Memory Defenses. The Elevation from Obscurity to Headlines. Rajeev Balasubramonian School of Computing, University of Utah

Similar documents
Secure DIMM: Moving ORAM Primitives Closer to Memory

Design and Implementation of the Ascend Secure Processor. Ling Ren, Christopher W. Fletcher, Albert Kwon, Marten van Dijk, Srinivas Devadas

Lecture 24: Memory, VM, Multiproc

Ascend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM)

PageVault: Securing Off-Chip Memory Using Page-Based Authen?ca?on. Blaise-Pascal Tine Sudhakar Yalamanchili

A HIGH-PERFORMANCE OBLIVIOUS RAM CONTROLLER ON THE CONVEY HC-2EX HETEROGENEOUS COMPUTING PLATFORM

Architecture- level Security Issues for main memory. Ali Shafiee

Sanctum: Minimal HW Extensions for Strong SW Isolation

Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron

Searchable Encryption Using ORAM. Benny Pinkas

The Ascend Secure Processor. Christopher Fletcher MIT

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

Main Memory and the CPU Cache

Obliviate: A Data Oblivious File System for Intel SGX. Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq Sarfaraz Byoungyoung Lee

ObfusMem: A Low-Overhead Access Obfuscation for Trusted Memories

Raccoon: Closing Digital Side-Channels through Obfuscated Execution

From bottom to top: Exploiting hardware side channels in web browsers

Reducing Hit Times. Critical Influence on cycle-time or CPI. small is always faster and can be put on chip

EE 457 Unit 7b. Main Memory Organization

Silent Shredder: Zero-Cost Shredding For Secure Non-Volatile Main Memory Controllers

Protecting Private Data in the Cloud: A Path Oblivious RAM Protocol

Lecture 14: Cache Innovations and DRAM. Today: cache access basics and innovations, DRAM (Sections )

Hardware Enclave Attacks CS261

Ming Ming Wong Jawad Haj-Yahya Anupam Chattopadhyay

15-740/ Computer Architecture Lecture 19: Main Memory. Prof. Onur Mutlu Carnegie Mellon University

SGXBounds Memory Safety for Shielded Execution

Locking Down the Processor via the Rowhammer Attack

Lecture 5: Scheduling and Reliability. Topics: scheduling policies, handling DRAM errors

Computer Systems Architecture I. CSE 560M Lecture 18 Guest Lecturer: Shakir James

Rapid Detection of RowHammer Attacks using Dynamic Skewed Hash Tree

Lecture: Cache Hierarchies. Topics: cache innovations (Sections B.1-B.3, 2.1)

The Last Mile An Empirical Study of Timing Channels on sel4

Last lecture we talked about how Intrusion Detection works. Today we will talk about the attacks. Intrusion Detection. Shell code

Lecture 16: Cache in Context (Uniprocessor) James C. Hoe Department of ECE Carnegie Mellon University

(a) Which of these two conditions (high or low) is considered more serious? Justify your answer.

Lecture: Large Caches, Virtual Memory. Topics: cache innovations (Sections 2.4, B.4, B.5)

Securing the Frisbee Multicast Disk Loader

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD

Why memory hierarchy? Memory hierarchy. Memory hierarchy goals. CS2410: Computer Architecture. L1 cache design. Sangyeun Cho

Locality. CS429: Computer Organization and Architecture. Locality Example 2. Locality Example

Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX

SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees

MEMORY/RESOURCE MANAGEMENT IN MULTICORE SYSTEMS

TDT Appendix E Interconnection Networks

DRAM Main Memory. Dual Inline Memory Module (DIMM)

Micro-Architectural Attacks and Countermeasures

And Then There Were More:

Secure Remote Storage Using Oblivious RAM

Exploring Timing Side-channel Attacks on Path-ORAMs

Donn Morrison Department of Computer Science. TDT4255 Memory hierarchies

Design Space Exploration and Optimization of Path Oblivious RAM in Secure Processors

Efficient Memory Integrity Verification and Encryption for Secure Processors

Deterministic Memory Abstraction and Supporting Multicore System Architecture

COS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy

Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas

Introduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017

CS 550 Operating Systems Spring File System

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

ROTE: Rollback Protection for Trusted Execution

CSC 5930/9010 Cloud S & P: Cloud Primitives

Lecture 16: On-Chip Networks. Topics: Cache networks, NoC basics

Lecture 15: PCM, Networks. Today: PCM wrap-up, projects discussion, on-chip networks background

Page 1. Multilevel Memories (Improving performance using a little cash )

Secure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Attacks

Replacement policies for shared caches on symmetric multicores : a programmer-centric point of view

6.857 L17. Secure Processors. Srini Devadas

Eastern Mediterranean University School of Computing and Technology CACHE MEMORY. Computer memory is organized into a hierarchy.

