speaker: Jann Horn (Google Project Zero) Paul Kocher (independent) Daniel Genkin (University of Pennsylvania and University of Maryland) Yuval
More informationSide-Channel Attacks on Intel SGX: How SGX Amplifies The Power of Cache Attacks
Side-Channel Attacks on Intel SGX: How SGX Amplifies The Power of Cache Attacks by Ahmad Moghimi A Thesis Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE In partial fulfillment of the requirements
More informationAutomated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features
Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features Michael Schwarz 1, Daniel Gruss 1, Moritz Lipp 1, Clémentine Maurice 2, Thomas Schuster 1, Anders Fogh
More informationS$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing and its Application to AES
2015 IEEE Symposium on Security and Privacy S$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing and its Application to AES Gorka Irazoqui Worcester Polytechnic Institute Worcester,USA
More informationWhen Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins
When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins Michael Schwarz, Moritz Lipp michael.schwarz@iaik.tugraz.at, moritz.lipp@iaik.tugraz.at Abstract In our talk, we show that despite all
More informationC5: Cross-Cores Cache Covert Channel
C5: Cross-Cores Cache Covert Channel Clémentine Maurice 1, Christoph Neumann 1, Olivier Heen 1, and Aurélien Francillon 2 1 Technicolor, Rennes, France, 2 Eurecom, Sophia-Antipolis, France {clementine.maurice,christoph.neumann,olivier.heen}@technicolor.com
More informationCJAG: Cache-based Jamming Agreement
CJAG: Cache-based Jamming Agreement Establishing a covert channel between co-located VMs Michael Schwarz and Manuel Weber Graz University of Technology, Austria Abstract. Cache-based covert channels are
More informationThe Security of Intel SGX for Key Protection and Data Privacy Applications
The Security of Intel SGX for Key Protection and Data Privacy Applications Yehuda Lindell February 28, 2018 1 Introduction Intel Software Guard Extensions (Intel SGX) [1] is an Intel technology for application
More informationarxiv: v2 [cs.cr] 20 Aug 2017
CacheZoom: How SGX Amplifies The Power of Cache Attacks arxiv:1703.06986v2 [cs.cr] 20 Aug 2017 Ahmad Moghimi Worcester Polytechnic Institute amoghimi@wpi.edu Abstract In modern computing environments,
More informationVikram Hegde, Hanqing Zhao, Kefeng Shi, and Yi Yang Fontbonne University St. Louis, Missouri
SECURE MOBILE APPS BASED ON NTRU Vikram Hegde, Hanqing Zhao, Kefeng Shi, and Yi Yang Fontbonne University St. Louis, Missouri The need for mobile security The inefficiency of traditional algorithms in
More informationRacing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. CS 563 Young Li 10/31/18
Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races CS 563 Young Li 10/31/18 Intel Software Guard extensions (SGX) and Hyper-Threading What is Intel SGX? Set of
More informationDefense against the AnC Attack on BOOM Rui Hou, Xiaoxin Li, Wei Song, Dan Meng
Defense against the AnC Attack on BOOM Rui Hou, Xiaoxin Li, Wei Song, Dan Meng 单击此处编辑母版标题样式 Outline Security vulnerabilities due to resource sharing AnC attack Solution RCL PTE-isolation Security vulnerabilities
More informationAll the AES You Need on Cortex-M3 and M4 Peter Schwabe and Ko Stoffelen
All the AES You Need on Cortex-M3 and M4 Peter Schwabe and Ko Stoffelen More AES software implementations? AES on AVR [OBSC10] AES on SPARC [BS08] AES on PowerPC [BS08] AES on NVIDIA GPU [OBSC10] AES on
More informationReturn-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices
Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices Xiaokuan Zhang Yuan Xiao Yinqian Zhang Department of Computer Science and Engineering The Ohio State University
More informationarxiv: v1 [cs.cr] 3 Jan 2018
