research-article

SecurityCloak: : Protection against cache timing and speculative memory access attacks

Authors:

Fernando Mosquera,

Ashen Ekanayake,

Lizy JohnAuthors Info & Claims

Volume 150, Issue C

https://doi.org/10.1016/j.sysarc.2024.103107

Published: 09 July 2024 Publication History

Abstract

Microarchitectural innovations such as deep cache hierarchies, out-of-order execution, branch prediction and speculative execution in modern processors have made possible to meet ever-increasing demands for performance. However, these innovations have inadvertently introduced vulnerabilities that are exploited by cache-side channel attacks such as Flush & Reload, Prime & Probe, Evict & Time, and attacks such as Spectre and Meltdown that exploit speculative executions. These attacks can potentially leak information which should be secured.

Mitigating the attacks while preserving the performance of out-of-order execution has been a challenge. Previous hardware mitigation techniques against cache timing or side-channel attacks include complex cache indexing mechanisms, encrypting addresses, partitioning cache memories, assigning specific ways of a set for each process, or obfuscating cache accesses by using ghost threads. Previous techniques for preventing or at least mitigating attacks based on speculative executions include hiding speculative data accesses using separate buffers or caches, or undoing the effects of speculation throughout program execution. Most techniques address either attacks that exploit speculation such as Spectre or cache side-channel attacks but not both. In many cases, changes to the microarchitecture with additional hardware are needed to implement the security protection. In some cases the mitigations cause performance penalties. In contrast we present very simple designs aimed at preventing both timing based cache side-channel attacks and Spectre style attacks based on speculative executions. Our approach combines obfuscation of cache timing making it more difficult for side-channel attacks to succeed and delaying speculative data accesses that miss in cache until the speculation is resolved. We will show that these approaches prevent both timing attacks such as Flush & Reload, Prime & Probe, Evict & Time as well as speculative attacks such as Spectre. Our technique requires very minimal changes to hardware.

References

[1]

Bernstein D.J., Cache-timing attacks on AES, 2005.

[2]

Lawson N., Side-channel attacks on cryptographic software, IEEE Secur. Priv. 7 (6) (2009) 65–68.

Digital Library

[3]

Osvik D.A., Shamir A., Tromer E., Cache attacks and countermeasures: the case of AES, in: Cryptographers’ Track At the RSA Conference, Springer, 2006, pp. 1–20.

[4]

Liu F., Yarom Y., Ge Q., Heiser G., Lee R.B., Last-level cache side-channel attacks are practical, in: 2015 IEEE Symposium on Security and Privacy, IEEE, 2015, pp. 605–622.

[5]

Y. Yarom, K. Falkner, FLUSH+ RELOAD: A high resolution, low noise, L3 cache side-channel attack, in: 23rd {USENIX} Security Symposium ({USENIX} Security 14), 2014, pp. 719–732.

[6]

Hennessy J.L., Patterson D.A., Computer Architecture: A Quantitative Approach, Elsevier, 2011.

Digital Library

[7]

Cook K., Kernel address space layout randomization, in: Linux Security Summit, 2013.

[8]

Lipp M., Schwarz M., Gruss D., Prescher T., Haas W., Mangard S., Kocher P., Genkin D., Yarom Y., Hamburg M., Meltdown, 2018, arXiv preprint arXiv:1801.01207.

[9]

Kocher P., Horn J., Fogh A., Genkin D., Gruss D., Haas W., Hamburg M., Lipp M., Mangard S., Prescher T., et al., Spectre attacks: Exploiting speculative execution, in: 2019 IEEE Symposium on Security and Privacy, SP, IEEE, 2019, pp. 1–19.

[10]

Meyer D.T., Bolosky W.J., A study of practical deduplication, ACM Trans. Storage (ToS) 7 (4) (2012) 1–20.

[11]

Kiriansky V., Lebedev I., Amarasinghe S., Devadas S., Emer J., DAWG: A defense against cache timing attacks in speculative execution processors, in: 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture, MICRO, IEEE, 2018, pp. 974–987.

[12]

Z. He, R.B. Lee, How secure is your cache against side-channel attacks?, in: Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture, 2017, pp. 341–353.

[13]

Spreitzer R., Moonsamy V., Korak T., Mangard S., Systematic classification of side-channel attacks: A case study for mobile devices, IEEE Commun. Surv. Tutor. 20 (1) (2017) 465–488.

[14]

Z. Wang, R.B. Lee, New cache designs for thwarting software cache-based side channel attacks, in: Proceedings of the 34th Annual International Symposium on Computer Architecture, 2007, pp. 494–505.

