• PDF / 1,272,475 Bytes
• 16 Pages / 595.224 x 790.955 pts Page_size
• 90 Downloads / 227 Views

DOWNLOAD

REPORT

Cache-Zoomer: On-demand High-resolution Cache Monitoring for Security Hongyu Fang1

· Sai Santosh Dayapule1 · Fan Yao2 · Milos Doroslovacki1 · Guru Venkataramani1

Received: 23 April 2019 / Accepted: 23 April 2020 © Springer Nature Switzerland AG 2020

Abstract Information leakage through timing channels is an increasing threat in most computer systems. Among various hardware components, the CPU caches expose the largest attack surface for timing channels since they are usually shared among multiple processor cores. Recently, cache-based covert timing channels have been exploited by well-known attacks, such as Meltdown, for information leakage. Prior works have explored use of existing hardware performance counters linked to caches in order to detect covert channels. Unfortunately, current hardware performance counters only capture a single cachewide statistic relating to the activities of an entire cache. As a result, such coarse-grained cache monitoring is very unlikely to capture the adversaries that typically work with limited subsets of cache blocks. To solve the resolution problem in existing cache hardware performance counters, we propose Cache-Zoomer, a framework that provides on-demand high-resolution cache monitoring. Cache-Zoomer uses a small set of configuration registers for on-demand monitoring of specific regions in the cache. At runtime, Cache-Zoomer dynamically selects the cache sub-areas with high frequency of miss patterns for improved monitoring. We demonstrate the efficiency of Cache-Zoomer on various types of cache timing channel attacks with different bandwidths. Our results show that Cache-Zoomer is able to swiftly detect all the cache timing channels studied, while incurring negligible (< 1%) area and power overheads. Our proposed Cache-Zoomer is versatile and can be adapted to other applications such as performance analysis as well. Keywords Hardware security · Cache · Cache timing channel · Covert/Side channel

1 Introduction As the cloud platforms become prevalent, computer users tend to deploy their data and applications remotely to reduce infrastructure cost and boost performance. In such settings, multiple processes from various (potentially untrusted) users run together on the same physical machine. To reduce the security issues of unwarranted information leakage between processes, Operating Systems guarantee isolation of data and address spaces across applications. However, recent studies have shown that microarchitectural covert and side channels are still possible threats to information  Hongyu Fang

hongyufang [email protected] Fan Yao [email protected] 1

George Washington University, Washington, DC, USA

2

University of Central Florida, Orlando, FL, USA

security as long as the processes from different users have access to the same hardware [10]. As an example, the nowinfamous Meltdown attack exploits covert timing channels to exfiltrate sensitive information [31]. Among many microarchitecture resources, caches provide one of the largest attack surfaces for hardware covert and side ch

Recommend Documents

CHASM: Security Evaluation of Cache Mapping Schemes

166 45 30MB

Filter cache: filtering useless cache blocks for a small but efficient shared last-level cache

126 7 3MB

Processor Cache

177 88 2MB

Page Cache

228 46 2MB

Cache Performance

183 37 2MB

L3 Cache

194 93 2MB

Aggregate Cache

220 21 15MB

L1 Cache

249 12 2MB

Towards an Extensible Security Monitoring Architecture for Vehicular Networks

300 49 29MB

Instruction Cache

177 106 2MB

L2 Cache

177 101 2MB

Data Cache

234 40 2MB