Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Illinois at Urbana-Champaign

Published byEthelbert Jayson Caldwell Modified over 5 years ago

Similar presentations

Presentation on theme: "University of Illinois at Urbana-Champaign"— Presentation transcript:

1 University of Illinois at Urbana-Champaign
Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World Mengjia Yan, Read Sprabery, Bhargava Gopireddy, Christopher W. Fletcher, Roy Campbell, Josep Torrellas University of Illinois at Urbana-Champaign S&P’19 May 21 Btw, I’m a computer architect. According to my understanding, the cache design in the latest intel processor is very reasonable, but vulnerable to our directory-based side channel attacks.

2 Cache Side Channel Attacks are Popular and Effective
Attack Platforms Target Applications VM Isolation Core L1 Shared LLC Victim VM Attacker For example, given a multi-core processor, we have virtual machines from different users, even though we have software isolation, information leakage can still happen due to the shared cache resources.

3 Why another cache side channel attack?
So, since the attacks are already so successful, why we need another side channel attack?

4 Cache Side Channel Attacks on Inclusive Caches
Flush+Reload Flush+Flush Prime+Probe Prime+Abort Evict+Reload Invalidate+Transfer Flush+Prefetch ……. Conflict-based attacks. Only demonstrated on inclusive cache hierarchies. The reason is as follows. Except those attacks that require the clflush instruction, the rest of them are called conflict-based attacks. These attacks are stealthier, more difficult to defend against, since they leverage cache conflicts to evict victim’s line out of cache. While, those attacks have only been demonstrated on inclusive cache hierarchies, which is fine. Because 2 years ago, all intel processors use inclusive caches.

5 New Intel Processors Use Non-inclusive Caches
New Intel CPU Cache Architecture Boosts Protection Against Side-Channel Attacks Skylake-X/SP (released in 2017) Things changed in 2017. What happened next is that people thinks cache attacks will fail on these processors. You can still find articles online with a title such as …… This is the time you need our new cache attack to prove this assumption is wrong. We challenge this assumption and prove that it is wrong

6 Inclusive Caches v.s. Non-inclusive Caches
Inclusive: Private L2 lines are also present in LLC Non-inclusive: Private L2 lines may or may not be present in LLC private L2 private L2 shared LLC (inclusive) shared LLC (non-inclusive)

7 Challenges of Conflict-based Attacks
Lack of Visibility into the Victim’s Private Cache Target address Attacker’s addresses victim cache 0 attacker cache 1 victim cache 0 attacker cache 1 evict an inclusion victim private L2 Victim’s line does not exist in LLC shared LLC Let me show you how the attacks work differently on these two different cache hierarchies. insert to LLC. No conflict No inclusion victim insert to LLC. cache conflict. Inclusion Victim (a) inclusive cache (b) non-inclusive cache

8 The Inclusive Directory Structure in Skylake-X
Directory (snoop filter): tracks presence information for cache lines TD holds directory entries for lines in LLC slice ED holds directory entries for lines in L2 but not LLC Directory is inclusive cache lines …… …… …… Shared LLC slice extended directory (ED) traditional directory (TD) The new attack surface!

9 Prime+Probe Attacks on Skylake-X
The attacker causes conflicts in ED  evict victim’s line from L2 to LLC Prime victim core 0 attacker core 1 cache line directory entry Private L2 Target address …… Attacker's addresses cache lines In a typical cloud server, multiple users are co-located on the same chip. From a VM perspective, they are isolated from each other. However, the shared hardware such as LLC can still leak information. In a cache side-channel attack, Attacker/spy observe’s …. to obtain sensitive information. …… …… …… Shared LLC slice inclusion victim extended directory (ED) traditional directory (TD) …… ……

10 Prime+Probe Attacks on Skylake-X
The victim re-accesses the line  Directory entry reloaded and attacker can observe Probe victim core 0 attacker core 1 cache line directory entry Private L2 …… …… Target address cache lines Attacker's addresses In a typical cloud server, multiple users are co-located on the same chip. From a VM perspective, they are isolated from each other. However, the shared hardware such as LLC can still leak information. In a cache side-channel attack, Attacker/spy observe’s …. to obtain sensitive information. …… …… …… Shared LLC slice …… extended directory (ED) traditional directory (TD)

11 Evaluation on RSA Encryption Algorithm
Square-and-Multiply Exponentiation (GnuPG ) for i = n-1 to 0 do r = sqr(r) mod n if ei == 1 then r = mul(r, b) mod n end end

12 Evaluation Trace Epoch ID Access latencies measured in the probe operation in Prime+Probe. A sequence of “ ” can be deduced as part of the exponent.

13 More in the Paper Eviction set construction algorithm
Steps of reverse engineering the directory structure A multi-threaded high-bandwidth Evict+Reload attack Attack results on AMD machines

14 University of Illinois at Urbana-Champaign
Countermeasures Increase directory associativity  unrealistic Way-partition of the directory  not feasible SecDir: A Secure Directory to Defeat Directory Side Channel Attacks [ISCA’19] Mengjia Yan, Jen-Yang Wen, Christopher W. Fletcher, and Josep Torrellas University of Illinois at Urbana-Champaign

15 Directory = The unified structure for conflict-based cache attacks
Main Contributions Reverse engineer the directory structure First two cache attacks on non-inclusive caches Evaluate on RSA Is it true? We find it is not true at all Just as vulnerable as before I investigate the new hierarchy and find there is another structure  directory, make the processor as vulnerable as before Directory = The unified structure for conflict-based cache attacks

16 Thank You!

Download ppt "University of Illinois at Urbana-Champaign"

Similar presentations

Virtual Hierarchies to Support Server Consolidation Michael Marty and Mark Hill University of Wisconsin - Madison.

Virtual Hierarchies to Support Server Consolidation Michael Marty and Mark Hill University of Wisconsin - Madison.
Cross-VM Side Channels and Their Use to Extract Private Keys

Cross-VM Side Channels and Their Use to Extract Private Keys
Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)

Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
1 Lecture 17: Large Cache Design Papers: Managing Distributed, Shared L2 Caches through OS-Level Page Allocation, Cho and Jin, MICRO’06 Co-Operative Caching.

1 Lecture 17: Large Cache Design Papers: Managing Distributed, Shared L2 Caches through OS-Level Page Allocation, Cho and Jin, MICRO’06 Co-Operative Caching.
A KTEC Center of Excellence 1 Cooperative Caching for Chip Multiprocessors Jichuan Chang and Gurindar S. Sohi University of Wisconsin-Madison.

A KTEC Center of Excellence 1 Cooperative Caching for Chip Multiprocessors Jichuan Chang and Gurindar S. Sohi University of Wisconsin-Madison.
High Performing Cache Hierarchies for Server Workloads

High Performing Cache Hierarchies for Server Workloads
CSE 490/590, Spring 2011 CSE 490/590 Computer Architecture Cache III Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 490/590, Spring 2011 CSE 490/590 Computer Architecture Cache III Steve Ko Computer Sciences and Engineering University at Buffalo.
1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.

1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.
Cache Coherent Distributed Shared Memory. Motivations Small processor count –SMP machines –Single shared memory with multiple processors interconnected.

Cache Coherent Distributed Shared Memory. Motivations Small processor count –SMP machines –Single shared memory with multiple processors interconnected.
Nov 2010 1 COMP60621 Concurrent Programming for Numerical Applications Lecture 6 Chronos – a Dell Multicore Computer Len Freeman, Graham Riley Centre for.

Nov COMP60621 Concurrent Programming for Numerical Applications Lecture 6 Chronos – a Dell Multicore Computer Len Freeman, Graham Riley Centre for.
By Christopher Moran, Nicoara Talpes 1.  Solution is addressed to VMs that are web servers  Web servers should not have confidential information anyway.

By Christopher Moran, Nicoara Talpes 1.  Solution is addressed to VMs that are web servers  Web servers should not have confidential information anyway.
PREVENTING CRYPTOGRAPHIC KEY LEAKAGE IN CLOUD VIRTUAL MACHINES STUDENT: FATEMAH ALHARBI PROFESSOR: NAEL ABU-GHAZALEH EE260 SEMINAR IN ELECTRICAL ENGINEERING.

PREVENTING CRYPTOGRAPHIC KEY LEAKAGE IN CLOUD VIRTUAL MACHINES STUDENT: FATEMAH ALHARBI PROFESSOR: NAEL ABU-GHAZALEH EE260 SEMINAR IN ELECTRICAL ENGINEERING.
Paper Title Your Name CMSC 838 Presentation. CMSC 838T – Presentation Motivation u Problem paper is trying to solve  Characteristics of problem  … u.

Paper Title Your Name CMSC 838 Presentation. CMSC 838T – Presentation Motivation u Problem paper is trying to solve  Characteristics of problem  … u.
Scheduler-based Defenses against Cross-VM Side- channels Venkat(anathan) Varadarajan, Thomas Ristenpart, and Michael Swift 1 D EPARTMENT OF C OMPUTER S.

Scheduler-based Defenses against Cross-VM Side- channels Venkat(anathan) Varadarajan, Thomas Ristenpart, and Michael Swift 1 D EPARTMENT OF C OMPUTER S.
NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.

NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.
Parallel Programming Models Jihad El-Sana These slides are based on the book: Introduction to Parallel Computing, Blaise Barney, Lawrence Livermore National.

Parallel Programming Models Jihad El-Sana These slides are based on the book: Introduction to Parallel Computing, Blaise Barney, Lawrence Livermore National.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.

Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
Ether: Malware Analysis via Hardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang Presenter:

Ether: Malware Analysis via Hardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang Presenter:
Protecting e -Government Against Attacks Gernot Heiser NICTA and University of New South Wales.

Protecting e -Government Against Attacks Gernot Heiser NICTA and University of New South Wales.
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.

Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.

Similar presentations

Ads by Google