Towards a Better Indicator for Cache Timing Channels

Recent studies highlighting the vulnerability of computer architecture to information leakage attacks have been a cause of significant concern. Among the various classes of microarchitectural attacks, cache timing channels are especially worrisome since they have the potential to compromise users' private data at high bit rates. Prior works have demonstrated the use of cache miss patterns to detect these attacks. We find that cache miss traces can be easily spoofed and thus they may not be able to identify smarter adversaries. In this work, we show that \emph{cache occupancy}, which records the number of cache blocks owned by a specific process, can be leveraged as a stronger indicator for the presence of cache timing channels. We observe that the modulation of cache access latency in timing channels can be recognized through analyzing pairwise cache occupancy patterns. Our experimental results show that cache occupancy patterns cannot be easily obfuscated even by advanced adversaries that successfully evade cache miss-based detection.

[1]  H. Howie Huang,et al.  Exploring Dynamic Redundancy to Resuscitate Faulty PCM Blocks , 2014, JETC.

[2]  Guru Venkataramani,et al.  Tradeoffs in fine-grained heap memory protection , 2006, ASID '06.

[3]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[4]  Mathias Payer,et al.  HexPADS: A Platform to Detect "Stealth" Attacks , 2016, ESSoS.

[5]  Guru Venkataramani,et al.  DeFT: Design space exploration for on-the-fly detection of coherence misses , 2011, TACO.

[6]  Guru Venkataramani,et al.  CC-Hunter: Uncovering Covert Timing Channels on Shared Processor Hardware , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.

[7]  Andrew Ferraiuolo,et al.  SecDCP: Secure dynamic cache partitioning for efficient timing channel protection , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[8]  Guru Venkataramani,et al.  LIME: a framework for debugging load imbalance in multi-threaded execution , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[9]  Yongbo Li,et al.  SIMBER: Eliminating Redundant Memory Bound Checks via Statistical Inference , 2017, SEC.

[10]  Milos Doroslovacki,et al.  Covert Timing Channels Exploiting Non-Uniform Memory Access based Architectures , 2017, ACM Great Lakes Symposium on VLSI.

[11]  Marco Chiappetta,et al.  Real time detection of cache-based side-channel attacks using hardware performance counters , 2016, Appl. Soft Comput..

[12]  H. Howie Huang,et al.  RePRAM: Re-cycling PRAM faulty blocks for extended lifetime , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[13]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[14]  John L. Henning SPEC CPU2006 benchmark descriptions , 2006, CARN.

[15]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[16]  Fan Yao,et al.  Covert Timing Channels Exploiting Cache Coherence Hardware: Characterization and Defense , 2018, International Journal of Parallel Programming.

[17]  Yongbo Li,et al.  SARRE: Semantics-Aware Rule Recommendation and Enforcement for Event Paths on Android , 2016, IEEE Transactions on Information Forensics and Security.

[18]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[19]  Salvatore J. Stolfo,et al.  On the feasibility of online malware detection with performance counters , 2013, ISCA.

[20]  Srinivas Devadas,et al.  DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[21]  Zhenyu Wu,et al.  Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud , 2012, USENIX Security Symposium.

[22]  Milos Doroslovacki,et al.  Detecting Hardware Covert Timing Channels , 2016, IEEE Micro.

[23]  Milos Doroslovacki,et al.  DFS covert channels on multi-core platforms , 2017, 2017 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC).

[24]  Josep Torrellas,et al.  ReplayConfusion: Detecting cache-based covert channel attacks using record and replay , 2016, 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[25]  Yongbo Li,et al.  StatSym: Vulnerable Path Discovery through Statistics-Guided Symbolic Execution , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[26]  Milos Doroslovacki,et al.  Are Coherence Protocol States Vulnerable to Information Leakage? , 2018, 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[27]  Milos Doroslovacki,et al.  Prefetch-guard: Leveraging hardware prefetches to defend against cache timing channels , 2018, 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[28]  Somayeh Sardashti,et al.  The gem5 simulator , 2011, CARN.