[15]

M. Werner, T. Unterluggauer, L. Giner, M. Schwarz, D. Gruss, S. Mangard, Scattercache: Thwarting cache attacks via cache set randomization, in: 28th {USENIX} Security Symposium ({USENIX} Security 19), 2019, pp. 675–692.

[16]

M. Yan, J. Choi, D. Skarlatos, A. Morrison, C.W. Fletcher, J. Torrellas, Invisispec: Making speculative execution invisible in the cache hierarchy (corrigendum), in: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture, 2019, pp. 1076–1076.

[17]

G. Saileshwar, M.K. Qureshi, Cleanupspec: An“ undo” approach to safe speculation, in: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture, 2019, pp. 73–86.

[18]

Sakalis C., Kaxiras S., Ros A., Jimborean A., Själander M., Efficient invisible speculative execution through selective delay and value prediction, in: 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture, ISCA, IEEE, 2019, pp. 723–735.

[19]

M. Behnia, P. Sahu, R. Paccagnella, J. Yu, Z.N. Zhao, X. Zou, T. Unterluggauer, J. Torrellas, C. Rozas, A. Morrison, et al., Speculative interference attacks: Breaking invisible speculation schemes, in: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 2021, pp. 1046–1060.

[20]

S. Ainsworth, GhostMinion: A Strictness-Ordered Cache System for Spectre Mitigation, in: MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture, 2021, pp. 592–606.

[21]

Jouppi N.P., Improving direct-mapped cache performance by the addition of a small fully-associative cache and prefetch buffers, SIGARCH Comput. Archit. News 18 (2SI) (1990) 364–373. [Online]. Available: https://doi.org/10.1145/325096.325162.

[22]

D. Gruss, R. Spreitzer, S. Mangard, Cache template attacks: Automating attacks on inclusive last-level caches, in: 24th {USENIX} Security Symposium ({USENIX} Security 15), 2015, pp. 897–912.

[23]

Gruss D., Maurice C., Wagner K., Mangard S., Flush+ Flush: a fast and stealthy cache attack, in: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, 2016, pp. 279–299.

[24]

Mcilroy R., Sevcik J., Tebbi T., Titzer B.L., Verwaest T., Spectre is here to stay: An analysis of side-channels and speculative execution, 2019, arXiv preprint arXiv:1902.05178.

[25]

He Z., Hu G., Lee R., New models for understanding and reasoning about speculative execution attacks, in: 2021 IEEE International Symposium on High-Performance Computer Architecture, HPCA, IEEE, 2021, pp. 40–53.

[26]

C. Pierce, M. Spisak, K. Fitch, Capturing 0day exploits with perfectly placed hardware traps, in: Proc. BlackHat Conf, Vol. 7, 2016.

[27]

Wang H., Sayadi H., Rafatirad S., Sasan A., Homayoun H., Scarf: Detecting side-channel attacks at real-time using low-level hardware features, in: 2020 IEEE 26th International Symposium on on-Line Testing and Robust System Design, IOLTS, IEEE, 2020, pp. 1–6.

[28]

Li C., Gaudiot J.-L., Online detection of spectre attacks using microarchitectural traces from performance counters, in: 2018 30th International Symposium on Computer Architecture and High Performance Computing, SBAC-PAD, IEEE, 2018, pp. 25–28.

[29]

Binkert N., Beckmann B., Black G., Reinhardt S.K., Saidi A., Basu A., Hestness J., Hower D.R., Krishna T., Sardashti S., Sen R., Sewell K., Shoaib M., Vaish N., Hill M.D., Wood D.A., The Gem5 simulator, SIGARCH Comput. Archit. News 39 (2) (2011) 1–7. [Online]. Available: https://doi.org/10.1145/2024716.2024718.

Digital Library

[30]

Kim S., Mahmud F., Huang J., Majumder P., Christou N., Muzahid A., Tsai C.-C., Kim E.J., Revice: Reusing victim cache to prevent speculative cache leakage, in: 2020 IEEE Secure Development, SecDev, IEEE, 2020, pp. 96–107.

[31]

Bell G.B., Lipasti M.H., Deconstructing commit, in: Proceedings of the 2004 IEEE International Symposium on Performance Analysis of Systems and Software, ISPASS ’04, IEEE Computer Society, USA, 2004, pp. 68–77.

[32]

Saileshwar G., Fletcher C.W., Qureshi M., Streamline: A fast, flushless cache covert-channel attack by enabling asynchronous collusion, in: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, in: ASPLOS 2021, Association for Computing Machinery, New York, NY, USA, 2021, pp. 1077–1090. [Online]. Available: https://doi.org/10.1145/3445814.3446742.

[33]

So K., Rechtschaffen R., Cache operations by MRU change, IEEE Trans. Comput. 37 (6) (1988) 700–709.

[34]

J. Kong, O. Aciicmez, J.-P. Seifert, H. Zhou, Deconstructing new cache designs for thwarting software cache-based side channel attacks, in: Proceedings of the 2nd ACM Workshop on Computer Security Architectures, 2008, pp. 25–34.

[35]

Liu F., Wu H., Mai K., Lee R.B., Newcache: Secure cache architecture thwarting cache side-channel attacks, IEEE Micro. 36 (5) (2016) 8–16.

Digital Library

[36]

Mosquera F., Gulur N., Kavi K., Mehta G., Sun H., CHASM: Security evaluation of cache mapping schemes, in: International Conference on Embedded Computer Systems, Springer, 2020, pp. 245–261.

[37]

Qureshi M.K., CEASER: Mitigating conflict-based cache attacks via encrypted-address and remapping, in: 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture, MICRO, IEEE, 2018, pp. 775–787.

[38]

R. Brotzman, D. Zhang, M. Kandemir, G. Tan, Ghost Thread: Effective User-Space Cache Side Channel Protection, in: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, 2021, pp. 233–244.

[39]

Abu-Ghazaleh N., Ponomarev D., Evtyushkin D., How the spectre and meltdown hacks really worked, IEEE Spectr. 56 (3) (2019) 42–49.

Digital Library

[40]

Löw M., Overview of meltdown and spectre patches and their impacts, Adv. Microkernel Oper. Syst. (2018) 53.

[41]

J. Fustos, M. Bechtel, H. Yun, SpectreRewind: Leaking secrets to past instructions, in: Proceedings of the 4th ACM Workshop on Attacks and Solutions in Hardware Security, 2020, pp. 117–126.

[42]

Kadir M.F.A., Wong J.K., Ab Wahab F., Bharun A.F.A.A., Mohamed M.A., Zakaria A.H., Retpoline technique for mitigating spectre attack, in: 2019 6th International Conference on Electrical and Electronics Engineering, ICEEE, IEEE, 2019, pp. 96–101.

[43]

N. Amit, F. Jacobs, M. Wei, Jumpswitches: restoring the performance of indirect branches in the era of spectre, in: Proceedings of the 2019 USENIX Conference on Usenix Annual Technical Conference, 2019, pp. 285–299.

[44]

Li P., Zhao L., Hou R., Zhang L., Meng D., Conditional speculation: An effective approach to safeguard out-of-order execution against spectre attacks, in: 2019 IEEE International Symposium on High Performance Computer Architecture, HPCA, IEEE, 2019, pp. 264–276.

[45]

J. Fustos, F. Farshchi, H. Yun, Spectreguard: An efficient data-centric defense mechanism against spectre attacks, in: Proceedings of the 56th Annual Design Automation Conference 2019, 2019, pp. 1–6.

[46]

Ahmad R., Afzal M.Z., Rashid S.F., Liwicki M., Breuel T., Dengel A., Kpti: Katib’s pashto text imagebase and deep learning benchmark, in: 2016 15th International Conference on Frontiers in Handwriting Recognition, ICFHR, IEEE, 2016, pp. 453–458.

Recommendations

Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization
ASPLOS '19: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems

This paper describes context-sensitive fencing (CSF), a microcode-level defense against multiple variants of Spectre. CSF leverages the ability to dynamically alter the decoding of the instruction stream, to seamlessly inject new micro-ops, including ...
MuonTrap: preventing cross-domain spectre-like attacks by capturing speculative state
ISCA '20: Proceedings of the ACM/IEEE 47th Annual International Symposium on Computer Architecture

The disclosure of the Spectre speculative-execution attacks in January 2018 has left a severe vulnerability that systems are still struggling with how to patch. The solutions that currently exist tend to have incomplete coverage, perform badly, or have ...
Selective Victim Caching: A Method to Improve the Performance of Direct-Mapped Caches

Although direct-mapped caches suffer from higher miss ratios as compared to set-associative caches, they are attractive for today's high-speed pipelined processors that require very low access times. Victim caching was proposed by Jouppi [1] as an ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Journal of Systems Architecture: the EUROMICRO Journal

Journal of Systems Architecture: the EUROMICRO Journal Volume 150, Issue C

May 2024

261 pages

Issue’s Table of Contents

Elsevier B.V.

Publisher

Elsevier North-Holland, Inc.

United States

Publication History

Published: 09 July 2024

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents