Information Security – Theory vs

Slides:



Advertisements
Similar presentations
Cross-VM Side Channels and Their Use to Extract Private Keys
Advertisements

Computer Architecture Instruction-Level Parallel Processors
Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
1 Information Security – Theory vs. Reality , Winter 2011 Lecture 2: Crypto review, fault attacks Eran Tromer (This lecture was given mostly.
Microprocessors. Von Neumann architecture Data and instructions in single read/write memory Contents of memory addressable by location, independent of.
1 Lecture 20 – Caching and Virtual Memory  2004 Morgan Kaufmann Publishers Lecture 20 Caches and Virtual Memory.
1 Information Security – Theory vs. Reality , Winter 2011 Lecture 1: Introduction Eran Tromer.
Full AES key extraction in 65 milliseconds using cache attacks
CSCE101 – 4.2, 4.3 October 17, Power Supply Surge Protector –protects from power spikes which ruin hardware. Voltage Regulator – protects from insufficient.
Cryptanalysis through Cache Address Leakage Eran Tromer Adi Shamir Dag Arne Osvik.
RISC. Rational Behind RISC Few of the complex instructions were used –data movement – 45% –ALU ops – 25% –branching – 30% Cheaper memory VLSI technology.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Written by Thomas Ristenpart Eran Tromer Hovav Shacham Stehan.
1 Introduction to Information Security , Spring 2013 Lecture 9: Trusted computing architecture (cont.) Side-channel attacks Eran Tromer Slides.
Guanhai Wang, Minglu Li and Chuliang Weng Shanghai Jiao Tong University, China. SVM09, Wuhan, China.
1 Information Security – Theory vs. Reality , Winter Lecture 1: Introduction Eran Tromer with guest appearance by Daniel Genkin.
Lecture #30 Page 1 ECE 4110– Sequential Logic Design Lecture #30 Agenda 1.von Neumann Stored Program Computer Architecture Announcements 1.N/A.
Performance of mathematical software Agner Fog Technical University of Denmark
Super computers Parallel Processing By Lecturer: Aisha Dawood.
A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.
Architectural Side Channels in Cloud Computing
1 Information Security – Theory vs. Reality , Winter Lecture 1: Introduction Eran Tromer with guest appearance by Daniel Genkin.
Side-channels Tom Ristenpart CS Pick target(s) Choose launch parameters for malicious VMs Each VM checks for co-residence Frequently achieve advantageous.
Information Security – Theory vs
1 Information Security – Theory vs. Reality , Winter Lecture 1: Introduction, Architectural side channels 1/2 Lecturer: Eran Tromer.
CSCI1600: Embedded and Real Time Software Lecture 33: Worst Case Execution Time Steven Reiss, Fall 2015.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Chapter 2 Parallel Hardware and Parallel Software An Introduction to Parallel Programming Peter Pacheco.
Platform Abstraction Group 3. Question How to deal with different types hardware and software platforms? What detail to expose to the programmer? What.
1 Information Security – Theory vs. Reality , Winter Lecture 3: Power analysis, correlation power analysis Lecturer: Eran Tromer.
RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer.
Programming in the Context of a Typical Computer Computer Studies Created by Rex Woollard.
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
COEN 6741 Grading Scheme ► Test#1: 30% ► Test#2: 30% ► Project: 40%
Multi-Core CPUs Matt Kuehn. Roadmap ► Intel vs AMD ► Early multi-core processors ► Threads vs Physical Cores ► Multithreading and Multi-core processing.
Thwarting cache-based side- channel attacks Yuval Yarom The University of Adelaide and Data61.
Microarchitectural Side-Channel Attacks Part 2 Yuval Yarom The University of Adelaide and Data61 1.
Microarchitectural Side-Channel Attacks Yuval Yarom The University of Adelaide and Data61 1.
Covert Channels Through Branch Predictors: a Feasibility Study
Cache Advanced Higher.
Virtualization.
Secure Dynamic Memory Scheduling against Timing Channel Attacks
ARM.
EnGarde: Mutually Trusted Inspection of SGX Enclaves
New Cache Designs for Thwarting Cache-based Side Channel Attacks
Written by : Thomas Ristenpart, Eran Tromer, Hovav Shacham,
Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR
Computer Architecture Principles Dr. Mike Frank
RIC: Relaxed Inclusion Caches for Mitigating LLC Side-Channel Attacks
Bruhadeshwar Meltdown Bruhadeshwar
Lecture 23: Cache, Memory, Security
Super Quick Architecture Review
OS Virtualization.
Presented by: Isaac Martin
CSCI1600: Embedded and Real Time Software
Meltdown and Spectre: Complexity and the death of security
Diptendu Kar
ConfMVM: A Hardware-Assisted Model to Confine Malicious VMs
University of California, Riverside
Mengjia Yan† , Jiho Choi† , Dimitrios Skarlatos,
ARM.
Meltdown and Spectre: Complexity and the death of security
Introduction to Heterogeneous Parallel Computing
Trace-Driven Cache Attacks on AES Onur Acıi¸cmez1 and çetin Kaya Ko¸c1,2 1 Oregon State University, School of EECS Corvallis, OR 97331, USA 2 Information.
Maria Méndez Real, Vincent Migliore, Vianney Lapotre, Guy Gogniat
Landon Cox January 17, 2018 January 22, 2018
Introduction to Optimization
CSCI1600: Embedded and Real Time Software
University of Illinois at Urbana-Champaign
MicroScope: Enabling Microarchitectural Replay Attacks
Meltdown & Spectre Attacks
Introduction to CUDA Programming
Presentation transcript:

Information Security – Theory vs Information Security – Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 2: Architectural side-channels (2/2) Lecturer: Eran Tromer

Course agenda

Architectural side-channel attacks (cont.)

L3 Flush+Reload attack [Yarom Falkner 2014] Target outermost cache, shared between all CPU cores (typically L3) RSA key extraction from GnuPG 1.4.13 Target specific memory block (instead of cache set) Exploits memory deduplication (content-based page sharing) Common code, libraries, data across VMs Supposedly safe (nominally, no new information flow)

L3 flush+reload attack (cont.)  

L3 flush+reload attack on GnuPG’s RSA   [Yarom Falkner 2014]

Other attacks on RSA Cache attack using HyperThreading [Percival 05] Attacker’s MUL time Cache attack using HyperThreading [Percival 05] ALU multiplier attack [Aciicmez Seifert 2007] cache set time time MUL SQR Victim’s operation On whiteboard: m-ary exponentiation

Other architectural attacks (Whiteboard discussion) Covert channels [Hu ’91, ‘92] Hardware-assisted – Power trace [Page ’02] Timing attacks via internal collisions [Tsunoo Tsujihara Minematsu Miyuachi ’02] [Tsunoo Saito Suzaki Shigeri Miyauchi ’03] Model-less timing attacks [Bernstein ’04] RSA [Percival ’05] Exploiting the scheduler [Neve Seifrert ’07] Improve temporal resolution by causing victim to get tiny time slice Instruction cache Aciicmez ’07] Exploits difference between code paths Attacks are analogous to data cache attack Branch prediction [Aciicmez Schindler Koc ’06–’07] Exploits difference in choice of code path BP state is a shared resource ALU resources [Aciicmez Seifert ’07] Exploits contention for the multiplication units Many followups

(classroom discussion) Mitigation (classroom discussion)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.