research-article

Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud

Authors:

Michael K. ReiterAuthors Info & Claims

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 827 - 838

https://doi.org/10.1145/2508859.2516741

Published: 04 November 2013 Publication History

Abstract

This paper presents the design, implementation and evaluation of a system called Düppel that enables a tenant virtual machine to defend itself from cache-based side-channel attacks in public clouds. Düppel includes defenses for time-shared caches such as per-core L1 and L2 caches. Experiments in the lab and on public clouds show that Düppel effectively obfuscates timing signals available to an attacker VM via these caches and incurs modest performance overheads (at most 7% and usually much less) in the common case of no side-channel attacks. Moreover, Düppel requires no changes to hypervisors or support from cloud operators.

References

[1]

O. Aciiçmez. Yet another microarchitectural attack: Exploiting I-cache. In Proceedings of the 2007 ACM Workshop on Computer Security Architecture, pages 11--18, 2007.

Digital Library

[2]

O. Aciiçmez, B. B. Brumley, and P. Grabher. New results on instruction cache attacks. In Proceedings of the 12th International Conference on Cryptographic Hardware and Embedded Systems, pages 110--124, 2010.

Digital Library

[3]

O. Aciiçmez, S. Gueron, and J.-P. Seifert. New branch prediction vulnerabilities in openSSL and necessary software countermeasures. In Proceedings of the 11th IMA International Conference on Cryptography and Coding, pages 185--203, 2007.

Digital Library

[4]

O. Aciiçmez, C. K. Koç, and J.-P. Seifert. On the power of simple branch prediction analysis. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pages 312--320, 2007.

Digital Library

[5]

O. Aciicmez and J.-P. Seifert. Cheap hardware parallelism implies cheap security. In Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography, pages 80--91, 2007.

Digital Library

[6]

A. Aviram, S. Hu, B. Ford, and R. Gummadi. Determinating timing channels in compute clouds. In Proceedings of the 2010 ACM Cloud Computing Security Workshop, pages 103--108, 2010.

Digital Library

[7]

C. Bienia, S. Kumar, J. P. Singh, and K. Li. The PARSEC benchmark suite: Characterization and architectural implications. In Proceedings of the 17th International Conference on Parallel Architectures and Compilation Techniques, Oct. 2008.

Digital Library

[8]

C. Bienia and K. Li. PARSEC 2.0: A new benchmark suite for chip-multiprocessors. In Proceedings of the 5th Workshop on Modeling, Benchmarking and Simulation, June 2009.

[9]

D. Bovet and M. Cesati. Understanding The Linux Kernel. Oreilly & Associates, 2005.

Digital Library

[10]

D. Chisnall. The Definitive Guide to the Xen Hypervisor (Prentice Hall Open Source Software Development Series). Prentice Hall PTR, Nov. 2007.

Digital Library

[11]

B. Coppens, I. Verbauwhede, K. D. Bosschere, and B. D. Sutter. Practical mitigations for timing-based side-channel attacks on modern x86 processors. In Proceedings of the 30th IEEE Symposium on Security and Privacy, pages 45--60, 2009.

Digital Library

[12]

L. Domnitser, A. Jaleel, J. Loew, N. Abu-Ghazaleh, and D. Ponomarev. Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks. ACM Transactions on Architecture and Code Optimization, 8(4), Jan. 2012.

Digital Library

[13]

D. Gullasch, E. Bangerter, and S. Krenn. Cache games -- bringing access-based cache attacks on AES to practice. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, pages 490--505, 2011.

Digital Library

[14]

R. Hund, C. Willems, and T. Holz. Practical timing side channel attacks against kernel space ASLR. In Proceedings of the 2013 IEEE Symposium on Security and Privacy, May 2013.

Digital Library

[15]

J. S. Hunter. The exponentially weighted moving average. Journal of Quality Technology, 18:203--210, 1986.

[16]

G. Keramidas, A. Antonopoulos, D. Serpanos, and S. Kaxiras. Non deterministic caches: a simple and effective defense against side channel attacks. Design Automation for Embedded Systems, 12:221--230, 2008.

Digital Library

[17]

T. Kim, M. Peinado, and G. Mainar-Ruiz. STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud. In Proceedings of the 21st USENIX Conference on Security Symposium, 2012.