Meltdown arxiv:1801.01207v1 [cs.cr] 3 Jan 2018 Abstract Moritz Lipp 1, Michael Schwarz 1, Daniel Gruss 1, Thomas Prescher 2, Werner Haas 2, Stefan Mangard 1, Paul Kocher 3, Daniel Genkin 4, Yuval Yarom
More informationRowhammer.js: A Remote Software- Induced Fault Attack in Javascript
Rowhammer.js: A Remote Software- Induced Fault Attack in Javascript Daniel Gruss, Clementine Maurice and Stefan Mangard Graz University of Technology, Austria Rowhammer bug (I) Different DRAM cells can
More informationCross-core Microarchitectural Side Channel Attacks and Countermeasures
Cross-core Microarchitectural Side Channel Attacks and Countermeasures by Gorka Irazoqui A Dissertation Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE In partial fulfillment of the requirements
More informationCross Processor Cache Attacks
Cross Processor Cache Attacks Gorka Irazoqui Worcester Polytechnic Institute girazoki@wpi.edu Thomas Eisenbarth Worcester Polytechnic Institute teisenbarth@wpi.edu Berk Sunar Worcester Polytechnic Institute
More informationLeaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX W. Wang, G. Chen, X, Pan, Y. Zhang, XF. Wang, V. Bindschaedler, H. Tang, C. Gunter. September 19, 2017 Motivation Intel
More informationNIGHTs-WATCH. A Cache-Based Side-Channel Intrusion Detector using Hardware Performance Counters
NIGHTs-WATCH A Cache-Based Side-Channel Intrusion Detector using Hardware Performance Counters Maria Mushtaq, Ayaz Akram, Khurram Bhatti, Maham Chaudhry, Vianney Lapotre, Guy Gogniat Contact: khurram.bhatti@itu.edu.pk
More informationCountermeasures against Bernstein s Remote Cache Timing Attack
Countermeasures against Bernstein s Remote Cache Timing Attack Janaka Alawatugoda, Darshana Jayasinghe, and Roshan Ragel, Member, IEEE Abstract- Cache timing attack is a type of side channel attack where
More informationSCAnDroid: Automated Side-Channel Analysis of Android APIs
S C I E N C E P A S S I O N T E C H N O L O G Y SCAnDroid: Automated Side-Channel Analysis of Android APIs Raphael Spreitzer, Gerald Palfinger, Stefan Mangard IAIK, Graz University of Technology, Austria
More informationPractical Keystroke Timing Attacks in Sandboxed JavaScript
Practical Keystroke Timing Attacks in Sandboxed JavaScript M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Sep 11, 2017 ESORICS 17 Graz University of Technology Motivation Keystroke timing
More informationOn the Applicability of Time-Driven Cache Attacks on Mobile Devices
On the Applicability of Time-Driven Cache Attacks on Mobile Devices (Extended Version ) Raphael Spreitzer and Thomas Plos Institute for Applied Information Processing and Communications (IAIK), Graz University
More informationMalware Guard Extension: Using SGX to Conceal Cache Attacks
Malware Guard Extension: Using SGX to Conceal Cache Attacks Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard Graz University of Technology, Austria Abstract. In modern
More informationSide Channel Analysis Power Side Channel
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 8a Side Channel Analysis Power Side Channel Slide deck originally based on some material by Chenglu and Ha during ECE 6095 Spring 2017 on Secure Computation
More informationA Cache Timing Attack on AES in Virtualization Environments
A Cache Timing Attack on AES in Virtualization Environments Michael Weiß, Benedikt Heinz, and Frederic Stumpf Fraunhofer Research Institution AISEC, Garching (near Munich), Germany {michael.weiss, benedikt.heinz,
More informationMeltdown, Spectre, and Security Boundaries in LEON/GRLIB. Technical note Doc. No GRLIB-TN-0014 Issue 1.1
Template: GQMS-TPLT-1-1-0 Meltdown, Spectre, and Security Boundaries in LEON/GRLIB Technical note 2018-03-15 Doc. No Issue 1.1 Date: 2018-03-15 Page: 2 of 8 CHANGE RECORD Issue Date Section / Page Description
More informationCache-Access Pattern Attack on Disaligned AES T-Tables
Cache-Access Pattern Attack on Disaligned AES T-Tables Raphael Spreitzer and Thomas Plos Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationCacheZoom: How SGX Amplifies The Power of Cache Attacks