Towards Constant Bandwidth Overhead Integrity Checking of Untrusted Data

Storage and File System

Lecture 8: Virtual Memory. Today: DRAM innovations, virtual memory (Sections )

Making Searchable Encryption Scale to the Cloud. Ian Miers and Payman Mohassel

Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud

Towards Constant Bandwidth Overhead Integrity Checking of Untrusted Data

File Systems. Kartik Gopalan. Chapter 4 From Tanenbaum s Modern Operating System

and data combined) is equal to 7% of the number of instructions. Miss Rate with Second- Level Cache, Direct- Mapped Speed

ECE 598-MS: Advanced Memory and Storage Systems Lecture 7: Unified Address Translation with FlashMap

Practical Near-Data Processing for In-Memory Analytics Frameworks

System-centric Solutions to

Out of Order Processing

CSCI 1800 Cybersecurity and International Relations. Computer Hardware & Software John E. Savage Brown University

Securing Multiple Mobile Platforms

Lecture 18: Core Design, Parallel Algos

Advanced Caches. ECE/CS 752 Fall 2017

Memories: Memory Technology

Spring 2018 :: CSE 502. Main Memory & DRAM. Nima Honarmand

Memory Hierarchy. Slides contents from:

Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM

Influential OS Research Security. Michael Raitza

Lecture 15: NoC Innovations. Today: power and performance innovations for NoCs

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Using a Certified Hypervisor to Secure V2X communication

SentinelOne Technical Brief

Snoop-Based Multiprocessor Design III: Case Studies

Advanced Memory Organizations

CS 356 Operating System Security. Fall 2013

Cooperative Path-ORAM for Effective Memory Bandwidth Sharing in Server Settings

Lixia Liu, Zhiyuan Li Purdue University, USA. grants ST-HEC , CPA and CPA , and by a Google Fellowship

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware

Hardening Fingerprint Authentication Systems Using Intel s SGX Enclave Technology. Interim Progress Report

Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi

Transcription:

Memory Defenses The Elevation from Obscurity to Headlines Rajeev Balasubramonian School of Computing, University of Utah

Image sources: pinterest, gizmodo 2

Spectre Overview Victim Code x is controlled by attacker Thanks to bpred, x can be anything if (x < array1_size) y = array2[ array1[x] ]; array1[ ] is the secret Access pattern of array2[ ] betrays the secret 3

What Did We Learn? Speculation + Specific Code + No side channel defenses 4

The Wake Up Call Say Yes to Side Channel Defenses 5

Overview Memory timing channels The Fixed Service memory controller [MICRO 2015] Memory access patterns Near-data ORAM [HPCA 2018] Memory integrity Improving SGX with VAULT [ASPLOS 2018] 6

Memory Timing Channels Victim Attacker VM 1 CORE 1 VM 2 CORE 2 MC Two VMs sharing a processor and memory channel 7

Possible Attacks VM 1 CORE 1 VM 2 CORE 2 MC Attack 1: Bits in a key influence memory accesses Attack 2: A victim can betray secrets through memory activity Attack 3: A covert channel attack 8

Covert Channel Attack Electronic health records 3 rd party document reader Conspirator VM 1 CORE 1 VM 2 CORE 2 MC A covert channel 9

Fixed Service Memory Controller VM-1 begins memory access VM-1 has its data in Rank-1 VM-2 has its data in Rank-2 VM-8 has its data in Rank-8 VM-2 begins memory access VM-8 begins memory access VM-1 begins memory access 0 7 49 56 Time (in cycles) 10

Fixed Service Details Deterministic schedule No resource contention Dummy accesses if nothing pending Lower bandwidth, higher latency Why 7? DRAM timing parameters, worst-case Rank partitioning: 7 cycle gap Bank partitioning: 15 cycle gap No partitioning: 43 cycle gap 11

Overcoming Worst-Case In one batch of requests, schedule all reads, followed by all writes (worst-case encountered once per batch) Impose constraints on banks that can be accessed triple bank alternation Red: Bank-id mod 3 = 0 Blue: Bank-id mod 3 = 1 Green: Bank-id mod 3 = 2 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 15 3x15 = 45 > 43 12