Digital Library

[18]

R. Könighofer. A fast and cache-timing resistant implementation of the AES. In Topics in Cryptology -- CT-RSA 2008, volume 4964 of Lecture Notes in Computer Science, pages 187--202, 2008.

Digital Library

[19]

P. Li, D. Gao, and M. K. Reiter. Mitigating access-driven timing channels in clouds using StopWatch. In Proceedings of the 43rd IEEE/IFIP International Conference on Dependable Systems and Networks, June 2013.

Digital Library

[20]

R. Martin, J. Demme, and S. Sethumadhavan. TimeWarp: Rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. In Proceedings of the 39th International Symposium on Computer Architecture, pages 118--129, 2012.

Digital Library

[21]

D. Molnar, M. Piotrowski, D. Schultz, and D. Wagner. The program counter security model: Automatic detection and removal of control-flow side channel attacks. In Proceedings of the 8th International Conference on Information Security and Cryptology, pages 156--168, 2006.

Digital Library

[22]

D. Mosberger and T. Jin. httperf -- a tool for measuring web server performance. ACM SIGMETRICS Performance Evaluation Review, 26(3):31--37, Dec. 1998.

Digital Library

[23]

K. Mowery, S. Keelveedhi, and H. Shacham. Are AES x86 cache timing attacks still feasible? In Proceedings of the 2012 ACM Cloud Computing Security Workshop, CCSW '12, pages 19--24, New York, NY, USA, 2012. ACM.

Digital Library

[24]

M. Neve and J.-P. Seifert. Advances on access-driven cache attacks on AES. In Proceedings of the 13th International Conference on Selected Areas in Cryptography, pages 147--162, 2007.

Digital Library

[25]

D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: the case of AES. In Topics in Cryptology -- CT-RSA 2006, volume 3860 of Lecture Notes in Computer Science, pages 1--20, 2006.

Digital Library

[26]

D. Page. Partitioned cache architecture as a side-channel defense mechanism. http://eprint.iacr.org/2005/280, 2005.

[27]

C. Percival. Cache missing for fun and profit. In Proceedings of BSDCon 2005, 2005.

[28]

H. Raj, R. Nathuji, A. Singh, and P. England. Resource management for isolation enhanced cloud services. In Proceedings of the 2009 ACM Cloud Computing Security Workshop, pages 77--84, 2009.

Digital Library

[29]

T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security, pages 199--212, 2009.

Digital Library

[30]

J. Shi, X. Song, H. Chen, and B. Zang. Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, pages 194--199, 2011.

Digital Library

[31]

E. Tromer, D. A. Osvik, and A. Shamir. Efficient cache attacks on AES, and countermeasures. Journal of Cryptology, 23(2):37--71, Jan. 2010.

Digital Library

[32]

B. C. Vattikonda, S. Das, and H. Shacham. Eliminating fine grained timers in Xen. In Proceedings of the 3rd ACM Cloud Computing Security Workshop, pages 41--46, 2011.

Digital Library

[33]

Z. Wang and R. B. Lee. Covert and side channels due to processor architecture. In Proceedings of the 22nd Computer Security Applications Conference, pages 473--482, 2006.

Digital Library

[34]

Z. Wang and R. B. Lee. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th International Symposium on Computer Architecture, pages 494--505, 2007.

Digital Library

[35]

Z. Wang and R. B. Lee. A novel cache architecture with enhanced performance and security. In Proceedings of the 41st IEEE/ACM International Symposium on Microarchitecture, pages 83--93, 2008.

Digital Library

[36]

Y. Yarom and K. Falkner. Flush

[37]

Reload: a high resolution, low noise, L3 cache side-channel attack. http://eprint.iacr.org/2013/448, 2013.

[38]

Y. Zhang, A. Juels, A. Oprea, and M. K. Reiter. HomeAlone: Co-residency detection in the cloud via side-channel analysis. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, pages 313--328, May 2011.

Digital Library

[39]

Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, pages 305--316, 2012.