CacheZoom: How SGX Amplifies The Power of Cache Attacks Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth Worcester Polytechnic Institute, Worcester, MA, USA {amoghimi,girazoki,teisenbarth}@wpi.edu
More informationS-Box Implementation of AES is NOT side channel resistant
S-Box Implementation of AES is NOT side channel resistant C Ashokkumar, Bholanath Roy, M Bhargav Sri Venkatesh, and Bernard L. Menezes Department of Computer Science and Engineering, Indian Institute of
More informationEvaluating the Reuse Cache for mobile processors. Lokesh Jindal, Urmish Thakker, Swapnil Haria CS-752 Fall 2014 University of Wisconsin-Madison
Evaluating the Reuse Cache for mobile processors Lokesh Jindal, Urmish Thakker, Swapnil Haria CS-752 Fall 2014 University of Wisconsin-Madison 1 Executive Summary Problem : Mobile SOCs Area is money! Cache
More informationAttack TrustZone with Rowhammer. Pierre Carru - eshard 2017/04
Attack TrustZone with Rowhammer Pierre Carru - eshard 2017/04 1 Presentation Summary 1. Rowhammer ~10 min 2. TrustZone ~10 min 3. Attack ~10 min 2 Context - Existing Rowhammer Attacks Implementations Intel
More informationCSE 127 Computer Security
CSE 127 Computer Security Stefan Savage, Spring 2018, Lecture 19 Hardware Security: Meltdown, Spectre, Rowhammer Vulnerabilities and Abstractions Abstraction Reality Vulnerability Review: ISA and µarchitecture
More informationThe Last Mile An Empirical Study of Timing Channels on sel4
The Last Mile An Empirical Study of Timing on David Cock Qian Ge Toby Murray Gernot Heiser 4 November 2014 NICTA Funding and Supporting Members and Partners Outline The Last Mile Copyright NICTA 2014 David
More informationMalware Guard Extension: Using SGX to Conceal Cache Attacks (Extended Version)
Malware Guard Extension: Using SGX to Conceal Cache Attacks (Exted Version) Michael Schwarz Graz University of Technology Email: michael.schwarz@iaik.tugraz.at Samuel Weiser Graz University of Technology
More informationF28HS Hardware-Software Interface: Systems Programming
F28HS Hardware-Software Interface: Systems Programming Hans-Wolfgang Loidl School of Mathematical and Computer Sciences, Heriot-Watt University, Edinburgh Semester 2 2017/18 0 No proprietary software has
More informationAndroid Application Sandbox. Thomas Bläsing DAI-Labor TU Berlin
Android Application Sandbox Thomas Bläsing DAI-Labor TU Berlin Agenda Introduction What is Android? Malware on smartphones Common countermeasures on the Android platform Use-Cases Design Conclusion Summary
More informationMeltdown or "Holy Crap: How did we do this to ourselves" Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory
Meltdown or "Holy Crap: How did we do this to ourselves" Abstract Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory locations Breaks all security assumptions given
More informationSide Channels and Runtime Encryption Solutions with Intel SGX
Leader in Runtime Encryption Whitepaper Side Channels and Runtime Encryption Solutions with Intel SGX by Andy Leiserson, Chief Architect at Fortanix Executive Summary Introduction to Side Channel Attacks
More informationConstant-Time Callees with Variable-Time Callers. Cesar Pereida Garcı a Billy Bob Brumley Tampere University of Technology Finland
Constant-Time Callees with Variable-Time Callers Cesar Pereida Garcı a Billy Bob Brumley Tampere University of Technology Finland Outline Enabling Cache-Timing Attacks Motivation Brief History of Cache-Timing
More informationkguard++: Improving the Performance of kguard with Low-latency Code Inflation
kguard++: Improving the Performance of kguard with Low-latency Code Inflation Jordan P. Hendricks Brown University Abstract In this paper, we introduce low-latency code inflation for kguard, a GCC plugin
More informationA Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher
A Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher Lu Xiao and Howard M. Heys 2 QUALCOMM Incorporated, lxiao@qualcomm.com 2 Electrical and Computer Engineering, Faculty
More informationSMARTPHONE HARDWARE: ANATOMY OF A HANDSET. Mainak Chaudhuri Indian Institute of Technology Kanpur Commonwealth of Learning Vancouver
SMARTPHONE HARDWARE: ANATOMY OF A HANDSET Mainak Chaudhuri Indian Institute of Technology Kanpur Commonwealth of Learning Vancouver Outline of topics What is the hardware architecture of a How does communication
More informationAn Improved Trace Driven Instruction Cache Timing Attack on RSA
An Improved Trace Driven Instruction Cache Timing Attack on RSA Chen Cai-Sen 1*, Wang Tao 1, Chen Xiao-Cen 2 and Zhou Ping 1 1 Department of Computer Engineering, Ordnance Engineering College, China 2
More informationElliptic Curve Cryptography and its Application in the Secure Socket Layer/Transport Layer Security Protocol
Elliptic Curve Cryptography and its Application in the Secure Socket Layer/Transport Layer Security Protocol M. Cimi Thomas 1* and S. Sheeja 2 1* Research Scholar, Department of Computer Science, Karpagam
More informationFantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript
Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript Michael Schwarz, Clémentine Maurice, Daniel Gruss, Stefan Mangard Graz University of Technology April 2017
More informationWho we are. Eshard - Embedded Security Company. Software & Hardware Security. What do we
Who we are Eshard - Embedded Security Company Software & Hardware Security What do we do: Tools: Side Channel / Code Analysis Consultancy Audit Training @eshardnews https://www.eshard.com contact@eshard.com
More informationJavaScript Zero. Real JavaScript and Zero Side-Channel Attacks. Michael Schwarz, Moritz Lipp, Daniel Gruss
JavaScript Zero Real JavaScript and Zero Side-Channel Attacks Michael Schwarz, Moritz Lipp, Daniel Gruss 20.02.2018 www.iaik.tugraz.at 1 Michael Schwarz, Moritz Lipp, Daniel Gruss www.iaik.tugraz.at Outline
More informationCovert Timing Channels Exploiting Non-Uniform Memory Access based Architectures
Covert Timing Channels Exploiting Non-Uniform Memory Access based Architectures Fan Yao, Guru Venkataramani and Miloš Doroslovački Department of Electrical and Computer Engineering The George Washington
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationAdaptive Android Kernel Live Patching
USENIX Security Symposium 2017 Adaptive Android Kernel Live Patching Yue Chen 1, Yulong Zhang 2, Zhi Wang 1, Liangzhao Xia 2, Chenfu Bao 2, Tao Wei 2 Florida State University 1 Baidu X-Lab 2 Android Kernel
More informationSecure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Attacks
: Defending Against Cache-Based Side Channel Attacks Mengjia Yan, Bhargava Gopireddy, Thomas Shull, Josep Torrellas University of Illinois at Urbana-Champaign http://iacoma.cs.uiuc.edu Presented by Mengjia
More informationAn Infestation of Dragons
An Infestation of Dragons Exploring Vulnerabilities in the ARM TrustZone Architecture A story of Research: @m0nk_dot @natronkeltner @afrocheese Who Are We Josh Thomas @m0nk_dot / josh@atredis.com Partner
More informationBreaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX. Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology
Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology Kernel Address Space Layout Randomization (KASLR) A statistical
More informationOn Cache Timing Attacks Considering Multi-Core Aspects in Virtualized Embedded Systems
On Cache Timing Attacks Considering Multi-Core Aspects in Virtualized Embedded Systems Michael Weiß 1, Benjamin Weggenmann 1, Moritz August 2, and Georg Sigl 2 1 Fraunhofer Institut AISEC, Garching, Germany
More informationOn Analyzing Program Behavior Under Fault Injection Attacks
On Analyzing Program Behavior Under Fault Injection Attacks Jakub Breier Physical Analysis and Cryptographic Engineering Nanyang Technological University, Singapore jbreier@ntuedusg Abstract Fault attacks
More informationHOT CHIPS 2014 NVIDIA S DENVER PROCESSOR. Darrell Boggs, CPU Architecture Co-authors: Gary Brown, Bill Rozas, Nathan Tuck, K S Venkatraman
HOT CHIPS 2014 NVIDIA S DENVER PROCESSOR Darrell Boggs, CPU Architecture Co-authors: Gary Brown, Bill Rozas, Nathan Tuck, K S Venkatraman TEGRA K1 with Dual Denver CPUs The First 64-bit Android Kepler-Class
More informationQSEE TrustZone Kernel Integer Overflow Vulnerability
QSEE TrustZone Kernel Integer Overflow Vulnerability Dan Rosenberg dr@azimuthsecurity.com July 1, 2014 1 Introduction This paper discusses the nature of a vulnerability within the Qualcomm QSEE TrustZone
More informationExploiting Branch Target Injection. Jann Horn, Google Project Zero
Exploiting Branch Target Injection Jann Horn, Google Project Zero 1 Outline Introduction Reverse-engineering branch prediction Leaking host memory from KVM 2 Disclaimer I haven't worked in CPU design I
More informationLecture 20: Multi-Cache Designs. Spring 2018 Jason Tang
Lecture 20: Multi-Cache Designs Spring 2018 Jason Tang 1 Topics Split caches Multi-level caches Multiprocessor caches 2 3 Cs of Memory Behaviors Classify all cache misses as: Compulsory Miss (also cold-start
More informationSpectre Returns! Speculation Attacks Using Return Stack Buffer
Spectre Returns! Speculation Attacks Using Return Stack Buffer Esmaeil Mohammadian, Khaled N. Khasawneh, Chengyue Song and Nael Abu-Ghazaleh University of California, Riverside WOOT 2018 BALTIMORE, USA
More informationCauldron: A Framework to Defend Against Cache-based Side-channel Attacks in Clouds
Cauldron: A Framework to Defend Against Cache-based Side-channel Attacks in Clouds Mohammad Ahmad, Read Sprabery, Konstantin Evchenko, Abhilash Raj, Dr. Rakesh Bobba, Dr. Sibin Mohan, Dr. Roy Campbell
More informationPost-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives
Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg
More informationPerformance is awesome!
Acknowledgements I Background music for the choir song kindly provided by Kerbo-Kev. Cooking photos kindly provided by Becca Lee (ladyfaceblog). Santa Clause images by http://www.thevectorart.com/ Some
More informationPost-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives
Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives Sebastian Ramacher Joint work with Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Christian Rechberger, Daniel
More informationCache-timing attack against aes crypto system - countermeasures review
Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2014 Cache-timing attack against aes crypto system - countermeasures
More informationA Mechanism to Prevent Side Channel Attacks in Cloud Computing Environments
A Mechanism to Prevent Side Channel Attacks in Cloud Computing Environments Tzong-An Su Fenh Chia University Taichung, Taiwan Abstract - Cloud computing provides the benefits of scalability, agility, reliability,
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationIntroduction to the Tegra SoC Family and the ARM Architecture. Kristoffer Robin Stokke, PhD FLIR UAS
Introduction to the Tegra SoC Family and the ARM Architecture Kristoffer Robin Stokke, PhD FLIR UAS Goals of Lecture To give you something concrete to start on Simple introduction to ARMv8 NEON programming
More informationChina smartphone AP shipments DIGITIMES Research Data service forecast, 1Q14
China smartphone AP shipments DIGITIMES Research Data service forecast, 1Q14 Research Analyst: Eric Lin January 2014 Introduction Global smartphone AP suppliers will see their shipments to China grow only
More informationSmart TV Security Solution V2.0 for Samsung Knox. Certification Report
KECS-CR-17-82 Smart TV Security Solution V2.0 for Samsung Knox Certification Report Certification No.: KECS-CISS-0846-2017 2017. 12. 27 IT Security Certification Center History of Creation and Revision
More information