Results NON-SECURE BASELINE 1.0 PERFORMANCE FS: RD/WR-REORDER 0.48 FS 0.74 FS: TRIPLE ALTERNATION 0.40 0.43 TP 0.20 TP Increased OS complexity NO PARTITIONING BANK PARTITIONING RANK PARTITIONING 13

Overview Memory timing channels The Fixed Service memory controller [MICRO 2015] Memory access patterns Near-data ORAM [HPCA 2018] Memory integrity Improving SGX with VAULT [ASPLOS 2018] 14

Oblivious RAM Assumes that addresses are exposed Image sources: vice.com PHANTOM [CCS 13]: Memory bandwidth overhead of 15

Oblivious RAM Assumes that addresses are exposed Image sources: vice.com PHANTOM [CCS 13]: Memory bandwidth overhead of 2560x (about 280x today) 16

Path-ORAM Stash 17

A Distributed ORAM Authenticated buffer chip Processor MC All buses are exposed ORAM operations shift from Processor to SDIMM. ORAM traffic pattern shifts from the memory bus to on- SDIMM private buses. Buffer chip and processor communication is encrypted 18

The Independent ORAM Protocol Processor MC 1. Each SDIMM handles a subtree of the ORAM tree. 2. Only traffic on shared memory channel: CPU requests and leaf-id reassignments. 3. As much parallelism as the number of SDIMMs. 19

The Split ORAM Protocol Processor MC 1. Each SDIMM handles a subset of every node. 2. Only metadata is sent to the processor. 3. The processor tells the SDIMMs how to shuffle data. 4. Lower latency per ORAM request, but lower parallelism as well. 20

ORAM Results Summary Can combine the Independent and Split protocols to find the best balance of latency and parallelism Bandwidth demands are reduced from 280x 35x Execution time overheads from 5.2x 2.7x Reduces memory energy by 2.5x 21

Overview Memory timing channels The Fixed Service memory controller [MICRO 2015] Memory access patterns Near-data ORAM [HPCA 2018] Memory integrity Improving SGX with VAULT [ASPLOS 2018] 22

Intel SGX Basics Intel SGX Enclave 1 Enclave N EPC 96MB Non-EPC Sen Non-EPC NSen Memory 1. Enclave data is protected from malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity tree protects non-epc Sen. 4. This keeps overheads (bw and capacity) of integrity tree low. 5. Entails frequent paging between EPC and non-epc. 23

Intel SGX Basics Intel SGX Enclave 1 Enclave N EPC 96MB Non-EPC Sen Non-EPC NSen Memory VAULT: Unify EPC and non-epc to reduce paging. New integrity tree for low bw. Better metadata for capacity. 1. Enclave data is protected from malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity tree protects non-epc Sen. 4. This keeps overheads (bw and capacity) of integrity tree low. 5. Entails frequent paging between EPC and non-epc. 24

SGX Overheads 25

Bonsai Merkle Tree 64+512 bits Intermediate Hashes Hash Hash Hash 64 bits 512 bits Hash Hash Hash Leaf hashes 512 bits for 64 counters Arity=64 MAC Data Block Data Block MAC Arity=8 Root block in processor Shared global counter 64b 7b Local counter 26 7b

VAULT 1. Small linkage counters high arity, compact/shallow tree, better cacheability. 2. Variable counter width to manage overflow. 3. Reduces bandwidth overhead for integrity verification. 27

VAULT+SMC 1. MAC storage and bw overheads are high. 2. Sharing a MAC among 4 blocks reduces storage, but incr bw. 3. A block is compressed and the MAC is embedded in the block reduces bw and storage. 28

Integrity Results Summary 3.7x performance improvement over SGX primarily because of lower paging overheads A large effective EPC is palatable 4.7% storage overhead and a more scalable tree (34% better than the SGX tree) VAULT+SMC 29

Big Finish Memory defenses were purely academic pursuits Integrity trees now a part of Intel SGX: overheads of 2x 40x VAULT improves integrity overhead to 1.5x 2.5x FS eliminates timing channels with overhead of 2x SDIMM improves ORAM overhead to 2.7x An array of memory defenses is now commercially viable and strategic given latent vulnerabilities Acks: Ali Shafiee, Meysam Taassori, Akhila Gundu, Manju Shevgoor, Mohit Tiwari, Feifei Li, NSF, Intel. 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback