Cache-Zoomer: On-demand High-resolution Cache Monitoring for Security
- PDF / 1,272,475 Bytes
- 16 Pages / 595.224 x 790.955 pts Page_size
- 90 Downloads / 227 Views
Cache-Zoomer: On-demand High-resolution Cache Monitoring for Security Hongyu Fang1
· Sai Santosh Dayapule1 · Fan Yao2 · Milos Doroslovacki1 · Guru Venkataramani1
Received: 23 April 2019 / Accepted: 23 April 2020 © Springer Nature Switzerland AG 2020
Abstract Information leakage through timing channels is an increasing threat in most computer systems. Among various hardware components, the CPU caches expose the largest attack surface for timing channels since they are usually shared among multiple processor cores. Recently, cache-based covert timing channels have been exploited by well-known attacks, such as Meltdown, for information leakage. Prior works have explored use of existing hardware performance counters linked to caches in order to detect covert channels. Unfortunately, current hardware performance counters only capture a single cachewide statistic relating to the activities of an entire cache. As a result, such coarse-grained cache monitoring is very unlikely to capture the adversaries that typically work with limited subsets of cache blocks. To solve the resolution problem in existing cache hardware performance counters, we propose Cache-Zoomer, a framework that provides on-demand high-resolution cache monitoring. Cache-Zoomer uses a small set of configuration registers for on-demand monitoring of specific regions in the cache. At runtime, Cache-Zoomer dynamically selects the cache sub-areas with high frequency of miss patterns for improved monitoring. We demonstrate the efficiency of Cache-Zoomer on various types of cache timing channel attacks with different bandwidths. Our results show that Cache-Zoomer is able to swiftly detect all the cache timing channels studied, while incurring negligible (< 1%) area and power overheads. Our proposed Cache-Zoomer is versatile and can be adapted to other applications such as performance analysis as well. Keywords Hardware security · Cache · Cache timing channel · Covert/Side channel
1 Introduction As the cloud platforms become prevalent, computer users tend to deploy their data and applications remotely to reduce infrastructure cost and boost performance. In such settings, multiple processes from various (potentially untrusted) users run together on the same physical machine. To reduce the security issues of unwarranted information leakage between processes, Operating Systems guarantee isolation of data and address spaces across applications. However, recent studies have shown that microarchitectural covert and side channels are still possible threats to information Hongyu Fang
hongyufang [email protected] Fan Yao [email protected] 1
George Washington University, Washington, DC, USA
2
University of Central Florida, Orlando, FL, USA
security as long as the processes from different users have access to the same hardware [10]. As an example, the nowinfamous Meltdown attack exploits covert timing channels to exfiltrate sensitive information [31]. Among many microarchitecture resources, caches provide one of the largest attack surfaces for hardware covert and side ch
Data Loading...