Digital Library

Cited By

Wang MZheng FLin JJiang FMa Y(2024)ZeroShield: Transparently Mitigating Code Page Sharing Attacks With Zero-Cost Stand-ByIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.343506219(7389-7403)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3435062
Kim HHahn CKim HShin YHur J(2024)Deep Learning-Based Detection for Multiple Cache Side-Channel AttacksIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.334008819(1672-1686)Online publication date: 2024
https://doi.org/10.1109/TIFS.2023.3340088
Song WXue ZHan JLi ZLiu P(2024)Randomizing Set-Associative Caches Against Conflict-Based Cache Side-Channel AttacksIEEE Transactions on Computers10.1109/TC.2024.334965973:4(1019-1033)Online publication date: Apr-2024
https://doi.org/10.1109/TC.2024.3349659
Show More Cited By

Index Terms

Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud
1. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

A Software Approach to Defeating Side Channels in Last-Level Caches
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

We present a software approach to mitigate access-driven side-channel attacks that leverage last-level caches (LLCs) shared across cores to leak information between security domains (e.g., tenants in a cloud). Our approach dynamically manages physical ...
Cross-VM side channels and their use to extract private keys
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack ...
Last-Level Cache Side-Channel Attacks are Practical
SP '15: Proceedings of the 2015 IEEE Symposium on Security and Privacy

We present an effective implementation of the Prime Probe side-channel attack against the last-level cache. We measure the capacity of the covert channel the attack creates and demonstrate a cross-core, cross-VM attack on multiple versions of GnuPG. Our ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

November 2013

1530 pages

ISBN:9781450324779

DOI:10.1145/2508859

General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4 - 8, 2013

Berlin, Germany

Acceptance Rates

CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

109
Total Citations
View Citations
996
Total Downloads

Downloads (Last 12 months)93
Downloads (Last 6 weeks)8

Reflects downloads up to 24 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang MZheng FLin JJiang FMa Y(2024)ZeroShield: Transparently Mitigating Code Page Sharing Attacks With Zero-Cost Stand-ByIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.343506219(7389-7403)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3435062
Kim HHahn CKim HShin YHur J(2024)Deep Learning-Based Detection for Multiple Cache Side-Channel AttacksIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.334008819(1672-1686)Online publication date: 2024
https://doi.org/10.1109/TIFS.2023.3340088
Song WXue ZHan JLi ZLiu P(2024)Randomizing Set-Associative Caches Against Conflict-Based Cache Side-Channel AttacksIEEE Transactions on Computers10.1109/TC.2024.334965973:4(1019-1033)Online publication date: Apr-2024
https://doi.org/10.1109/TC.2024.3349659
Xu KTang MWang QWang H(2024)Exploitation of Security Vulnerability on Retirement2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA57654.2024.00012(1-14)Online publication date: 2-Mar-2024
https://doi.org/10.1109/HPCA57654.2024.00012
Kim SJin HJoo KLee JLee D(2024)DROPSYS: Detection of ROP attacks using system informationComputers & Security10.1016/j.cose.2024.103813(103813)Online publication date: Mar-2024
https://doi.org/10.1016/j.cose.2024.103813
Xing L(2024)Internet of Things support reliabilityReliability and Resilience in the Internet of Things10.1016/B978-0-443-15610-6.00003-7(151-210)Online publication date: 2024
https://doi.org/10.1016/B978-0-443-15610-6.00003-7
Weber DThomas FGerlach LZhang RSchwarz M(2024)Reviving Meltdown 3aComputer Security – ESORICS 202310.1007/978-3-031-51479-1_5(80-99)Online publication date: 12-Jan-2024
https://doi.org/10.1007/978-3-031-51479-1_5
Zhang RKim TWeber DSchwarz MCalandrino JTroncoso C(2023)(M)WAIT for itProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620644(7267-7284)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620644
Xu KTang MWang HGuilley S(2023)Reverse-Engineering and Exploiting the Frontend Bus of Intel ProcessorIEEE Transactions on Computers10.1109/TC.2022.322208372:2(360-373)Online publication date: 1-Feb-2023
https://doi.org/10.1109/TC.2022.3222083
Lang FWang WMeng LLin JWang QLu L(2022)MoLE: Mitigation of Side-channel Attacks against SGX via Dynamic Data Location EscapeProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3568002(978-988)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3568002
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents